From bc30e45d3c923cd752c3f241e1277e492a727ff7 Mon Sep 17 00:00:00 2001 From: "Scott R. Shinn" Date: Sat, 21 Aug 2021 17:21:57 -0400 Subject: [PATCH 1/2] Updating for 0.1.54 support Signed-off-by: Scott R. Shinn --- .../0001-Add-Rocky-Linux-content.patch | 27087 --------------- ...security-guide-0.1.54-rocky8-support.patch | 27241 ++++++++++++++++ ...sudoers_explicit_command_args-PR_6525.diff | 196 + package/0.1.54/SPEC/scap-security-guide.spec | 9 +- 4 files changed, 27443 insertions(+), 27090 deletions(-) delete mode 100644 package/0.1.54/SOURCES/0001-Add-Rocky-Linux-content.patch create mode 100644 package/0.1.54/SOURCES/0001-scap-security-guide-0.1.54-rocky8-support.patch create mode 100644 package/0.1.54/SOURCES/scap-security-guide-0.1.55-add_sudoers_explicit_command_args-PR_6525.diff diff --git a/package/0.1.54/SOURCES/0001-Add-Rocky-Linux-content.patch b/package/0.1.54/SOURCES/0001-Add-Rocky-Linux-content.patch deleted file mode 100644 index 791cd85b..00000000 --- a/package/0.1.54/SOURCES/0001-Add-Rocky-Linux-content.patch +++ /dev/null @@ -1,27087 +0,0 @@ -From 79b5270fbb648ec6c271a4a0756f55d562a9567f Mon Sep 17 00:00:00 2001 -From: Mustafa Gezen -Date: Sat, 19 Jun 2021 22:06:32 +0200 -Subject: [PATCH] Add Rocky Linux content - ---- - .gitignore | 1 + - CMakeLists.txt | 6 + - CMakeLists.txt.orig | 466 ++++++ - build_product | 1 + - build_product.orig | 350 +++++ - .../avahi_check_ttl/rule.yml | 2 +- - .../avahi_ip_only/rule.yml | 2 +- - .../avahi_prevent_port_sharing/rule.yml | 2 +- - .../rule.yml | 2 +- - .../service_avahi-daemon_disabled/rule.yml | 2 +- - .../base/package_abrt_removed/rule.yml | 2 +- - .../base/package_psacct_installed/rule.yml | 2 +- - .../base/service_abrtd_disabled/rule.yml | 2 +- - .../base/service_acpid_disabled/rule.yml | 2 +- - .../base/service_certmonger_disabled/rule.yml | 2 +- - .../base/service_cockpit_disabled/rule.yml | 2 +- - .../base/service_cpupower_disabled/rule.yml | 2 +- - .../anaconda/shared.anaconda | 2 +- - .../base/service_kdump_disabled/rule.yml | 2 +- - .../base/service_mdmonitor_disabled/rule.yml | 2 +- - .../base/service_netconsole_disabled/rule.yml | 2 +- - .../base/service_ntpdate_disabled/rule.yml | 2 +- - .../base/service_oddjobd_disabled/rule.yml | 2 +- - .../service_portreserve_disabled/rule.yml | 2 +- - .../base/service_psacct_enabled/rule.yml | 2 +- - .../base/service_qpidd_disabled/rule.yml | 2 +- - .../base/service_quota_nld_disabled/rule.yml | 2 +- - .../base/service_rdisc_disabled/rule.yml | 2 +- - .../base/service_rhnsd_disabled/rule.yml | 2 +- - .../base/service_rhsmcertd_disabled/rule.yml | 2 +- - .../base/service_saslauthd_disabled/rule.yml | 2 +- - .../base/service_sysstat_disabled/rule.yml | 2 +- - .../cron_and_at/disable_anacron/rule.yml | 2 +- - .../file_groupowner_cron_d/rule.yml | 2 +- - .../file_groupowner_cron_daily/rule.yml | 2 +- - .../file_groupowner_cron_hourly/rule.yml | 2 +- - .../file_groupowner_cron_monthly/rule.yml | 2 +- - .../file_groupowner_cron_weekly/rule.yml | 2 +- - .../file_groupowner_crontab/rule.yml | 2 +- - .../cron_and_at/file_owner_cron_d/rule.yml | 2 +- - .../file_owner_cron_daily/rule.yml | 2 +- - .../file_owner_cron_hourly/rule.yml | 2 +- - .../file_owner_cron_monthly/rule.yml | 2 +- - .../file_owner_cron_weekly/rule.yml | 2 +- - .../cron_and_at/file_owner_crontab/rule.yml | 2 +- - .../file_permissions_cron_d/rule.yml | 2 +- - .../file_permissions_cron_daily/rule.yml | 2 +- - .../file_permissions_cron_hourly/rule.yml | 2 +- - .../file_permissions_cron_monthly/rule.yml | 2 +- - .../file_permissions_cron_weekly/rule.yml | 2 +- - .../file_permissions_crontab/rule.yml | 2 +- - .../file_groupowner_cron_allow/rule.yml | 2 +- - .../file_owner_cron_allow/rule.yml | 2 +- - .../cron_and_at/service_atd_disabled/rule.yml | 2 +- - .../service_crond_enabled/rule.yml | 2 +- - .../dhcp_server_configure_logging/rule.yml | 2 +- - .../dhcp_server_deny_bootp/rule.yml | 2 +- - .../dhcp_server_deny_decline/rule.yml | 2 +- - .../dhcp_server_disable_ddns/rule.yml | 2 +- - .../rule.yml | 2 +- - .../package_dhcp_removed/rule.yml | 2 +- - .../service_dhcpd_disabled/rule.yml | 2 +- - .../package_bind_removed/rule.yml | 2 +- - .../service_named_disabled/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../docker/docker_selinux_enabled/rule.yml | 2 +- - .../package_fapolicyd_installed/rule.yml | 2 +- - .../service_fapolicyd_enabled/rule.yml | 2 +- - .../package_vsftpd_removed/rule.yml | 2 +- - .../service_vsftpd_disabled/rule.yml | 2 +- - .../ftp_disable_uploads/rule.yml | 2 +- - .../ftp_home_partition/rule.yml | 2 +- - .../ftp_log_transactions/rule.yml | 2 +- - .../ftp_present_banner/rule.yml | 2 +- - .../ftp_restrict_to_anon/rule.yml | 2 +- - .../package_vsftpd_installed/rule.yml | 2 +- - .../package_httpd_removed/rule.yml | 2 +- - .../service_httpd_disabled/rule.yml | 2 +- - .../httpd_configure_log_format/rule.yml | 2 +- - .../rule.yml | 2 +- - .../httpd_antivirus_scan_uploads/rule.yml | 2 +- - .../httpd_configure_firewall/rule.yml | 2 +- - .../rule.yml | 2 +- - .../dir_perms_etc_httpd_conf/rule.yml | 2 +- - .../dir_perms_var_log_httpd/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../httpd_configure_perl_taint/rule.yml | 2 +- - .../httpd_anonymous_content_sharing/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../httpd_ignore_htaccess_files/rule.yml | 2 +- - .../httpd_limit_available_methods/rule.yml | 2 +- - .../rule.yml | 2 +- - .../httpd_restrict_root_directory/rule.yml | 2 +- - .../httpd_restrict_web_directory/rule.yml | 2 +- - .../httpd_disable_mime_types/rule.yml | 2 +- - .../httpd_enable_error_logging/rule.yml | 2 +- - .../httpd_enable_loglevel/rule.yml | 2 +- - .../httpd_enable_system_logging/rule.yml | 2 +- - .../httpd_entrust_passwords/rule.yml | 2 +- - .../httpd_cache_support/rule.yml | 2 +- - .../httpd_cgi_support/rule.yml | 2 +- - .../httpd_digest_authentication/rule.yml | 2 +- - .../httpd_enable_log_config/rule.yml | 2 +- - .../httpd_ldap_support/rule.yml | 2 +- - .../httpd_mime_magic/rule.yml | 2 +- - .../httpd_mod_rewrite/rule.yml | 2 +- - .../httpd_proxy_support/rule.yml | 2 +- - .../httpd_server_activity_status/rule.yml | 2 +- - .../rule.yml | 2 +- - .../httpd_server_side_includes/rule.yml | 2 +- - .../httpd_url_correction/rule.yml | 2 +- - .../httpd_core_modules/httpd_webdav/rule.yml | 2 +- - .../httpd_install_mod_security/rule.yml | 2 +- - .../httpd_configure_tls/rule.yml | 2 +- - .../rule.yml | 2 +- - .../httpd_install_mod_ssl/rule.yml | 2 +- - .../httpd_require_client_certs/rule.yml | 2 +- - .../httpd_nipr_accredited_dmz/rule.yml | 2 +- - .../httpd_no_compilers_in_prod/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../httpd_remove_backups/rule.yml | 2 +- - .../httpd_serversignature_off/rule.yml | 2 +- - .../httpd_servertokens_prod/rule.yml | 2 +- - .../httpd_configure_banner_page/rule.yml | 2 +- - .../httpd_configure_documentroot/rule.yml | 2 +- - .../httpd_disable_content_symlinks/rule.yml | 2 +- - .../httpd_encrypt_file_uploads/rule.yml | 2 +- - .../httpd_limit_java_files/rule.yml | 2 +- - .../httpd_remove_robots_file/rule.yml | 2 +- - .../partition_for_web_content/rule.yml | 2 +- - .../dovecot_configure_ssl_cert/rule.yml | 2 +- - .../dovecot_configure_ssl_key/rule.yml | 2 +- - .../dovecot_disable_plaintext_auth/rule.yml | 2 +- - .../dovecot_enable_ssl/rule.yml | 2 +- - .../package_dovecot_removed/rule.yml | 2 +- - .../service_dovecot_disabled/rule.yml | 2 +- - .../package_krb5-server_removed/rule.yml | 2 +- - .../package_389-ds-base_removed/rule.yml | 2 +- - .../enable_ldap_client/rule.yml | 2 +- - .../ldap_client_start_tls/bash/shared.sh | 2 +- - .../ldap_client_start_tls/rule.yml | 2 +- - .../ldap_client_tls_cacertpath/rule.yml | 2 +- - .../package_openldap-clients_removed/rule.yml | 2 +- - .../package_openldap-servers_removed/rule.yml | 2 +- - .../mail/package_sendmail_removed/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../postfix_server_banner/rule.yml | 2 +- - .../rule.yml | 2 +- - .../mail/service_postfix_enabled/rule.yml | 2 +- - .../service_nfslock_disabled/rule.yml | 2 +- - .../service_rpcbind_disabled/rule.yml | 2 +- - .../service_rpcgssd_disabled/rule.yml | 2 +- - .../service_rpcidmapd_disabled/rule.yml | 2 +- - .../nfs_fixed_lockd_tcp_port/rule.yml | 2 +- - .../nfs_fixed_lockd_udp_port/rule.yml | 2 +- - .../nfs_fixed_mountd_port/rule.yml | 2 +- - .../nfs_fixed_statd_port/rule.yml | 2 +- - .../disabling_nfsd/nfs_no_anonymous/rule.yml | 2 +- - .../service_nfs_disabled/rule.yml | 2 +- - .../service_rpcsvcgssd_disabled/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../no_insecure_locks_exports/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../use_root_squashing_all_exports/rule.yml | 2 +- - .../package_nfs-utils_removed/rule.yml | 2 +- - .../ntp/chronyd_client_only/bash/shared.sh | 2 +- - .../chronyd_client_only/kubernetes/shared.yml | 2 +- - .../services/ntp/chronyd_client_only/rule.yml | 2 +- - .../chronyd_no_chronyc_network/bash/shared.sh | 2 +- - .../kubernetes/shared.yml | 2 +- - .../ntp/chronyd_no_chronyc_network/rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ntp/chronyd_or_ntpd_set_maxpoll/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../ntp/chronyd_run_as_chrony_user/rule.yml | 2 +- - .../service_chronyd_or_ntpd_enabled/rule.yml | 2 +- - .../package_xinetd_removed/rule.yml | 2 +- - .../service_xinetd_disabled/rule.yml | 2 +- - .../nis/package_ypbind_removed/rule.yml | 2 +- - .../nis/package_ypserv_removed/rule.yml | 2 +- - .../nis/service_ypbind_disabled/rule.yml | 2 +- - .../no_host_based_files/bash/shared.sh | 2 +- - .../r_services/no_host_based_files/rule.yml | 2 +- - .../no_rsh_trust_files/ansible/shared.yml | 2 +- - .../no_rsh_trust_files/bash/shared.sh | 2 +- - .../no_user_host_based_files/bash/shared.sh | 2 +- - .../no_user_host_based_files/rule.yml | 2 +- - .../package_rsh-server_removed/rule.yml | 2 +- - .../r_services/package_rsh_removed/rule.yml | 2 +- - .../service_rexec_disabled/rule.yml | 2 +- - .../service_rlogin_disabled/rule.yml | 2 +- - .../r_services/service_rsh_disabled/rule.yml | 2 +- - .../obsolete/service_rsyncd_disabled/rule.yml | 2 +- - .../talk/package_talk-server_removed/rule.yml | 2 +- - .../talk/package_talk_removed/rule.yml | 2 +- - .../package_telnet-server_removed/rule.yml | 2 +- - .../telnet/package_telnet_removed/rule.yml | 2 +- - .../telnet/service_telnet_disabled/rule.yml | 2 +- - .../tftp/package_tftp-server_removed/rule.yml | 2 +- - .../tftp/package_tftp_removed/rule.yml | 2 +- - .../tftp/service_tftp_disabled/rule.yml | 2 +- - .../tftp/tftpd_uses_secure_mode/rule.yml | 2 +- - .../cups_disable_browsing/rule.yml | 2 +- - .../cups_disable_printserver/rule.yml | 2 +- - .../printing/service_cups_disabled/rule.yml | 2 +- - .../package_squid_removed/rule.yml | 2 +- - .../service_squid_disabled/rule.yml | 2 +- - .../package_freeradius_removed/rule.yml | 2 +- - .../rng/service_rngd_enabled/rule.yml | 2 +- - .../package_quagga_removed/rule.yml | 2 +- - .../service_zebra_disabled/rule.yml | 2 +- - .../mount_option_smb_client_signing/rule.yml | 2 +- - .../package_samba-common_installed/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../require_smb_client_signing/bash/shared.sh | 2 +- - .../require_smb_client_signing/rule.yml | 2 +- - .../smb_server_disable_root/rule.yml | 2 +- - .../package_samba_removed/rule.yml | 2 +- - .../service_smb_disabled/rule.yml | 2 +- - .../package_net-snmp_removed/rule.yml | 2 +- - .../service_snmpd_disabled/rule.yml | 2 +- - .../snmpd_no_rwusers/rule.yml | 2 +- - .../snmpd_not_default_password/rule.yml | 2 +- - .../snmpd_use_newer_protocol/rule.yml | 2 +- - .../ssh/file_groupowner_sshd_config/rule.yml | 2 +- - .../ssh/file_owner_sshd_config/rule.yml | 2 +- - .../ssh/file_permissions_sshd_config/rule.yml | 2 +- - .../ssh/firewalld_sshd_disabled/rule.yml | 2 +- - .../rule.yml | 2 +- - .../package_openssh-server_installed/rule.yml | 2 +- - .../package_openssh-server_removed/rule.yml | 2 +- - .../ssh/service_sshd_enabled/rule.yml | 2 +- - .../oval/shared.xml | 2 +- - .../ssh_client_use_strong_rng_csh/rule.yml | 2 +- - .../tests/file_missing.fail.sh | 2 +- - .../oval/shared.xml | 2 +- - .../ssh_client_use_strong_rng_sh/rule.yml | 2 +- - .../disable_host_auth/kubernetes/shared.yml | 2 +- - .../firewalld_sshd_port_enabled/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../sshd_allow_only_protocol2/bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../sshd_disable_compression/bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../sshd_disable_rhosts_rsa/bash/shared.sh | 2 +- - .../sshd_set_idle_timeout/ansible/shared.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../sshd_set_max_auth_tries/bash/shared.sh | 2 +- - .../sshd_use_approved_ciphers/rule.yml | 2 +- - .../sshd_use_approved_macs/rule.yml | 2 +- - .../tests/good_cipher.pass.sh | 2 +- - .../tests/no_ciphers.fail.sh | 2 +- - .../tests/good_mac.pass.sh | 2 +- - .../tests/no_macs.fail.sh | 2 +- - .../ssh_server/sshd_use_strong_rng/rule.yml | 2 +- - .../tests/bad_config.fail.sh | 2 +- - .../tests/good_config.pass.sh | 2 +- - .../tests/no_config.fail.sh | 2 +- - .../sshd_use_strong_rng/tests/quoted.fail.sh | 2 +- - .../sshd_x11_use_localhost/rule.yml | 2 +- - .../sssd/package_sssd-ipa_installed/rule.yml | 2 +- - .../sssd/package_sssd_installed/rule.yml | 2 +- - .../sssd/service_sssd_enabled/rule.yml | 2 +- - .../sssd_ldap_configure_tls_ca/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../sssd_ldap_configure_tls_ca_dir/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../sssd_ldap_configure_tls_reqcert/rule.yml | 2 +- - .../sssd_ldap_start_tls/ansible/shared.yml | 2 +- - .../sssd_ldap_start_tls/bash/shared.sh | 2 +- - .../sssd-ldap/sssd_ldap_start_tls/rule.yml | 2 +- - .../sssd_enable_pam_services/bash/shared.sh | 2 +- - .../sssd/sssd_enable_pam_services/rule.yml | 2 +- - .../sssd/sssd_enable_smartcards/rule.yml | 2 +- - .../sssd_memcache_timeout/ansible/shared.yml | 2 +- - .../sssd/sssd_memcache_timeout/bash/shared.sh | 2 +- - .../sssd/sssd_memcache_timeout/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../sssd_offline_cred_expiration/rule.yml | 2 +- - .../sssd/sssd_run_as_sssd_user/bash/shared.sh | 2 +- - .../sssd/sssd_run_as_sssd_user/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../sssd_ssh_known_hosts_timeout/rule.yml | 2 +- - .../configure_usbguard_auditbackend/rule.yml | 2 +- - .../package_usbguard_installed/rule.yml | 2 +- - .../service_usbguard_enabled/rule.yml | 2 +- - .../usbguard/usbguard_allow_hid/rule.yml | 2 +- - .../usbguard_allow_hid_and_hub/rule.yml | 2 +- - .../usbguard/usbguard_allow_hub/rule.yml | 2 +- - .../rule.yml | 2 +- - .../xwindows_runlevel_target/rule.yml | 2 +- - .../banner_etc_issue/ansible/shared.yml | 2 +- - .../banner_etc_issue/bash/shared.sh | 2 +- - .../banner_etc_issue/rule.yml | 2 +- - .../banner_etc_motd/ansible/shared.yml | 2 +- - .../banner_etc_motd/bash/shared.sh | 2 +- - .../accounts-banners/banner_etc_motd/rule.yml | 2 +- - .../file_groupowner_etc_issue/rule.yml | 2 +- - .../file_groupowner_etc_motd/rule.yml | 2 +- - .../file_owner_etc_issue/rule.yml | 2 +- - .../file_owner_etc_motd/rule.yml | 2 +- - .../file_permissions_etc_issue/rule.yml | 2 +- - .../file_permissions_etc_motd/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_banner_enabled/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_login_banner_text/rule.yml | 2 +- - .../display_login_attempts/bash/shared.sh | 2 +- - .../enable_pam_namespace/ansible/shared.yml | 2 +- - .../enable_pam_namespace/bash/shared.sh | 2 +- - .../enable_pam_namespace/rule.yml | 2 +- - .../tests/correct.pass.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../accounts_password_pam_dcredit/rule.yml | 2 +- - .../accounts_password_pam_difok/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../accounts_password_pam_lcredit/rule.yml | 2 +- - .../rule.yml | 2 +- - .../accounts_password_pam_maxrepeat/rule.yml | 2 +- - .../accounts_password_pam_minclass/rule.yml | 2 +- - .../accounts_password_pam_minlen/rule.yml | 2 +- - .../accounts_password_pam_ocredit/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../accounts_password_pam_retry/rule.yml | 2 +- - .../accounts_password_pam_ucredit/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../disable_ctrlaltdel_burstaction/rule.yml | 2 +- - .../disable_ctrlaltdel_reboot/bash/shared.sh | 2 +- - .../disable_ctrlaltdel_reboot/rule.yml | 2 +- - .../grub2_disable_interactive_boot/rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../require_emergency_target_auth/rule.yml | 2 +- - .../require_singleuser_auth/bash/shared.sh | 2 +- - .../require_singleuser_auth/rule.yml | 2 +- - .../configure_bashrc_exec_tmux/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../configure_tmux_lock_after_time/rule.yml | 2 +- - .../configure_tmux_lock_command/rule.yml | 2 +- - .../no_tmux_in_shells/kubernetes/shared.yml | 2 +- - .../no_tmux_in_shells/rule.yml | 2 +- - .../package_tmux_installed/rule.yml | 2 +- - .../configure_opensc_card_drivers/rule.yml | 2 +- - .../force_opensc_card_drivers/rule.yml | 2 +- - .../install_smartcard_packages/rule.yml | 2 +- - .../package_opensc_installed/rule.yml | 2 +- - .../package_pcsc-lite_installed/rule.yml | 2 +- - .../service_pcscd_enabled/rule.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../service_debug-shell_disabled/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../account_temp_expire_date/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../no_empty_passwords/ansible/shared.yml | 2 +- - .../no_empty_passwords/bash/shared.sh | 2 +- - .../no_empty_passwords/kubernetes/shared.yml | 2 +- - .../no_legacy_plus_entries_etc_group/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../no_direct_root_logins/ansible/shared.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../root_logins/no_root_webbrowsing/rule.yml | 2 +- - .../no_shelllogin_for_systemaccounts/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../root_logins/root_path_default/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../use_pam_wheel_for_su/ansible/shared.yml | 2 +- - .../use_pam_wheel_for_su/bash/shared.sh | 2 +- - .../root_logins/use_pam_wheel_for_su/rule.yml | 2 +- - .../accounts_have_homedir_login_defs/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../accounts_logon_fail_delay/bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../bash/shared.sh | 2 +- - .../tests/correct.pass.sh | 2 +- - .../tests/directory_doesnt_exist.fail.sh | 2 +- - .../tests/line_not_there.fail.sh | 2 +- - .../tests/wrong_mode.fail.sh | 2 +- - .../accounts_tmout/ansible/shared.yml | 2 +- - .../accounts-session/accounts_tmout/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../accounts_user_dot_user_ownership/rule.yml | 2 +- - .../accounts_user_home_paths_only/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../file_ownership_home_directories/rule.yml | 2 +- - .../file_permission_user_init_files/rule.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../accounts_umask_etc_bashrc/bash/shared.sh | 2 +- - .../accounts_umask_etc_bashrc/rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../accounts_umask_etc_csh_cshrc/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../accounts_umask_interactive_users/rule.yml | 2 +- - .../audit_rules_execution_chcon/rule.yml | 2 +- - .../audit_rules_execution_restorecon/rule.yml | 2 +- - .../audit_rules_execution_semanage/rule.yml | 2 +- - .../audit_rules_execution_setfiles/rule.yml | 2 +- - .../audit_rules_execution_setsebool/rule.yml | 2 +- - .../audit_rules_execution_seunshare/rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../audit_rules_login_events/bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../audit_rules_login_events_lastlog/rule.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../audit_rules_etc_group_open/rule.yml | 2 +- - .../rule.yml | 2 +- - .../audit_rules_etc_group_openat/rule.yml | 2 +- - .../audit_rules_etc_gshadow_open/rule.yml | 2 +- - .../rule.yml | 2 +- - .../audit_rules_etc_gshadow_openat/rule.yml | 2 +- - .../audit_rules_etc_passwd_open/rule.yml | 2 +- - .../rule.yml | 2 +- - .../audit_rules_etc_passwd_openat/rule.yml | 2 +- - .../audit_rules_etc_shadow_open/rule.yml | 2 +- - .../rule.yml | 2 +- - .../audit_rules_etc_shadow_openat/rule.yml | 2 +- - .../audit_rules_immutable/bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../audit_rules_session_events/bash/shared.sh | 2 +- - .../bash/shared.sh | 2 +- - .../audit_rules_system_shutdown/rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../audit_rules_time_adjtimex/bash/shared.sh | 2 +- - .../bash/shared.sh | 2 +- - .../bash/shared.sh | 2 +- - .../audit_rules_time_stime/bash/shared.sh | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../bash/shared.sh | 2 +- - .../file_permissions_var_log_audit/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../auditd_audispd_disk_full_action/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../kubernetes/shared.yml | 2 +- - .../auditd_data_retention_flush/rule.yml | 2 +- - .../tests/flush_data.fail.sh | 2 +- - .../tests/flush_incremental.fail.sh | 2 +- - .../tests/flush_incremental_async.pass.sh | 2 +- - .../tests/flush_none.fail.sh | 2 +- - .../tests/flush_not_there.fail.sh | 2 +- - .../tests/flush_sync.fail.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../auditd_data_retention_space_left/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../auditd_freq/kubernetes/shared.yml | 2 +- - .../auditd_local_events/kubernetes/shared.yml | 2 +- - .../auditd_log_format/kubernetes/shared.yml | 2 +- - .../auditd_name_format/kubernetes/shared.yml | 2 +- - .../auditd_write_logs/kubernetes/shared.yml | 2 +- - .../auditing/grub2_audit_argument/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../audit_access_failed/kubernetes/shared.yml | 2 +- - .../policy_rules/audit_access_failed/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../audit_access_success/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../audit_basic_configuration/rule.yml | 2 +- - .../audit_create_failed/kubernetes/shared.yml | 2 +- - .../policy_rules/audit_create_failed/rule.yml | 2 +- - .../audit_create_success/rule.yml | 2 +- - .../audit_delete_failed/kubernetes/shared.yml | 2 +- - .../policy_rules/audit_delete_failed/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../audit_delete_success/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../audit_immutable_login_uids/rule.yml | 2 +- - .../audit_modify_failed/kubernetes/shared.yml | 2 +- - .../policy_rules/audit_modify_failed/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../audit_modify_success/rule.yml | 2 +- - .../audit_module_load/kubernetes/shared.yml | 2 +- - .../policy_rules/audit_module_load/rule.yml | 2 +- - .../audit_ospp_general/kubernetes/shared.yml | 2 +- - .../policy_rules/audit_ospp_general/rule.yml | 2 +- - .../audit_owner_change_failed/rule.yml | 2 +- - .../audit_owner_change_success/rule.yml | 2 +- - .../audit_perm_change_failed/rule.yml | 2 +- - .../audit_perm_change_success/rule.yml | 2 +- - .../audit_rules_for_ospp/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../grub2_kernel_trust_cpu_rng/rule.yml | 2 +- - .../grub2_pti_argument/rule.yml | 2 +- - .../grub2_vsyscall_argument/rule.yml | 2 +- - .../file_groupowner_grub2_cfg/rule.yml | 2 +- - .../non-uefi/file_owner_grub2_cfg/rule.yml | 2 +- - .../file_permissions_grub2_cfg/rule.yml | 2 +- - .../non-uefi/grub2_admin_username/rule.yml | 2 +- - .../grub2_no_removeable_media/rule.yml | 2 +- - .../non-uefi/grub2_password/rule.yml | 2 +- - .../file_groupowner_efi_grub2_cfg/rule.yml | 2 +- - .../uefi/file_owner_efi_grub2_cfg/rule.yml | 2 +- - .../file_permissions_efi_grub2_cfg/rule.yml | 2 +- - .../uefi/grub2_uefi_admin_username/rule.yml | 2 +- - .../uefi/grub2_uefi_password/rule.yml | 2 +- - .../uefi/uefi_no_removeable_media/rule.yml | 2 +- - .../zipl_audit_argument/rule.yml | 2 +- - .../rule.yml | 2 +- - .../zipl_bls_entries_only/rule.yml | 2 +- - .../zipl_bootmap_is_up_to_date/rule.yml | 2 +- - .../zipl_enable_selinux/rule.yml | 2 +- - .../zipl_page_poison_argument/rule.yml | 2 +- - .../zipl_slub_debug_argument/rule.yml | 2 +- - .../zipl_vsyscall_argument/rule.yml | 2 +- - .../logwatch_configured_hostlimit/rule.yml | 2 +- - .../logwatch_configured_splithosts/rule.yml | 2 +- - .../disable_logwatch_for_logserver/rule.yml | 2 +- - .../rsyslog_cron_logging/bash/shared.sh | 2 +- - .../rsyslog_cron_logging/rule.yml | 2 +- - .../tests/IncludeConfig_is_other.fail.sh | 2 +- - .../tests/IncludeConfig_is_root.pass.sh | 2 +- - .../tests/is_other.fail.sh | 2 +- - .../tests/is_root.pass.sh | 2 +- - .../tests/IncludeConfig_is_other.fail.sh | 2 +- - .../tests/IncludeConfig_is_root.pass.sh | 2 +- - .../tests/is_other.fail.sh | 2 +- - .../tests/is_root.pass.sh | 2 +- - .../rsyslog_files_permissions/bash/shared.sh | 2 +- - .../tests/IncludeConfig_perms_0600.pass.sh | 2 +- - .../tests/IncludeConfig_perms_0601.fail.sh | 2 +- - .../tests/perms_0600.pass.sh | 2 +- - .../tests/perms_0601.fail.sh | 2 +- - .../rsyslog_nolisten/rule.yml | 2 +- - .../rsyslog_remote_loghost/ansible/shared.yml | 2 +- - .../rsyslog_remote_loghost/bash/shared.sh | 2 +- - .../rsyslog_remote_tls/rule.yml | 2 +- - .../rsyslog_remote_tls_cacert/rule.yml | 2 +- - .../package_firewalld_installed/rule.yml | 2 +- - .../service_firewalld_enabled/rule.yml | 2 +- - .../configure_firewalld_ports/rule.yml | 2 +- - .../set_firewalld_default_zone/rule.yml | 2 +- - .../libreswan_approved_tunnels/rule.yml | 2 +- - .../package_libreswan_installed/rule.yml | 2 +- - .../package_iptables_installed/rule.yml | 2 +- - .../network_ipv6_default_gateway/rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../network_ipv6_privacy_extensions/rule.yml | 2 +- - .../network_ipv6_static_address/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../grub2_ipv6_disable_argument/rule.yml | 2 +- - .../network_ipv6_disable_interfaces/rule.yml | 2 +- - .../network_ipv6_disable_rpc/bash/shared.sh | 2 +- - .../network_ipv6_disable_rpc/rule.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sysctl_net_ipv4_tcp_rfc1337/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../sysctl_net_ipv4_ip_forward/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_atm_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_can_disabled/rule.yml | 2 +- - .../kernel_module_dccp_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_sctp_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_bluetooth_disabled/rule.yml | 2 +- - .../service_bluetooth_disabled/rule.yml | 2 +- - .../wireless_disable_in_bios/rule.yml | 2 +- - .../wireless_disable_interfaces/rule.yml | 2 +- - .../rule.yml | 2 +- - .../network_disable_ddns_interfaces/rule.yml | 2 +- - .../network/network_disable_zeroconf/rule.yml | 2 +- - .../network_nmcli_permissions/rule.yml | 2 +- - .../network/network_sniffer_disabled/rule.yml | 2 +- - .../rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../file_permissions_ungroupowned/rule.yml | 2 +- - .../files/no_files_unowned_by_user/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../file_ownership_binary_dirs/bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ansible/shared.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../mounting/bios_assign_password/rule.yml | 2 +- - .../mounting/bios_disable_usb_boot/rule.yml | 2 +- - .../mounting/grub2_nousb_argument/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_cramfs_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_freevxfs_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_hfs_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_hfsplus_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_jffs2_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_squashfs_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_udf_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kernel_module_vfat_disabled/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../mounting/service_autofs_disabled/rule.yml | 2 +- - .../mount_option_boot_noauto/rule.yml | 2 +- - .../mount_option_boot_nodev/rule.yml | 2 +- - .../mount_option_boot_noexec/rule.yml | 2 +- - .../mount_option_boot_nosuid/rule.yml | 2 +- - .../mount_option_dev_shm_noexec/rule.yml | 2 +- - .../mount_option_home_nodev/rule.yml | 2 +- - .../mount_option_home_noexec/rule.yml | 2 +- - .../mount_option_home_nosuid/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../mount_option_opt_nosuid/rule.yml | 2 +- - .../mount_option_srv_nosuid/rule.yml | 2 +- - .../mount_option_tmp_nodev/rule.yml | 2 +- - .../mount_option_tmp_noexec/rule.yml | 2 +- - .../mount_option_tmp_nosuid/rule.yml | 2 +- - .../mount_option_var_log_audit_nodev/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../mount_option_var_log_nodev/rule.yml | 2 +- - .../mount_option_var_log_noexec/rule.yml | 2 +- - .../mount_option_var_log_nosuid/rule.yml | 2 +- - .../mount_option_var_nodev/rule.yml | 2 +- - .../mount_option_var_noexec/rule.yml | 2 +- - .../mount_option_var_nosuid/rule.yml | 2 +- - .../mount_option_var_tmp_bind/bash/shared.sh | 2 +- - .../mount_option_var_tmp_bind/rule.yml | 2 +- - .../mount_option_var_tmp_nodev/rule.yml | 2 +- - .../mount_option_var_tmp_noexec/rule.yml | 2 +- - .../mount_option_var_tmp_nosuid/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../disable_users_coredumps/bash/shared.sh | 2 +- - .../kubernetes/shared.yml | 2 +- - .../disable_users_coredumps/rule.yml | 2 +- - .../rule.yml | 2 +- - .../daemon_umask/umask_for_daemons/rule.yml | 2 +- - .../sysctl_kernel_exec_shield/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../install_PAE_kernel_on_x86-32/rule.yml | 2 +- - .../grub2_page_poison_argument/rule.yml | 2 +- - .../grub2_slub_debug_argument/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../sysctl_kernel_core_pattern/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../sysctl_kernel_dmesg_restrict/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../sysctl_kernel_modules_disabled/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../sysctl_kernel_pid_max/rule.yml | 2 +- - .../restrictions/sysctl_kernel_sysrq/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../sysctl_kernel_yama_ptrace_scope/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../sysctl_net_core_bpf_jit_harden/rule.yml | 2 +- - .../kubernetes/shared.yml | 2 +- - .../sysctl_user_max_user_namespaces/rule.yml | 2 +- - .../sysctl_vm_mmap_min_addr/rule.yml | 2 +- - .../grub2_enable_selinux/ansible/shared.yml | 2 +- - .../grub2_enable_selinux/bash/shared.sh | 2 +- - .../selinux/grub2_enable_selinux/rule.yml | 2 +- - .../package_libselinux_installed/rule.yml | 2 +- - .../selinux/package_mcstrans_removed/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../package_setroubleshoot_removed/rule.yml | 2 +- - .../sebool_abrt_anon_write/rule.yml | 2 +- - .../sebool_abrt_handle_event/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_antivirus_can_scan_system/rule.yml | 2 +- - .../sebool_antivirus_use_jit/rule.yml | 2 +- - .../sebool_auditadm_exec_content/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_authlogin_radius/rule.yml | 2 +- - .../sebool_authlogin_yubikey/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_boinc_execmem/rule.yml | 2 +- - .../sebool_cdrecord_read_content/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_cluster_manage_all_files/rule.yml | 2 +- - .../sebool_cluster_use_execmem/rule.yml | 2 +- - .../sebool_cobbler_anon_write/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_cobbler_use_cifs/rule.yml | 2 +- - .../sebool_cobbler_use_nfs/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_conman_can_network/rule.yml | 2 +- - .../sebool_container_connect_any/rule.yml | 2 +- - .../sebool_cron_can_relabel/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_cups_execmem/rule.yml | 2 +- - .../sebool_cvs_read_shadow/rule.yml | 2 +- - .../sebool_daemons_dump_core/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_daemons_use_tcp_wrapper/rule.yml | 2 +- - .../sebool_daemons_use_tty/rule.yml | 2 +- - .../sebool_dbadm_exec_content/rule.yml | 2 +- - .../sebool_dbadm_manage_user_files/rule.yml | 2 +- - .../sebool_dbadm_read_user_files/rule.yml | 2 +- - .../sebool_deny_execmem/rule.yml | 2 +- - .../sebool_deny_ptrace/rule.yml | 2 +- - .../sebool_dhcpc_exec_iptables/rule.yml | 2 +- - .../sebool_dhcpd_use_ldap/rule.yml | 2 +- - .../sebool_domain_fd_use/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_entropyd_use_audio/rule.yml | 2 +- - .../sebool_exim_can_connect_db/rule.yml | 2 +- - .../sebool_exim_manage_user_files/rule.yml | 2 +- - .../sebool_exim_read_user_files/rule.yml | 2 +- - .../sebool_fcron_crond/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_fenced_can_ssh/rule.yml | 2 +- - .../sebool_fips_mode/rule.yml | 2 +- - .../sebool_ftpd_anon_write/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_ftpd_connect_db/rule.yml | 2 +- - .../sebool_ftpd_full_access/rule.yml | 2 +- - .../sebool_ftpd_use_cifs/rule.yml | 2 +- - .../sebool_ftpd_use_fusefs/rule.yml | 2 +- - .../sebool_ftpd_use_nfs/rule.yml | 2 +- - .../sebool_ftpd_use_passive_mode/rule.yml | 2 +- - .../sebool_git_cgi_enable_homedirs/rule.yml | 2 +- - .../sebool_git_cgi_use_cifs/rule.yml | 2 +- - .../sebool_git_cgi_use_nfs/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_git_session_users/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_git_system_use_cifs/rule.yml | 2 +- - .../sebool_git_system_use_nfs/rule.yml | 2 +- - .../sebool_gitosis_can_sendmail/rule.yml | 2 +- - .../sebool_glance_api_can_network/rule.yml | 2 +- - .../sebool_glance_use_execmem/rule.yml | 2 +- - .../sebool_glance_use_fusefs/rule.yml | 2 +- - .../sebool_global_ssp/rule.yml | 2 +- - .../sebool_gluster_anon_write/rule.yml | 2 +- - .../sebool_gluster_export_all_ro/rule.yml | 2 +- - .../sebool_gluster_export_all_rw/rule.yml | 2 +- - .../sebool_gpg_web_anon_write/rule.yml | 2 +- - .../sebool_gssd_read_tmp/rule.yml | 2 +- - .../sebool_guest_exec_content/rule.yml | 2 +- - .../sebool_haproxy_connect_any/rule.yml | 2 +- - .../sebool_httpd_anon_write/rule.yml | 2 +- - .../sebool_httpd_builtin_scripting/rule.yml | 2 +- - .../sebool_httpd_can_check_spam/rule.yml | 2 +- - .../sebool_httpd_can_connect_ftp/rule.yml | 2 +- - .../sebool_httpd_can_connect_ldap/rule.yml | 2 +- - .../sebool_httpd_can_connect_mythtv/rule.yml | 2 +- - .../sebool_httpd_can_connect_zabbix/rule.yml | 2 +- - .../sebool_httpd_can_network_connect/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_httpd_can_network_relay/rule.yml | 2 +- - .../sebool_httpd_can_sendmail/rule.yml | 2 +- - .../sebool_httpd_dbus_avahi/rule.yml | 2 +- - .../sebool_httpd_dbus_sssd/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_httpd_enable_cgi/rule.yml | 2 +- - .../sebool_httpd_enable_ftp_server/rule.yml | 2 +- - .../sebool_httpd_enable_homedirs/rule.yml | 2 +- - .../sebool_httpd_execmem/rule.yml | 2 +- - .../sebool_httpd_graceful_shutdown/rule.yml | 2 +- - .../sebool_httpd_manage_ipa/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_httpd_mod_auth_pam/rule.yml | 2 +- - .../sebool_httpd_read_user_content/rule.yml | 2 +- - .../sebool_httpd_run_ipa/rule.yml | 2 +- - .../sebool_httpd_run_preupgrade/rule.yml | 2 +- - .../sebool_httpd_run_stickshift/rule.yml | 2 +- - .../sebool_httpd_serve_cobbler_files/rule.yml | 2 +- - .../sebool_httpd_setrlimit/rule.yml | 2 +- - .../sebool_httpd_ssi_exec/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_httpd_tmp_exec/rule.yml | 2 +- - .../sebool_httpd_tty_comm/rule.yml | 2 +- - .../sebool_httpd_unified/rule.yml | 2 +- - .../sebool_httpd_use_cifs/rule.yml | 2 +- - .../sebool_httpd_use_fusefs/rule.yml | 2 +- - .../sebool_httpd_use_gpg/rule.yml | 2 +- - .../sebool_httpd_use_nfs/rule.yml | 2 +- - .../sebool_httpd_use_openstack/rule.yml | 2 +- - .../sebool_httpd_use_sasl/rule.yml | 2 +- - .../sebool_httpd_verify_dns/rule.yml | 2 +- - .../sebool_icecast_use_any_tcp_ports/rule.yml | 2 +- - .../sebool_irc_use_any_tcp_ports/rule.yml | 2 +- - .../sebool_irssi_use_full_network/rule.yml | 2 +- - .../sebool_kdumpgui_run_bootloader/rule.yml | 2 +- - .../sebool_kerberos_enabled/rule.yml | 2 +- - .../sebool_ksmtuned_use_cifs/rule.yml | 2 +- - .../sebool_ksmtuned_use_nfs/rule.yml | 2 +- - .../sebool_logadm_exec_content/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_logging_syslogd_use_tty/rule.yml | 2 +- - .../sebool_login_console_enabled/rule.yml | 2 +- - .../sebool_logrotate_use_nfs/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_lsmd_plugin_connect_any/rule.yml | 2 +- - .../sebool_mailman_use_fusefs/rule.yml | 2 +- - .../sebool_mcelog_client/rule.yml | 2 +- - .../sebool_mcelog_exec_scripts/rule.yml | 2 +- - .../sebool_mcelog_foreground/rule.yml | 2 +- - .../sebool_mcelog_server/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_mmap_low_allowed/rule.yml | 2 +- - .../sebool_mock_enable_homedirs/rule.yml | 2 +- - .../sebool_mount_anyfile/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_mozilla_plugin_use_gps/rule.yml | 2 +- - .../sebool_mozilla_plugin_use_spice/rule.yml | 2 +- - .../sebool_mozilla_read_content/rule.yml | 2 +- - .../sebool_mpd_enable_homedirs/rule.yml | 2 +- - .../sebool_mpd_use_cifs/rule.yml | 2 +- - .../sebool_mpd_use_nfs/rule.yml | 2 +- - .../sebool_mplayer_execstack/rule.yml | 2 +- - .../sebool_mysql_connect_any/rule.yml | 2 +- - .../sebool_nagios_run_pnp4nagios/rule.yml | 2 +- - .../sebool_nagios_run_sudo/rule.yml | 2 +- - .../sebool_named_tcp_bind_http_port/rule.yml | 2 +- - .../sebool_named_write_master_zones/rule.yml | 2 +- - .../sebool_neutron_can_network/rule.yml | 2 +- - .../sebool_nfs_export_all_ro/rule.yml | 2 +- - .../sebool_nfs_export_all_rw/rule.yml | 2 +- - .../sebool_nfsd_anon_write/rule.yml | 2 +- - .../sebool_nis_enabled/rule.yml | 2 +- - .../sebool_nscd_use_shm/rule.yml | 2 +- - .../sebool_openshift_use_nfs/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_openvpn_enable_homedirs/rule.yml | 2 +- - .../sebool_openvpn_run_unconfined/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_pcp_read_generic_logs/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_polipo_session_users/rule.yml | 2 +- - .../sebool_polipo_use_cifs/rule.yml | 2 +- - .../sebool_polipo_use_nfs/rule.yml | 2 +- - .../sebool_polyinstantiation_enabled/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_postgresql_can_rsync/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_pppd_can_insmod/rule.yml | 2 +- - .../sebool_pppd_for_user/rule.yml | 2 +- - .../sebool_privoxy_connect_any/rule.yml | 2 +- - .../sebool_prosody_bind_http_port/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_puppetmaster_use_db/rule.yml | 2 +- - .../sebool_racoon_read_shadow/rule.yml | 2 +- - .../sebool_rsync_anon_write/rule.yml | 2 +- - .../sebool_rsync_client/rule.yml | 2 +- - .../sebool_rsync_export_all_ro/rule.yml | 2 +- - .../sebool_rsync_full_access/rule.yml | 2 +- - .../sebool_samba_create_home_dirs/rule.yml | 2 +- - .../sebool_samba_domain_controller/rule.yml | 2 +- - .../sebool_samba_enable_home_dirs/rule.yml | 2 +- - .../sebool_samba_export_all_ro/rule.yml | 2 +- - .../sebool_samba_export_all_rw/rule.yml | 2 +- - .../sebool_samba_load_libgfapi/rule.yml | 2 +- - .../sebool_samba_portmapper/rule.yml | 2 +- - .../sebool_samba_run_unconfined/rule.yml | 2 +- - .../sebool_samba_share_fusefs/rule.yml | 2 +- - .../sebool_samba_share_nfs/rule.yml | 2 +- - .../sebool_sanlock_use_fusefs/rule.yml | 2 +- - .../sebool_sanlock_use_nfs/rule.yml | 2 +- - .../sebool_sanlock_use_samba/rule.yml | 2 +- - .../sebool_saslauthd_read_shadow/rule.yml | 2 +- - .../sebool_secadm_exec_content/rule.yml | 2 +- - .../sebool_secure_mode/rule.yml | 2 +- - .../sebool_secure_mode_insmod/rule.yml | 2 +- - .../sebool_secure_mode_policyload/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_selinuxuser_execheap/rule.yml | 2 +- - .../sebool_selinuxuser_execmod/rule.yml | 2 +- - .../sebool_selinuxuser_execstack/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_selinuxuser_ping/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_selinuxuser_share_music/rule.yml | 2 +- - .../sebool_selinuxuser_tcp_server/rule.yml | 2 +- - .../sebool_selinuxuser_udp_server/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_sge_use_nfs/rule.yml | 2 +- - .../sebool_smartmon_3ware/rule.yml | 2 +- - .../sebool_smbd_anon_write/rule.yml | 2 +- - .../sebool_spamassassin_can_network/rule.yml | 2 +- - .../sebool_spamd_enable_home_dirs/rule.yml | 2 +- - .../sebool_squid_connect_any/rule.yml | 2 +- - .../sebool_squid_use_tproxy/rule.yml | 2 +- - .../sebool_ssh_chroot_rw_homedirs/rule.yml | 2 +- - .../sebool_ssh_keysign/rule.yml | 2 +- - .../sebool_ssh_sysadm_login/rule.yml | 2 +- - .../sebool_staff_exec_content/rule.yml | 2 +- - .../sebool_staff_use_svirt/rule.yml | 2 +- - .../sebool_swift_can_network/rule.yml | 2 +- - .../sebool_sysadm_exec_content/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_tftp_anon_write/rule.yml | 2 +- - .../sebool_tftp_home_dir/rule.yml | 2 +- - .../sebool_tmpreaper_use_nfs/rule.yml | 2 +- - .../sebool_tmpreaper_use_samba/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_tor_can_network_relay/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_unconfined_login/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_unprivuser_use_svirt/rule.yml | 2 +- - .../sebool_use_ecryptfs_home_dirs/rule.yml | 2 +- - .../sebool_use_fusefs_home_dirs/rule.yml | 2 +- - .../sebool_use_lpd_server/rule.yml | 2 +- - .../sebool_use_nfs_home_dirs/rule.yml | 2 +- - .../sebool_use_samba_home_dirs/rule.yml | 2 +- - .../sebool_user_exec_content/rule.yml | 2 +- - .../sebool_varnishd_connect_any/rule.yml | 2 +- - .../sebool_virt_read_qemu_ga_data/rule.yml | 2 +- - .../sebool_virt_rw_qemu_ga_data/rule.yml | 2 +- - .../sebool_virt_sandbox_use_all_caps/rule.yml | 2 +- - .../sebool_virt_sandbox_use_audit/rule.yml | 2 +- - .../sebool_virt_sandbox_use_mknod/rule.yml | 2 +- - .../sebool_virt_sandbox_use_netlink/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_virt_use_comm/rule.yml | 2 +- - .../sebool_virt_use_execmem/rule.yml | 2 +- - .../sebool_virt_use_fusefs/rule.yml | 2 +- - .../sebool_virt_use_nfs/rule.yml | 2 +- - .../sebool_virt_use_rawip/rule.yml | 2 +- - .../sebool_virt_use_samba/rule.yml | 2 +- - .../sebool_virt_use_sanlock/rule.yml | 2 +- - .../sebool_virt_use_usb/rule.yml | 2 +- - .../sebool_virt_use_xserver/rule.yml | 2 +- - .../sebool_webadm_manage_user_files/rule.yml | 2 +- - .../sebool_webadm_read_user_files/rule.yml | 2 +- - .../sebool_wine_mmap_zero_ignore/rule.yml | 2 +- - .../sebool_xdm_bind_vnc_tcp_port/rule.yml | 2 +- - .../sebool_xdm_exec_bootloader/rule.yml | 2 +- - .../sebool_xdm_sysadm_login/rule.yml | 2 +- - .../sebool_xdm_write_home/rule.yml | 2 +- - .../sebool_xen_use_nfs/rule.yml | 2 +- - .../sebool_xend_run_blktap/rule.yml | 2 +- - .../sebool_xend_run_qemu/rule.yml | 2 +- - .../sebool_xguest_connect_network/rule.yml | 2 +- - .../sebool_xguest_exec_content/rule.yml | 2 +- - .../sebool_xguest_mount_media/rule.yml | 2 +- - .../sebool_xguest_use_bluetooth/rule.yml | 2 +- - .../rule.yml | 2 +- - .../sebool_xserver_execmem/rule.yml | 2 +- - .../sebool_xserver_object_manager/rule.yml | 2 +- - .../sebool_zabbix_can_network/rule.yml | 2 +- - .../sebool_zarafa_setrlimit/rule.yml | 2 +- - .../sebool_zebra_write_config/rule.yml | 2 +- - .../sebool_zoneminder_anon_write/rule.yml | 2 +- - .../sebool_zoneminder_run_sudo/rule.yml | 2 +- - .../selinux_all_devicefiles_labeled/rule.yml | 2 +- - .../selinux_confinement_of_daemons/rule.yml | 2 +- - .../selinux_policytype/ansible/shared.yml | 2 +- - .../selinux/selinux_policytype/bash/shared.sh | 2 +- - .../selinux/selinux_policytype/rule.yml | 2 +- - .../selinux/selinux_state/ansible/shared.yml | 2 +- - .../selinux/selinux_state/bash/shared.sh | 2 +- - .../system/selinux/selinux_state/rule.yml | 2 +- - .../selinux/selinux_user_login_roles/rule.yml | 2 +- - .../encrypt_partitions/rule.yml | 2 +- - .../partition_for_boot/rule.yml | 2 +- - .../partition_for_opt/rule.yml | 2 +- - .../partition_for_usr/rule.yml | 2 +- - .../partition_for_var_tmp/rule.yml | 2 +- - .../gnome/dconf_db_up_to_date/bash/shared.sh | 2 +- - .../gnome/dconf_db_up_to_date/rule.yml | 2 +- - .../gnome/enable_dconf_user_profile/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_disable_user_list/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_login_retries/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../gnome_gdm_disable_guest_login/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_disable_automount/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_disable_autorun/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_disable_thumbnailers/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_disable_wifi_create/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_disable_geolocation/rule.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../dconf_gnome_disable_user_admin/rule.yml | 2 +- - .../gnome/package_gdm_removed/rule.yml | 2 +- - .../installed_OS_is_FIPS_certified/rule.yml | 2 +- - .../installed_OS_is_vendor_supported/rule.yml | 2 +- - .../configure_bind_crypto_policy/rule.yml | 2 +- - .../crypto/configure_crypto_policy/rule.yml | 2 +- - .../configure_kerberos_crypto_policy/rule.yml | 2 +- - .../rule.yml | 2 +- - .../configure_openssl_crypto_policy/rule.yml | 2 +- - .../configure_ssh_crypto_policy/rule.yml | 2 +- - .../harden_openssl_crypto_policy/rule.yml | 2 +- - .../openssl_use_strong_entropy/rule.yml | 2 +- - .../rule.yml | 2 +- - .../crypto/ssh_client_rekey_limit/rule.yml | 2 +- - .../disable_prelink/ansible/shared.yml | 2 +- - .../install_antivirus/rule.yml | 2 +- - .../install_hids/rule.yml | 2 +- - .../install_mcafee_antivirus/rule.yml | 2 +- - .../install_mcafee_cma_rt/rule.yml | 2 +- - .../rule.yml | 2 +- - .../install_mcafee_hbss_accm/rule.yml | 2 +- - .../install_mcafee_hbss_pa/rule.yml | 2 +- - .../package_MFEhiplsm_installed/rule.yml | 2 +- - .../service_nails_enabled/rule.yml | 2 +- - .../fips/enable_dracut_fips_module/rule.yml | 2 +- - .../integrity/fips/enable_fips_mode/rule.yml | 2 +- - .../fips/enable_fips_mode/tests/ocp4/e2e.yml | 2 +- - .../fips/etc_system_fips_exists/rule.yml | 2 +- - .../fips/sysctl_crypto_fips_enabled/rule.yml | 2 +- - .../aide/aide_build_database/bash/shared.sh | 2 +- - .../bash/shared.sh | 2 +- - .../aide/aide_periodic_cron_checking/rule.yml | 2 +- - .../aide/aide_scan_notification/rule.yml | 2 +- - .../aide/aide_use_fips_hashes/bash/shared.sh | 2 +- - .../aide/aide_use_fips_hashes/rule.yml | 2 +- - .../aide/aide_verify_acls/bash/shared.sh | 2 +- - .../aide/aide_verify_acls/rule.yml | 2 +- - .../aide_verify_ext_attributes/bash/shared.sh | 2 +- - .../aide/aide_verify_ext_attributes/rule.yml | 2 +- - .../aide/package_aide_installed/rule.yml | 2 +- - .../rpm_verify_hashes/bash/shared.sh | 2 +- - .../rpm_verify_hashes/rule.yml | 2 +- - .../rpm_verify_ownership/ansible/shared.yml | 2 +- - .../rpm_verify_ownership/bash/shared.sh | 2 +- - .../rpm_verify_ownership/rule.yml | 2 +- - .../rpm_verify_permissions/ansible/shared.yml | 2 +- - .../rpm_verify_permissions/bash/shared.sh | 2 +- - .../rpm_verify_permissions/rule.yml | 2 +- - .../sudo/package_sudo_installed/rule.yml | 2 +- - .../software/sudo/sudo_add_env_reset/rule.yml | 2 +- - .../sudo/sudo_add_ignore_dot/rule.yml | 2 +- - .../software/sudo/sudo_add_umask/rule.yml | 2 +- - .../tests/0027_var_and_0022_state.fail.sh | 2 +- - .../tests/0027_var_and_0027_state.pass.sh | 2 +- - .../tests/0027_var_and_default_state.fail.sh | 2 +- - .../tests/0027_var_multiple_values.fail.sh | 2 +- - .../tests/0027_var_multiple_values.pass.sh | 2 +- - .../sudo/sudo_dedicated_group/rule.yml | 2 +- - .../tests/root_default.pass.sh | 2 +- - .../rule.yml | 2 +- - .../package_abrt-addon-ccpp_removed/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../package_abrt-cli_removed/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../package_binutils_installed/rule.yml | 2 +- - .../rule.yml | 2 +- - .../package_geolite2-city_removed/rule.yml | 2 +- - .../package_geolite2-country_removed/rule.yml | 2 +- - .../package_gssproxy_removed/rule.yml | 2 +- - .../package_iprutils_removed/rule.yml | 2 +- - .../package_krb5-workstation_removed/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../package_pigz_removed/rule.yml | 2 +- - .../package_rear_installed/rule.yml | 2 +- - .../package_rng-tools_installed/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../package_tar_installed/rule.yml | 2 +- - .../package_tuned_removed/rule.yml | 2 +- - .../package_vim_installed/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../clean_components_post_updating/rule.yml | 2 +- - .../dnf-automatic_apply_updates/rule.yml | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../ensure_gpgcheck_local_packages/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ensure_gpgcheck_never_disabled/rule.yml | 2 +- - .../ensure_gpgcheck_repo_metadata/rule.yml | 2 +- - .../ansible/shared.yml | 2 +- - .../bash/shared.sh | 2 +- - .../ensure_redhat_gpgkey_installed/rule.yml | 2 +- - .../package_dnf-automatic_installed/rule.yml | 2 +- - .../bash/shared.sh | 2 +- - .../security_patches_up_to_date/rule.yml | 2 +- - .../timer_dnf-automatic_enabled/rule.yml | 2 +- - rl8/CMakeLists.txt | 36 + - .../ssg-rhel8-anssi_bp28_enhanced-ks.cfg | 163 ++ - .../ssg-rhel8-anssi_bp28_high-ks.cfg | 167 ++ - .../ssg-rhel8-anssi_bp28_intermediary-ks.cfg | 163 ++ - .../ssg-rhel8-anssi_bp28_minimal-ks.cfg | 127 ++ - rl8/kickstart/ssg-rhel8-cis-ks.cfg | 146 ++ - rl8/kickstart/ssg-rhel8-cui-ks.cfg | 167 ++ - rl8/kickstart/ssg-rhel8-e8-ks.cfg | 125 ++ - rl8/kickstart/ssg-rhel8-hipaa-ks.cfg | 125 ++ - rl8/kickstart/ssg-rhel8-ospp-ks.cfg | 167 ++ - rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg | 157 ++ - rl8/kickstart/ssg-rhel8-stig-ks.cfg | 168 ++ - rl8/overlays/srg_support.xml | 173 +++ - rl8/overlays/stig_overlay.xml | 1367 +++++++++++++++++ - rl8/product.yml | 31 + - rl8/profiles/anssi_bp28_enhanced.profile | 16 + - rl8/profiles/anssi_bp28_high.profile | 15 + - .../profiles/anssi_bp28_intermediary.profile | 15 + - rl8/profiles/anssi_bp28_minimal.profile | 16 + - rl8/profiles/cis.profile | 1088 +++++++++++++ - rl8/profiles/cjis.profile | 139 ++ - rl8/profiles/cui.profile | 32 + - rl8/profiles/e8.profile | 148 ++ - rl8/profiles/hipaa.profile | 164 ++ - rl8/profiles/ism_o.profile | 134 ++ - rl8/profiles/ospp-mls.profile | 25 + - rl8/profiles/ospp.profile | 444 ++++++ - rl8/profiles/pci-dss.profile | 147 ++ - rl8/profiles/rhelh-vpp.profile | 35 + - rl8/profiles/rht-ccp.profile | 100 ++ - rl8/profiles/standard.profile | 66 + - rl8/profiles/stig.profile | 1064 +++++++++++++ - rl8/transforms/cci2html.xsl | 6 + - rl8/transforms/constants.xslt | 21 + - rl8/transforms/shorthand2xccdf.xslt | 8 + - rl8/transforms/table-add-srgitems.xslt | 7 + - rl8/transforms/table-sortbyref.xslt | 6 + - rl8/transforms/table-srgmap.xslt | 11 + - rl8/transforms/table-style.xslt | 5 + - .../transforms/xccdf-apply-overlay-stig.xslt | 8 + - rl8/transforms/xccdf2stigformat.xslt | 7 + - rl8/transforms/xccdf2table-byref.xslt | 9 + - rl8/transforms/xccdf2table-cce.xslt | 9 + - .../xccdf2table-profileanssirefs.xslt | 8 + - .../xccdf2table-profileccirefs.xslt | 9 + - .../xccdf2table-profilecisrefs.xslt | 9 + - .../xccdf2table-profilenistrefs-cui.xslt | 8 + - .../xccdf2table-profilenistrefs.xslt | 8 + - rl8/transforms/xccdf2table-stig.xslt | 9 + - shared/checks/oval/install_mcafee_hbss.xml | 3 +- - shared/checks/oval/installed_OS_is_rl8.xml | 47 + - .../oval/sysctl_kernel_ipv6_disable.xml | 3 +- - .../oval/sysctl_kernel_ipv6_disable.xml.orig | 27 + - .../disa-stig-rhel7-v3r1-xccdf-manual.xml | 2 +- - .../disa-stig-rhel8-v1r1-xccdf-manual.xml | 10 +- - .../disa-stig-sle12-v2r1-xccdf-manual.xml | 2 +- - .../accounts_password/ansible.template | 2 +- - .../templates/accounts_password/bash.template | 2 +- - .../ansible.template | 2 +- - .../bash.template | 2 +- - .../ansible.template | 2 +- - .../bash.template | 2 +- - .../audit_rules_login_events/ansible.template | 2 +- - .../audit_rules_login_events/bash.template | 2 +- - .../audit_rules_path_syscall/ansible.template | 2 +- - .../audit_rules_path_syscall/bash.template | 2 +- - .../ansible.template | 2 +- - .../bash.template | 2 +- - .../ansible.template | 2 +- - .../bash.template | 2 +- - .../ansible.template | 2 +- - .../bash.template | 2 +- - .../ansible.template | 2 +- - .../grub2_bootloader_argument/bash.template | 2 +- - .../kernel_module_disabled/ansible.template | 2 +- - .../kernel_module_disabled/bash.template | 2 +- - shared/templates/mount/anaconda.template | 2 +- - .../templates/mount_option/anaconda.template | 2 +- - .../anaconda.template | 2 +- - .../package_installed/anaconda.template | 2 +- - .../templates/package_installed/bash.template | 2 +- - .../package_removed/anaconda.template | 2 +- - shared/templates/sebool/ansible.template | 2 +- - shared/templates/sebool/bash.template | 2 +- - .../templates/service_disabled/bash.template | 2 +- - .../service_disabled/kubernetes.template | 2 +- - .../templates/service_enabled/bash.template | 2 +- - shared/templates/sysctl/bash.template | 2 +- - .../zipl_bls_entries_option/ansible.template | 2 +- - .../zipl_bls_entries_option/bash.template | 2 +- - shared/transforms/pcidss/PCI_DSS.json | 2 +- - shared/transforms/srg-overlay.xslt | 2 +- - ssg/constants.py | 8 +- - ssg/constants.py.orig | 369 +++++ - .../googleapis/gnostic/compiler/README.md | 2 +- - .../github.com/imdario/mergo/.deepsource.toml | 2 +- - .../go/fuzzy_mode_convert_table.md | 2 +- - .../github.com/modern-go/concurrent/README.md | 2 +- - .../github.com/modern-go/concurrent/log.go | 2 +- - .../github.com/modern-go/reflect2/README.md | 2 +- - .../vincent-petithory/dataurl/wercker.yml | 2 +- - .../ssg-module/data/file_owner_grub2_cfg.yml | 2 +- - .../rules/selinux_state.yml | 2 +- - 1513 files changed, 9812 insertions(+), 1461 deletions(-) - create mode 100644 .gitignore - create mode 100644 CMakeLists.txt.orig - create mode 100755 build_product.orig - create mode 100644 rl8/CMakeLists.txt - create mode 100644 rl8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-cis-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-cui-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-e8-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-hipaa-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-ospp-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg - create mode 100644 rl8/kickstart/ssg-rhel8-stig-ks.cfg - create mode 100644 rl8/overlays/srg_support.xml - create mode 100644 rl8/overlays/stig_overlay.xml - create mode 100644 rl8/product.yml - create mode 100644 rl8/profiles/anssi_bp28_enhanced.profile - create mode 100644 rl8/profiles/anssi_bp28_high.profile - create mode 100644 rl8/profiles/anssi_bp28_intermediary.profile - create mode 100644 rl8/profiles/anssi_bp28_minimal.profile - create mode 100644 rl8/profiles/cis.profile - create mode 100644 rl8/profiles/cjis.profile - create mode 100644 rl8/profiles/cui.profile - create mode 100644 rl8/profiles/e8.profile - create mode 100644 rl8/profiles/hipaa.profile - create mode 100644 rl8/profiles/ism_o.profile - create mode 100644 rl8/profiles/ospp-mls.profile - create mode 100644 rl8/profiles/ospp.profile - create mode 100644 rl8/profiles/pci-dss.profile - create mode 100644 rl8/profiles/rhelh-vpp.profile - create mode 100644 rl8/profiles/rht-ccp.profile - create mode 100644 rl8/profiles/standard.profile - create mode 100644 rl8/profiles/stig.profile - create mode 100644 rl8/transforms/cci2html.xsl - create mode 100644 rl8/transforms/constants.xslt - create mode 100644 rl8/transforms/shorthand2xccdf.xslt - create mode 100644 rl8/transforms/table-add-srgitems.xslt - create mode 100644 rl8/transforms/table-sortbyref.xslt - create mode 100644 rl8/transforms/table-srgmap.xslt - create mode 100644 rl8/transforms/table-style.xslt - create mode 100644 rl8/transforms/xccdf-apply-overlay-stig.xslt - create mode 100644 rl8/transforms/xccdf2stigformat.xslt - create mode 100644 rl8/transforms/xccdf2table-byref.xslt - create mode 100644 rl8/transforms/xccdf2table-cce.xslt - create mode 100644 rl8/transforms/xccdf2table-profileanssirefs.xslt - create mode 100644 rl8/transforms/xccdf2table-profileccirefs.xslt - create mode 100644 rl8/transforms/xccdf2table-profilecisrefs.xslt - create mode 100644 rl8/transforms/xccdf2table-profilenistrefs-cui.xslt - create mode 100644 rl8/transforms/xccdf2table-profilenistrefs.xslt - create mode 100644 rl8/transforms/xccdf2table-stig.xslt - create mode 100644 shared/checks/oval/installed_OS_is_rl8.xml - create mode 100644 shared/checks/oval/sysctl_kernel_ipv6_disable.xml.orig - create mode 100644 ssg/constants.py.orig - -diff --git a/.gitignore b/.gitignore -new file mode 100644 -index 0000000..5de733e ---- /dev/null -+++ b/.gitignore -@@ -0,0 +1 @@ -+revert -diff --git a/CMakeLists.txt b/CMakeLists.txt -index 6995944..4efda17 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -87,6 +87,7 @@ option(SSG_PRODUCT_UBUNTU2004 "If enabled, the Ubuntu 20.04 SCAP content will be - option(SSG_PRODUCT_VSEL "If enabled, the McAfee VSEL SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_WRLINUX8 "If enabled, the WRLinux8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_WRLINUX1019 "If enabled, the WRLinux1019 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_RL8 "If enabled, the RL8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - - option(SSG_CENTOS_DERIVATIVES_ENABLED "If enabled, CentOS derivative content will be built from the RHEL content" TRUE) - option(SSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED "If enabled, Scientific Linux derivative content will be built from the RHEL content" TRUE) -@@ -267,6 +268,7 @@ message(STATUS "Ubuntu 20.04: ${SSG_PRODUCT_UBUNTU2004}") - message(STATUS "McAfee VSEL: ${SSG_PRODUCT_VSEL}") - message(STATUS "WRLinux 8: ${SSG_PRODUCT_WRLINUX8}") - message(STATUS "WRLinux 1019: ${SSG_PRODUCT_WRLINUX1019}") -+message(STATUS "Rocky Linux 8: ${SSG_PRODUCT_RL8}") - - - -@@ -386,6 +388,10 @@ endif() - if (SSG_PRODUCT_WRLINUX1019) - add_subdirectory("wrlinux1019") - endif() -+if (SSG_PRODUCT_RL8) -+ add_subdirectory("rl8") -+endif() -+ - - # ZIP only contains source datastreams and kickstarts, people who - # want sources to build from should get the tarball instead. -diff --git a/CMakeLists.txt.orig b/CMakeLists.txt.orig -new file mode 100644 -index 0000000..6995944 ---- /dev/null -+++ b/CMakeLists.txt.orig -@@ -0,0 +1,466 @@ -+cmake_minimum_required(VERSION 2.8) -+ -+# Inspired and referenced from https://blog.kitware.com/cmake-and-the-default-build-type -+if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES) -+ message(STATUS "Setting build type to 'Release' as none was specified.") -+ set(CMAKE_BUILD_TYPE Release CACHE STRING "Choose the type of build." FORCE) -+ set_property(CACHE CMAKE_BUILD_TYPE PROPERTY STRINGS "Debug" "Release" -+ "MinSizeRel" "RelWithDebInfo") -+endif() -+ -+project(scap-security-guide NONE) -+ -+set (CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${PROJECT_SOURCE_DIR}/cmake") -+# This is set to silence GNUInstallDirs warning about no language being used with cmake -+set(CMAKE_INSTALL_LIBDIR "/nowhere") -+include(GNUInstallDirs) -+include(FindPythonModule) -+ -+if ( "$ENV{PYTHONPATH}" STREQUAL "" ) -+ set(ENV{PYTHONPATH} "${PROJECT_SOURCE_DIR}") -+else() -+ set(ENV{PYTHONPATH} "${PROJECT_SOURCE_DIR}:$ENV{PYTHONPATH}") -+endif() -+ -+set(SSG_CONTENT_INSTALL_DIR "${CMAKE_INSTALL_DATADIR}/xml/scap/ssg/content") -+set(SSG_GUIDE_INSTALL_DIR "${CMAKE_INSTALL_DOCDIR}/guides") -+set(SSG_TABLE_INSTALL_DIR "${CMAKE_INSTALL_DOCDIR}/tables") -+set(SSG_ANSIBLE_ROLE_INSTALL_DIR "${CMAKE_INSTALL_DATADIR}/scap-security-guide/ansible") -+set(SSG_BASH_ROLE_INSTALL_DIR "${CMAKE_INSTALL_DATADIR}/scap-security-guide/bash") -+set(SSG_KICKSTART_INSTALL_DIR "${CMAKE_INSTALL_DATADIR}/scap-security-guide/kickstart") -+ -+set(SSG_MAJOR_VERSION 0) -+set(SSG_MINOR_VERSION 1) -+set(SSG_PATCH_VERSION 54) -+set(SSG_VERSION "${SSG_MAJOR_VERSION}.${SSG_MINOR_VERSION}.${SSG_PATCH_VERSION}") -+ -+set(SSG_VENDOR "ssgproject" CACHE STRING "Specify the XCCDF 1.2 vendor string.") -+ -+set(SSG_TARGET_OVAL_MAJOR_VERSION "5" CACHE STRING "Which major version of OVAL are we targetting. Only 5 is supported at the moment.") -+set(SSG_TARGET_OVAL_MINOR_VERSION "11" CACHE STRING "Which minor version of OVAL are we targetting. Possible choices are 10 or 11.") -+ -+set(SSG_TARGET_OVAL_VERSION "${SSG_TARGET_OVAL_MAJOR_VERSION}.${SSG_TARGET_OVAL_MINOR_VERSION}") -+ -+option(SSG_OVAL_SCHEMATRON_VALIDATION_ENABLED "If enabled, schematron validation will be performed as part of the ctest tests. Schematron takes a lot of time to complete but can find more issues than just plain XSD validation." TRUE) -+option(SSG_SHELLCHECK_BASH_FIXES_VALIDATION_ENABLED "If enabled, shellcheck validation of bash fixes will be performed as part of the ctest tests. Shellcheck tests don't pass right now, this option is discouraged until that's fixed." FALSE) -+option(SSG_LINKCHECKER_VALIDATION_ENABLED "If enabled, linkchecker will be used to validate URLs in all the HTML guides and tables." TRUE) -+option(SSG_SVG_IN_XCCDF_ENABLED "If enabled, the built XCCDFs will include the SVG SCAP Security Guide logo." TRUE) -+option(SSG_SEPARATE_SCAP_FILES_ENABLED "If enabled, separate SCAP files (OVAL, XCCDF, CPE dict, ...) will be installed alongside the source data-streams" TRUE) -+option(SSG_JINJA2_CACHE_ENABLED "If enabled, the jinja2 templating files will be cached into bytecode. Also see SSG_JINJA2_CACHE_DIR." TRUE) -+option(SSG_BATS_TESTS_ENABLED "If enabled, bats will be used to run unit-tests of bash remediations." TRUE) -+set(SSG_JINJA2_CACHE_DIR "${CMAKE_BINARY_DIR}/jinja2_cache" CACHE PATH "Where the jinja2 cached bytecode should be stored. This speeds up builds at the expense of disk space. You can use one location for multiple SSG builds for performance improvements.") -+ -+# SSG_PRODUCT_DEFAULT modifies the behavior of all other options. Products -+# which should be built by default should use the value ${SSG_PRODUCT_DEFAULT} -+# instead of the boolean True. This allows us disable all default products by -+# passing `-DSSG_PRODUCT_DEFAULT=OFF` and then manually specifying a list of -+# products to build. -+option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be built; otherwise only explicitly enabled products will be" TRUE) -+ -+# Products to build content for. These generally correspond to directories in -+# the root of this project. Note that the example product is always disabled -+# unless explicitly asked for. -+option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_DEBIAN9 "If enabled, the Debian 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_EXAMPLE "If enabled, the Example SCAP content will be built" FALSE) -+option(SSG_PRODUCT_FEDORA "If enabled, the Fedora SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_FIREFOX "If enabled, the Firefox SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_FUSE6 "If enabled, the JBoss Fuse6 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_JRE "If enabled, the JRE SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_MACOS1015 "If enabled, the Apple macOS 10.15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_OCP4 "If enabled, the OCP4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_RHCOS4 "If enabled, the RHCOS4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_OL7 "If enabled, the Oracle Linux 7 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_OL8 "If enabled, the Oracle Linux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_OPENSUSE "If enabled, the openSUSE SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_RHEL7 "If enabled, the RHEL7 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_RHEL8 "If enabled, the RHEL8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_RHOSP10 "If enabled, the RHOSP10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_RHOSP13 "If enabled, the RHOSP13 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_RHV4 "If enabled, the RHV4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_SLE12 "If enabled, the SLE12 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_SLE15 "If enabled, the SLE15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_UBUNTU1604 "If enabled, the Ubuntu 16.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_UBUNTU1804 "If enabled, the Ubuntu 18.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_UBUNTU2004 "If enabled, the Ubuntu 20.04 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_VSEL "If enabled, the McAfee VSEL SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_WRLINUX8 "If enabled, the WRLinux8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_WRLINUX1019 "If enabled, the WRLinux1019 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+ -+option(SSG_CENTOS_DERIVATIVES_ENABLED "If enabled, CentOS derivative content will be built from the RHEL content" TRUE) -+option(SSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED "If enabled, Scientific Linux derivative content will be built from the RHEL content" TRUE) -+ -+option(FORCE_VALIDATE_EVERYTHING "If enabled, perform all validation tests regardless of oscap version requirements. By default, the build system may not perform validation of some content types if the openscap used to build it is not up-to-date" FALSE) -+ -+set(SSG_SHARED "${CMAKE_SOURCE_DIR}/shared") -+set(SSG_SHARED_REFS "${SSG_SHARED}/references") -+set(SSG_SHARED_TRANSFORMS "${SSG_SHARED}/transforms") -+set(SSG_BUILD_SCRIPTS "${CMAKE_SOURCE_DIR}/build-scripts") -+ -+message(STATUS "SCAP Security Guide ${SSG_VERSION}") -+message(STATUS "(see ${CMAKE_SOURCE_DIR}/docs/manual/developer_guide.adoc for build instructions)") -+message(STATUS "") -+ -+# Strictly speaking in-source will work but will be very messy, let's -+# discourage our users from using them -+if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_BINARY_DIR}") -+ message(FATAL_ERROR "In-source builds are not supported! Please use out of source builds:\n" -+ "$ cd scap-security-guide\n" -+ "$ rm CMakeCache.txt\n" -+ "$ cd build\n" -+ "$ cmake ../\n" -+ "$ make -j4" -+ ) -+endif() -+ -+ -+set(Python_ADDITIONAL_VERSIONS 3 2) -+find_package(PythonInterp REQUIRED) -+ -+find_python_module(yaml REQUIRED) -+find_python_module(jinja2 REQUIRED) -+find_python_module(pytest) -+find_python_module(pytest_cov) -+find_python_module(json2html) -+ -+# sphinx documentation requirements -+find_python_module(sphinx) -+find_python_module(sphinxcontrib.autojinja) -+find_python_module(sphinx_rtd_theme) -+find_python_module(recommonmark) -+ -+ -+include(CMakeDependentOption) -+cmake_dependent_option(ENABLE_PYTHON_COVERAGE "Enable Python tests with coverage support" ON "PY_PYTEST_COV" OFF) -+ -+find_package(OpenSCAP REQUIRED) -+ -+if (SSG_TARGET_OVAL_MAJOR_VERSION EQUAL "5" AND SSG_TARGET_OVAL_VERSION_MINOR EQUAL "11" AND NOT "${OSCAP_V_OUTPUT}" MATCHES "OVAL Version: 5.11") -+ message(FATAL_ERROR "Your version of OpenSCAP does not support OVAL 5.11, please switch the OVAL target version to 5.10 or lower. $ cmake -DSSG_TARGET_OVAL_MINOR_VERSION=10 ../") -+endif() -+ -+if (NOT SSG_TARGET_OVAL_VERSION VERSION_EQUAL "5.10" AND NOT SSG_TARGET_OVAL_VERSION VERSION_EQUAL "5.11") -+ message(WARNING "You are targetting OVAL version ${SSG_TARGET_OVAL_VERSION}. In SSG we support/test 5.10 and 5.11 only!") -+endif() -+ -+execute_process( -+ COMMAND "${PYTHON_EXECUTABLE}" "${SSG_BUILD_SCRIPTS}/oscap_svg_support.py" "${OPENSCAP_OSCAP_EXECUTABLE}" -+ RESULT_VARIABLE OSCAP_SVG_SUPPORT_RESULT -+) -+# OSCAP_SVG_SUPPORT_RESULT == 0 means SVG is supported -+if (SSG_SVG_IN_XCCDF_ENABLED AND NOT OSCAP_SVG_SUPPORT_RESULT EQUAL 0) -+ set(SSG_SVG_IN_XCCDF_ENABLED OFF CACHE BOOL "SVG in XCCDF disabled because your version OpenSCAP doesn't support it" FORCE) -+ message(WARNING "Your version of OpenSCAP does not support having the SVG logo in the XCCDF, disabling SVG logo.") -+endif() -+ -+if (SSG_JINJA2_CACHE_ENABLED) -+ file(MAKE_DIRECTORY "${SSG_JINJA2_CACHE_DIR}") -+ if (NOT EXISTS "${SSG_JINJA2_CACHE_DIR}") -+ message(FATAL_ERROR "jinja2 cache dir was set to '${SSG_JINJA2_CACHE_DIR}'. This directory doesn't seem to exist and attempt to create it has failed.") -+ endif() -+ set(SSG_JINJA2_CACHE_ENABLED_BOOL "true") -+else() -+ set(SSG_JINJA2_CACHE_ENABLED_BOOL "false") -+endif() -+ -+find_program(XSLTPROC_EXECUTABLE NAMES xsltproc) -+if (NOT XSLTPROC_EXECUTABLE) -+ message(SEND_ERROR "xsltproc is required!") -+endif() -+ -+find_program(XMLLINT_EXECUTABLE NAMES xmllint) -+if (NOT XMLLINT_EXECUTABLE) -+ message(SEND_ERROR "xmllint is required!") -+endif() -+ -+find_program(XMLWF_EXECUTABLE NAMES xmlwf) -+if (NOT XMLWF_EXECUTABLE) -+ message(SEND_ERROR "xmlwf is required!") -+endif() -+ -+find_program(SED_EXECUTABLE NAMES sed) -+if (NOT SED_EXECUTABLE) -+ message(SEND_ERROR "sed is required!") -+endif() -+ -+find_program(SHELLCHECK_EXECUTABLE NAMES shellcheck) -+find_program(LINKCHECKER_EXECUTABLE NAMES linkchecker) -+find_program(BATS_EXECUTABLE NAMES bats) -+find_program(GREP_EXECUTABLE NAMES grep) -+find_program(ANSIBLE_PLAYBOOK_EXECUTABLE NAMES ansible-playbook) -+find_program(ANSIBLE_LINT_EXECUTABLE NAMES ansible-lint) -+find_program(YAMLLINT_EXECUTABLE NAMES yamllint) -+ -+configure_file("${CMAKE_SOURCE_DIR}/build_config.yml.in" "${CMAKE_BINARY_DIR}/build_config.yml" @ONLY) -+ -+message(STATUS "CMake:") -+message(STATUS "build type: ${CMAKE_BUILD_TYPE}") -+message(STATUS "generator: ${CMAKE_GENERATOR}") -+message(STATUS "source directory: ${CMAKE_SOURCE_DIR}") -+message(STATUS "build directory: ${CMAKE_BINARY_DIR}") -+message(STATUS " ") -+ -+message(STATUS "Tools:") -+message(STATUS "python: ${PYTHON_EXECUTABLE} (version: ${PYTHON_VERSION_STRING})") -+message(STATUS "python yaml module: ${PY_YAML}") -+message(STATUS "python jinja2 module: ${PY_JINJA2}") -+message(STATUS "oscap: ${OPENSCAP_OSCAP_EXECUTABLE} (version: ${OSCAP_VERSION})") -+message(STATUS "xsltproc: ${XSLTPROC_EXECUTABLE}") -+message(STATUS "xmllint: ${XMLLINT_EXECUTABLE}") -+message(STATUS "xmlwf: ${XMLWF_EXECUTABLE}") -+message(STATUS "sed: ${SED_EXECUTABLE}") -+message(STATUS "shellcheck (optional): ${SHELLCHECK_EXECUTABLE}") -+message(STATUS "linkchecker (optional): ${LINKCHECKER_EXECUTABLE}") -+message(STATUS "grep (optional): ${GREP_EXECUTABLE}") -+message(STATUS "python pytest module (optional): ${PY_PYTEST}") -+message(STATUS "ansible-playbook module (optional): ${ANSIBLE_PLAYBOOK_EXECUTABLE}") -+message(STATUS "ansible-lint module (optional): ${ANSIBLE_LINT_EXECUTABLE}") -+message(STATUS "yamllint module (optional): ${YAMLLINT_EXECUTABLE}") -+message(STATUS "BATS framework (optional): ${BATS_EXECUTABLE}") -+message(STATUS "python sphinx module (optional): ${PY_SPHINX}") -+message(STATUS "python sphinxcontrib.autojinja module (optional): ${PY_SPHINXCONTRIB.AUTOJINJA}") -+message(STATUS "python sphinx_rtd_theme module (optional): ${PY_SPHINX_RTD_THEME}") -+message(STATUS "python recommonmark module (optional): ${PY_RECOMMONMARK}") -+message(STATUS " ") -+ -+message(STATUS "Build options:") -+message(STATUS "SSG vendor string: ${SSG_VENDOR}") -+message(STATUS "Target OVAL version: ${SSG_TARGET_OVAL_VERSION}") -+message(STATUS "OVAL schematron validation: ${SSG_OVAL_SCHEMATRON_VALIDATION_ENABLED}") -+message(STATUS "shellcheck bash fixes validation: ${SSG_SHELLCHECK_BASH_FIXES_VALIDATION_ENABLED}") -+message(STATUS "SVG logo in XCCDFs: ${SSG_SVG_IN_XCCDF_ENABLED}") -+message(STATUS "Separate SCAP files: ${SSG_SEPARATE_SCAP_FILES_ENABLED}") -+if (SSG_JINJA2_CACHE_ENABLED) -+ message(STATUS "jinja2 cache: enabled") -+ message(STATUS "jinja2 cache dir: ${SSG_JINJA2_CACHE_DIR}") -+else() -+ message(STATUS "jinja2 cache: disabled") -+endif() -+message(STATUS " ") -+ -+message(STATUS "Products:") -+message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") -+message(STATUS "Debian 9: ${SSG_PRODUCT_DEBIAN9}") -+message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") -+message(STATUS "Example: ${SSG_PRODUCT_EXAMPLE}") -+message(STATUS "Fedora: ${SSG_PRODUCT_FEDORA}") -+message(STATUS "Firefox: ${SSG_PRODUCT_FIREFOX}") -+message(STATUS "JBoss Fuse 6: ${SSG_PRODUCT_FUSE6}") -+message(STATUS "JRE: ${SSG_PRODUCT_JRE}") -+message(STATUS "MacOS 1015: ${SSG_PRODUCT_MACOS1015}") -+message(STATUS "OCP4: ${SSG_PRODUCT_OCP4}") -+message(STATUS "RHCOS4: ${SSG_PRODUCT_RHCOS4}") -+message(STATUS "Oracle Linux 7: ${SSG_PRODUCT_OL7}") -+message(STATUS "Oracle Linux 8: ${SSG_PRODUCT_OL8}") -+message(STATUS "openSUSE: ${SSG_PRODUCT_OPENSUSE}") -+message(STATUS "RHEL 7: ${SSG_PRODUCT_RHEL7}") -+message(STATUS "RHEL 8: ${SSG_PRODUCT_RHEL8}") -+message(STATUS "RHOSP10: ${SSG_PRODUCT_RHOSP10}") -+message(STATUS "RHOSP13: ${SSG_PRODUCT_RHOSP13}") -+message(STATUS "RHV 4: ${SSG_PRODUCT_RHV4}") -+message(STATUS "SUSE 12: ${SSG_PRODUCT_SLE12}") -+message(STATUS "SUSE 15: ${SSG_PRODUCT_SLE15}") -+message(STATUS "Ubuntu 16.04: ${SSG_PRODUCT_UBUNTU1604}") -+message(STATUS "Ubuntu 18.04: ${SSG_PRODUCT_UBUNTU1804}") -+message(STATUS "Ubuntu 20.04: ${SSG_PRODUCT_UBUNTU2004}") -+message(STATUS "McAfee VSEL: ${SSG_PRODUCT_VSEL}") -+message(STATUS "WRLinux 8: ${SSG_PRODUCT_WRLINUX8}") -+message(STATUS "WRLinux 1019: ${SSG_PRODUCT_WRLINUX1019}") -+ -+ -+ -+message(STATUS " ") -+ -+# Remove this option when we would like to run ansible-lint and yamllint against our playbooks by default. -+# Right now these checks are not performed and need to be enabled by adding -DANSIBLE_CHECKS=ON to cmake -+# before running ctest. -+option(ANSIBLE_CHECKS "Set to ON to enable ansible-lint and yamllint checks" OFF) -+enable_testing() -+ -+include(SSGCommon) -+ -+add_subdirectory("tests") -+ -+# Targets 'stats', 'profile-stats' and 'zipfile' need to be added -+# before any product because they will receive dependencies from products added -+if(SSG_TARGET_OVAL_VERSION VERSION_EQUAL "5.11") -+ ssg_build_zipfile_target("scap-security-guide-${SSG_VERSION}") -+else() -+ ssg_build_zipfile_target("scap-security-guide-${SSG_VERSION}-oval-${SSG_TARGET_OVAL_VERSION}") -+endif() -+ -+add_custom_target(stats) -+add_custom_target(profile-stats) -+ -+add_custom_target(html-stats) -+add_custom_target(html-profile-stats) -+ -+if(PY_SPHINX AND PY_SPHINXCONTRIB.AUTOJINJA AND PY_SPHINX_RTD_THEME AND PY_RECOMMONMARK) -+ message(STATUS "Enabling docs directory as system supports Sphinx builds.") -+ add_subdirectory("docs") -+endif() -+ -+ssg_build_bash_remediation_functions() -+ -+ssg_build_man_page() -+ -+if (SSG_PRODUCT_CHROMIUM) -+ add_subdirectory("chromium") -+endif() -+if (SSG_PRODUCT_DEBIAN9) -+ add_subdirectory("debian9") -+endif() -+if (SSG_PRODUCT_DEBIAN10) -+ add_subdirectory("debian10") -+endif() -+if (SSG_PRODUCT_EXAMPLE) -+ add_subdirectory("example") -+endif() -+if (SSG_PRODUCT_FEDORA) -+ add_subdirectory("fedora") -+endif() -+if (SSG_PRODUCT_FIREFOX) -+ add_subdirectory("firefox") -+endif() -+if (SSG_PRODUCT_FUSE6) -+ add_subdirectory("fuse6") -+endif() -+if (SSG_PRODUCT_JRE) -+ add_subdirectory("jre") -+endif() -+if (SSG_PRODUCT_MACOS1015) -+ add_subdirectory("macos1015") -+endif() -+if (SSG_PRODUCT_OCP4) -+ add_subdirectory("ocp4") -+endif() -+if (SSG_PRODUCT_RHCOS4) -+ add_subdirectory("rhcos4") -+endif() -+if (SSG_PRODUCT_OL7) -+ add_subdirectory("ol7") -+endif() -+if (SSG_PRODUCT_OL8) -+ add_subdirectory("ol8") -+endif() -+if (SSG_PRODUCT_OPENSUSE) -+ add_subdirectory("opensuse") -+endif() -+if (SSG_PRODUCT_RHEL7) -+ add_subdirectory("rhel7") -+endif() -+if (SSG_PRODUCT_RHEL8) -+ add_subdirectory("rhel8") -+endif() -+if (SSG_PRODUCT_RHOSP10) -+ add_subdirectory("rhosp10") -+endif() -+if (SSG_PRODUCT_RHOSP13) -+ add_subdirectory("rhosp13") -+endif() -+if (SSG_PRODUCT_RHV4) -+ add_subdirectory("rhv4") -+endif() -+if (SSG_PRODUCT_SLE12) -+ add_subdirectory("sle12") -+endif() -+if (SSG_PRODUCT_SLE15) -+ add_subdirectory("sle15") -+endif() -+if (SSG_PRODUCT_UBUNTU1604) -+ add_subdirectory("ubuntu1604") -+endif() -+if (SSG_PRODUCT_UBUNTU1804) -+ add_subdirectory("ubuntu1804") -+endif() -+if (SSG_PRODUCT_UBUNTU2004) -+ add_subdirectory("ubuntu2004") -+endif() -+if (SSG_PRODUCT_VSEL) -+ add_subdirectory("vsel") -+endif() -+if (SSG_PRODUCT_WRLINUX8) -+ add_subdirectory("wrlinux8") -+endif() -+if (SSG_PRODUCT_WRLINUX1019) -+ add_subdirectory("wrlinux1019") -+endif() -+ -+# ZIP only contains source datastreams and kickstarts, people who -+# want sources to build from should get the tarball instead. -+if(SSG_TARGET_OVAL_VERSION VERSION_EQUAL "5.11") -+ ssg_build_zipfile("scap-security-guide-${SSG_VERSION}") -+ ssg_build_vendor_zipfile("scap-security-guide-${SSG_VERSION}-SCAP-1.3") -+else() -+ ssg_build_zipfile("scap-security-guide-${SSG_VERSION}-oval-${SSG_TARGET_OVAL_VERSION}") -+ ssg_build_vendor_zipfile("scap-security-guide-${SSG_VERSION}-SCAP-1.2") -+endif() -+ -+ssg_define_guide_and_table_tests() -+ -+install(FILES "${CMAKE_SOURCE_DIR}/LICENSE" -+ DESTINATION ${CMAKE_INSTALL_DOCDIR}) -+install(FILES "${CMAKE_SOURCE_DIR}/README.md" -+ DESTINATION ${CMAKE_INSTALL_DOCDIR}) -+install(FILES "${CMAKE_SOURCE_DIR}/Contributors.md" -+ DESTINATION ${CMAKE_INSTALL_DOCDIR}) -+ -+install(FILES "${CMAKE_BINARY_DIR}/scap-security-guide.8" -+ DESTINATION "${CMAKE_INSTALL_MANDIR}/man8") -+ -+# We use CPack to generate the tarball with all sources and -+# packages for testing -+ -+# only CPack should follow -+set(CPACK_CMAKE_GENERATOR "Unix Makefiles") -+set(CPACK_SOURCE_GENERATOR "TBZ2") -+set(CPACK_SOURCE_PACKAGE_FILE_NAME "scap-security-guide-${SSG_VERSION}" CACHE INTERNAL "tarball basename") -+set(CPACK_SOURCE_IGNORE_FILES -+"\\\\.git.*" -+"\\\\.pyc" -+"__pycache__" -+ -+"build/" -+"~$" -+ -+"\\\\CMakeLists.txt.user" -+) -+# Common definitions for RPM and DEB packages -+set(CPACK_PACKAGE_VERSION ${SSG_VERSION}) -+set(CPACK_PACKAGE_DESCRIPTION_SUMMARY "Security guidance and baselines in SCAP formats") -+set(CPACK_PACKAGE_VENDOR "scap-security-guide") -+# The package contact is needed to build the deb package -+set(CPACK_PACKAGE_CONTACT "open-scap-list@redhat.com") -+set(CPACK_PACKAGE_RELOCATABLE FALSE) -+ -+# This adds "${?dist} to Release field in spec file -+set(CPACK_RPM_PACKAGE_RELEASE "1%{?dist}") -+set(CPACK_RPM_EXCLUDE_FROM_AUTO_FILELIST_ADDITION "/usr/share/xml;/usr/share/man;/usr/share/man/man8") -+set(CPACK_RPM_PACKAGE_GROUP "Applications/System") -+set(CPACK_RPM_PACKAGE_LICENSE "BSD-3-Clause") -+set(CPACK_RPM_PACKAGE_URL "https://www.open-scap.org/security-policies/scap-security-guide/") -+set(CPACK_RPM_PACKAGE_ARCHITECTURE "noarch") -+set(CPACK_RPM_PACKAGE_REQUIRES "xml-common, openscap-utils >= 1.0.8") -+set(CPACK_RPM_PACKAGE_PROVIDES "openscap-content") -+set(CPACK_RPM_PACKAGE_DESCRIPTION "The %{name} project provides a guide for configuration of the -+system from the final system's security point of view. The guidance is -+specified in the Security Content Automation Protocol (SCAP) format and -+constitutes a catalog of practical hardening advice, linked to government -+requirements where applicable. The project bridges the gap between generalized -+policy requirements and specific implementation guidelines. The system -+administrator can use the oscap command-line tool from the openscap-utils -+package to verify that the system conforms to provided guidelines. -+The %{name} package also contains HTML formatted documents containing -+hardening guidances that have been generated from XCCDF benchmarks. -+") -+ -+# Change the default file name of the RPMs -+# %{release} includes release number and dist type -+# This only has effect with cmake v3.6 or higher -+set(CPACK_RPM_FILE_NAME "%{name}-%{version}-%{release}.rpm") -+# For older versions of cmake (e.g. v2.8) file name is defined like below -+set(CPACK_PACKAGE_FILE_NAME "scap-security-guide-${SSG_VERSION}") -+ -+set(CPACK_GENERATOR "RPM;DEB") -+include(CPack) -diff --git a/build_product b/build_product -index 9bf76b4..688aa9e 100755 ---- a/build_product -+++ b/build_product -@@ -294,6 +294,7 @@ all_cmake_products=( - VSEL - WRLINUX8 - WRLINUX1019 -+ RL8 - ) - - DEFAULT_OVAL_MAJOR_VERSION=5 -diff --git a/build_product.orig b/build_product.orig -new file mode 100755 -index 0000000..9bf76b4 ---- /dev/null -+++ b/build_product.orig -@@ -0,0 +1,350 @@ -+#!/bin/bash -+ -+# Created by argbash-init v2.8.1 -+# Rearrange the order of options below according to what you would like to see in the help message. -+# ARG_OPTIONAL_SINGLE([oval],[o],[OVAL version],[auto]) -+# ARG_OPTIONAL_SINGLE([builder],[b],[Builder engine],[auto]) -+# ARG_OPTIONAL_SINGLE([jobs],[j],[Count of simultaneous jobs],[auto]) -+# ARG_OPTIONAL_BOOLEAN([debug],[],[Make a debug build with draft profiles],[off]) -+# ARG_OPTIONAL_BOOLEAN([derivatives],[],[Also build derivatives of products if applicable],[off]) -+# ARG_OPTIONAL_BOOLEAN([datastream-only],[],[Build the datastream only. Do not build any of the guides, tables, etc],[off]) -+# ARG_USE_ENV([ADDITIONAL_CMAKE_OPTIONS],[],[Whitespace-separated string of arguments to pass to CMake]) -+# ARG_POSITIONAL_INF([product],[Products to build, ALL means all products],[0],[ALL]) -+# ARG_DEFAULTS_POS([]) -+# ARG_TYPE_GROUP_SET([oval_ver],[VERSION],[oval],[5.10,5.11,auto]) -+# ARG_TYPE_GROUP_SET([builder_type],[BUILDER],[builder],[make,ninja,auto]) -+# ARG_HELP([Wipes out contents of the 'build' directory and builds only and only the given products.]) -+# ARGBASH_GO() -+# needed because of Argbash --> m4_ignore([ -+### START OF CODE GENERATED BY Argbash v2.10.0 one line above ### -+# Argbash is a bash code generator used to get arguments parsing right. -+# Argbash is FREE SOFTWARE, see https://argbash.io for more info -+ -+# Setting environmental variables -+ -+ -+die() -+{ -+ local _ret="${2:-1}" -+ test "${_PRINT_HELP:-no}" = yes && print_help >&2 -+ echo "$1" >&2 -+ exit "${_ret}" -+} -+ -+# validators -+ -+oval_ver() -+{ -+ local _allowed=("5.10" "5.11" "auto") _seeking="$1" -+ for element in "${_allowed[@]}" -+ do -+ test "$element" = "$_seeking" && echo "$element" && return 0 -+ done -+ die "Value '$_seeking' (of argument '$2') doesn't match the list of allowed values: '5.10', '5.11' and 'auto'" 4 -+} -+ -+ -+builder_type() -+{ -+ local _allowed=("make" "ninja" "auto") _seeking="$1" -+ for element in "${_allowed[@]}" -+ do -+ test "$element" = "$_seeking" && echo "$element" && return 0 -+ done -+ die "Value '$_seeking' (of argument '$2') doesn't match the list of allowed values: 'make', 'ninja' and 'auto'" 4 -+} -+ -+ -+begins_with_short_option() -+{ -+ local first_option all_short_options='objh' -+ first_option="${1:0:1}" -+ test "$all_short_options" = "${all_short_options/$first_option/}" && return 1 || return 0 -+} -+ -+# THE DEFAULTS INITIALIZATION - POSITIONALS -+_positionals=() -+_arg_product=("ALL") -+# THE DEFAULTS INITIALIZATION - OPTIONALS -+_arg_oval="auto" -+_arg_builder="auto" -+_arg_jobs="auto" -+_arg_debug="off" -+_arg_derivatives="off" -+_arg_datastream_only="off" -+ -+ -+print_help() -+{ -+ printf '%s\n' "Wipes out contents of the 'build' directory and builds only and only the given products." -+ printf 'Usage: %s [-o|--oval ] [-b|--builder ] [-j|--jobs ] [--(no-)debug] [--(no-)derivatives] [--(no-)datastream-only] [-h|--help] [] ... [] ...\n' "$0" -+ printf '\t%s\n' ": Products to build, ALL means all products (defaults for : 'ALL')" -+ printf '\t%s\n' "-o, --oval: OVAL version. Can be one of: '5.10', '5.11' and 'auto' (default: 'auto')" -+ printf '\t%s\n' "-b, --builder: Builder engine. Can be one of: 'make', 'ninja' and 'auto' (default: 'auto')" -+ printf '\t%s\n' "-j, --jobs: Count of simultaneous jobs (default: 'auto')" -+ printf '\t%s\n' "--debug, --no-debug: Make a debug build with draft profiles (off by default)" -+ printf '\t%s\n' "--derivatives, --no-derivatives: Also build derivatives of products if applicable (off by default)" -+ printf '\t%s\n' "--datastream-only, --no-datastream-only: Build the datastream only. Do not build any of the guides, tables, etc (off by default)" -+ printf '\t%s\n' "-h, --help: Prints help" -+ printf '\nEnvironment variables that are supported:\n' -+ printf '\t%s\n' "ADDITIONAL_CMAKE_OPTIONS: Whitespace-separated string of arguments to pass to CMake." -+ -+} -+ -+ -+parse_commandline() -+{ -+ _positionals_count=0 -+ while test $# -gt 0 -+ do -+ _key="$1" -+ case "$_key" in -+ -o|--oval) -+ test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1 -+ _arg_oval="$(oval_ver "$2" "oval")" || exit 1 -+ shift -+ ;; -+ --oval=*) -+ _arg_oval="$(oval_ver "${_key##--oval=}" "oval")" || exit 1 -+ ;; -+ -o*) -+ _arg_oval="$(oval_ver "${_key##-o}" "oval")" || exit 1 -+ ;; -+ -b|--builder) -+ test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1 -+ _arg_builder="$(builder_type "$2" "builder")" || exit 1 -+ shift -+ ;; -+ --builder=*) -+ _arg_builder="$(builder_type "${_key##--builder=}" "builder")" || exit 1 -+ ;; -+ -b*) -+ _arg_builder="$(builder_type "${_key##-b}" "builder")" || exit 1 -+ ;; -+ -j|--jobs) -+ test $# -lt 2 && die "Missing value for the optional argument '$_key'." 1 -+ _arg_jobs="$2" -+ shift -+ ;; -+ --jobs=*) -+ _arg_jobs="${_key##--jobs=}" -+ ;; -+ -j*) -+ _arg_jobs="${_key##-j}" -+ ;; -+ --no-debug|--debug) -+ _arg_debug="on" -+ test "${1:0:5}" = "--no-" && _arg_debug="off" -+ ;; -+ --no-derivatives|--derivatives) -+ _arg_derivatives="on" -+ test "${1:0:5}" = "--no-" && _arg_derivatives="off" -+ ;; -+ --no-datastream-only|--datastream-only) -+ _arg_datastream_only="on" -+ test "${1:0:5}" = "--no-" && _arg_datastream_only="off" -+ ;; -+ -h|--help) -+ print_help -+ exit 0 -+ ;; -+ -h*) -+ print_help -+ exit 0 -+ ;; -+ *) -+ _last_positional="$1" -+ _positionals+=("$_last_positional") -+ _positionals_count=$((_positionals_count + 1)) -+ ;; -+ esac -+ shift -+ done -+} -+ -+ -+assign_positional_args() -+{ -+ local _positional_name _shift_for=$1 -+ _positional_names="" -+ _our_args=$((${#_positionals[@]} - 0)) -+ for ((ii = 0; ii < _our_args; ii++)) -+ do -+ _positional_names="$_positional_names _arg_product[$((ii + 0))]" -+ done -+ -+ shift "$_shift_for" -+ for _positional_name in ${_positional_names} -+ do -+ test $# -gt 0 || break -+ eval "$_positional_name=\${1}" || die "Error during argument parsing, possibly an Argbash bug." 1 -+ shift -+ done -+} -+ -+parse_commandline "$@" -+assign_positional_args 1 "${_positionals[@]}" -+ -+# OTHER STUFF GENERATED BY Argbash -+# Validation of values -+ -+ -+ -+### END OF CODE GENERATED BY Argbash (sortof) ### ]) -+# [ <-- needed because of Argbash -+ -+ -+to_uppercase() { -+ printf '%s' "$1" | tr '[:lower:]' '[:upper:]' -+} -+ -+to_lowercase() { -+ printf '%s' "$1" | tr '[:upper:]' '[:lower:]' -+} -+ -+opt_product_in() { -+ switch="-DSSG_PRODUCT_$(to_uppercase "$1")=ON" -+ echo "$switch" -+} -+ -+is_product() { -+ local candidate="$1" -+ for cmake_product in "${all_cmake_products[@]}"; do -+ if test "$(to_uppercase "$candidate")" = "$cmake_product"; then -+ return 0 -+ fi -+ done -+ -+ return 1 -+} -+ -+build_with_ninja() { -+ cmake_generator="Ninja" -+ build_command="ninja" -+} -+ -+build_with_make() { -+ cmake_generator="Unix Makefiles" -+ build_command="make" -+} -+ -+autodetect_builder() { -+ if command -v ninja &>/dev/null ; then -+ build_with_ninja -+ else -+ build_with_make -+ fi -+} -+ -+handle_wrong_products() { -+ all_cmake_lowercase=() -+ for p in "${all_cmake_products[@]}"; do -+ all_cmake_lowercase+=("$(to_lowercase "$p")") -+ done -+ possible_products=$'\n'"$(printf ' * %s\n' "${all_cmake_lowercase[@]}")" -+ -+ printf '%s is not a valid product, choose one or more product names from the list: %s\n' "$1" "$possible_products" -+ exit 1 -+} -+ -+set_no_derivatives_options() { -+ test "$_arg_derivatives" = on && return -+ if grep -q 'rhel' <<< "${_arg_product[*]}"; then -+ CMAKE_OPTIONS+=("-DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF") -+ fi -+ if grep -q 'rhel\(6\|7\)' <<< "${_arg_product[*]}"; then -+ CMAKE_OPTIONS+=("-DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF") -+ fi -+} -+ -+set_explict_build_targets() { -+ if test "$_arg_datastream_only" = on ; then -+ for chosen_product in "${_arg_product[@]}"; do -+ EXPLICIT_BUILD_TARGETS+=("generate-ssg-${chosen_product}-ds.xml") -+ done -+ fi -+} -+ -+# Get this using -+# grep 'option(SSG_PRODUCT' CMakeLists.txt | sed -e 's/option(SSG_PRODUCT_\(\w\+\).*/\1/' -+all_cmake_products=( -+ CHROMIUM -+ DEBIAN9 -+ DEBIAN10 -+ EXAMPLE -+ FEDORA -+ FIREFOX -+ FUSE6 -+ JRE -+ OCP4 -+ RHCOS4 -+ OL7 -+ OL8 -+ OPENSUSE -+ RHEL7 -+ RHEL8 -+ RHOSP10 -+ RHOSP13 -+ RHV4 -+ SLE12 -+ SLE15 -+ UBUNTU1604 -+ UBUNTU1804 -+ UBUNTU2004 -+ VSEL -+ WRLINUX8 -+ WRLINUX1019 -+) -+ -+DEFAULT_OVAL_MAJOR_VERSION=5 -+DEFAULT_OVAL_MINOR_VERSION=11 -+ -+build_type_option="-DCMAKE_BUILD_TYPE=Release" -+ -+cores=$(nproc 2>/dev/null) || cores=1 -+ -+ -+if test "$_arg_oval" = auto; then -+ oval_major_version_option="-DSSG_TARGET_OVAL_MAJOR_VERSION:STRING=$DEFAULT_OVAL_MAJOR_VERSION" -+ oval_minor_version_option="-DSSG_TARGET_OVAL_MINOR_VERSION:STRING=$DEFAULT_OVAL_MINOR_VERSION" -+else -+ oval_major_version_option="-DSSG_TARGET_OVAL_MAJOR_VERSION:STRING=$(cut -f 1 -d . <<< "$_arg_oval")" -+ oval_minor_version_option="-DSSG_TARGET_OVAL_MINOR_VERSION:STRING=$(cut -f 1 -d . --complement <<< "$_arg_oval")" -+fi -+ -+test "$_arg_debug" = on && build_type_option="-DCMAKE_BUILD_TYPE=Debug" -+ -+jobs="$_arg_jobs" -+test "$jobs" = auto && jobs=$cores -+ -+if test "$_arg_builder" = make; then -+ build_with_make -+elif test "$_arg_builder" = ninja; then -+ build_with_ninja -+else -+ autodetect_builder -+fi -+ -+test "${_arg_product[0]}" = ALL && _arg_product=("${all_cmake_products[@]}") -+ -+cmake_enable_args=() -+for chosen_product in "${_arg_product[@]}"; do -+ if is_product "$chosen_product"; then -+ cmake_enable_args+=("$(opt_product_in "$chosen_product")") -+ else -+ handle_wrong_products "$chosen_product" -+ fi -+done -+ -+CMAKE_OPTIONS=(${ADDITIONAL_CMAKE_OPTIONS} "${build_type_option}" "${oval_major_version_option}" "${oval_minor_version_option}" '-DSSG_PRODUCT_DEFAULT=OFF' "${cmake_enable_args[@]}" -G "$cmake_generator") -+set_no_derivatives_options -+EXPLICIT_BUILD_TARGETS=() -+set_explict_build_targets -+ -+set -e -+rm -rf build/* -+cd build -+cmake .. "${CMAKE_OPTIONS[@]}" -+$build_command "-j${jobs}" "${EXPLICIT_BUILD_TARGETS[@]}" -+ -+# ] <-- needed because of Argbash -diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml -index 5b819d0..7cc03ca 100644 ---- a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml -+++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Check Avahi Responses'' TTL Field' - -diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml -index f0857b6..2e7fe93 100644 ---- a/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml -+++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Serve Avahi Only via Required Protocol' - -diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml -index 24fad07..4334d0c 100644 ---- a/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml -+++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Prevent Other Programs from Using Avahi''s Port' - -diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml -index 9df0b4a..ed9adaa 100644 ---- a/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml -+++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Restrict Information Published by Avahi' - -diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml -index f3f08de..a9c83c5 100644 ---- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml -+++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Disable Avahi Server Software' - -diff --git a/linux_os/guide/services/base/package_abrt_removed/rule.yml b/linux_os/guide/services/base/package_abrt_removed/rule.yml -index 03f8a5b..82d8b8a 100644 ---- a/linux_os/guide/services/base/package_abrt_removed/rule.yml -+++ b/linux_os/guide/services/base/package_abrt_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall Automatic Bug Reporting Tool (abrt)' - -diff --git a/linux_os/guide/services/base/package_psacct_installed/rule.yml b/linux_os/guide/services/base/package_psacct_installed/rule.yml -index ea782f2..1a03898 100644 ---- a/linux_os/guide/services/base/package_psacct_installed/rule.yml -+++ b/linux_os/guide/services/base/package_psacct_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Install the psacct package' - -diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml -index ce18107..3dcb2f3 100644 ---- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable Automatic Bug Reporting Tool (abrtd)' - -diff --git a/linux_os/guide/services/base/service_acpid_disabled/rule.yml b/linux_os/guide/services/base/service_acpid_disabled/rule.yml -index a621333..c3a5d21 100644 ---- a/linux_os/guide/services/base/service_acpid_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_acpid_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Advanced Configuration and Power Interface (acpid)' - -diff --git a/linux_os/guide/services/base/service_certmonger_disabled/rule.yml b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml -index 42439ee..858c569 100644 ---- a/linux_os/guide/services/base/service_certmonger_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Certmonger Service (certmonger)' - -diff --git a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml -index 29a0739..9fbebca 100644 ---- a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable Cockpit Management Server' - -diff --git a/linux_os/guide/services/base/service_cpupower_disabled/rule.yml b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml -index fe5078d..ae3f102 100644 ---- a/linux_os/guide/services/base/service_cpupower_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable CPU Speed (cpupower)' - -diff --git a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda -index 1f6a233..2d3ab94 100644 ---- a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda -+++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol - - kdump --disable -diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml -index 8676710..027fc80 100644 ---- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Disable KDump Kernel Crash Analyzer (kdump)' - -diff --git a/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml -index a14cb97..cfb0caf 100644 ---- a/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Software RAID Monitor (mdmonitor)' - -diff --git a/linux_os/guide/services/base/service_netconsole_disabled/rule.yml b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml -index 2e32fcf..036e497 100644 ---- a/linux_os/guide/services/base/service_netconsole_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Network Console (netconsole)' - -diff --git a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml -index 02fd4cc..3f3b300 100644 ---- a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable ntpdate Service (ntpdate)' - -diff --git a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml -index da8c586..b13b2d4 100644 ---- a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable Odd Job Daemon (oddjobd)' - -diff --git a/linux_os/guide/services/base/service_portreserve_disabled/rule.yml b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml -index 0ae4f00..71f61d1 100644 ---- a/linux_os/guide/services/base/service_portreserve_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Portreserve (portreserve)' - -diff --git a/linux_os/guide/services/base/service_psacct_enabled/rule.yml b/linux_os/guide/services/base/service_psacct_enabled/rule.yml -index 0c582bd..a7e273e 100644 ---- a/linux_os/guide/services/base/service_psacct_enabled/rule.yml -+++ b/linux_os/guide/services/base/service_psacct_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable Process Accounting (psacct)' - -diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml -index 687a819..eff3275 100644 ---- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Apache Qpid (qpidd)' - -diff --git a/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml -index cbd83ab..be5de80 100644 ---- a/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Quota Netlink (quota_nld)' - -diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml -index bcfa10d..e07bb12 100644 ---- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable Network Router Discovery Daemon (rdisc)' - -diff --git a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml -index a5c7893..f252f69 100644 ---- a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Red Hat Network Service (rhnsd)' - -diff --git a/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml -index 3acc9a0..ac620f7 100644 ---- a/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Red Hat Subscription Manager Daemon (rhsmcertd)' - -diff --git a/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml -index a8c48a1..21a4d32 100644 ---- a/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Cyrus SASL Authentication Daemon (saslauthd)' - -diff --git a/linux_os/guide/services/base/service_sysstat_disabled/rule.yml b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml -index 9b396b0..07d146e 100644 ---- a/linux_os/guide/services/base/service_sysstat_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable System Statistics Reset Service (sysstat)' - -diff --git a/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml -index d1a26ac..619a5c2 100644 ---- a/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml -+++ b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable anacron Service' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml -index d7a896f..7eb65be 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Group Who Owns cron.d' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml -index a3ca2c2..ec8ffdc 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Group Who Owns cron.daily' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml -index 83811a3..44f92d5 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Group Who Owns cron.hourly' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml -index addec77..3f6ff41 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Group Who Owns cron.monthly' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml -index 62a78df..d28c50b 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Group Who Owns cron.weekly' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml -index 74c1059..69bacdc 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Group Who Owns Crontab' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml -index 1f3f68d..573091d 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Owner on cron.d' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml -index eec5ce2..d9965ff 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Owner on cron.daily' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml -index 83bd10c..116a22e 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Owner on cron.hourly' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml -index d9d6b20..1ca57c6 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Owner on cron.monthly' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml -index 5242eeb..4a35453 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Owner on cron.weekly' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml -index 6b21ec4..8eeebac 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Owner on crontab' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml -index ea2167e..53e4242 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Permissions on cron.d' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml -index 7592cf9..73334ff 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Permissions on cron.daily' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml -index fd7d6ce..a63e250 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Permissions on cron.hourly' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml -index bde17ff..1a0599f 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Permissions on cron.monthly' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml -index 94fc950..2128578 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Permissions on cron.weekly' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml -index aa013fa..a2617d9 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify Permissions on crontab' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml -index b1014ca..3a83bb4 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Verify Group Who Owns /etc/cron.allow file' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml -index 56afe26..68d3086 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Verify User Who Owns /etc/cron.allow file' - -diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml -index b1d800f..9a87038 100644 ---- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml -+++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable At Service (atd)' - -diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml -index 37b6f9a..69352d6 100644 ---- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml -+++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Enable cron Service' - -diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml -index a4b2199..34faf85 100644 ---- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml -+++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure Logging' - -diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml -index 60d78d2..5d33355 100644 ---- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml -+++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Deny BOOTP Queries' - -diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml -index ff1bb2a..18376a7 100644 ---- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml -+++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Deny Decline Messages' - -diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml -index 5bdfc85..0b4a980 100644 ---- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml -+++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Do Not Use Dynamic DNS' - -diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml -index 64fea96..58d640f 100644 ---- a/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml -+++ b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable DHCP Client in ifcfg' - -diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml -index 42273fd..02ab922 100644 ---- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml -+++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Uninstall DHCP Server Package' - -diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml -index 007dc17..75b19df 100644 ---- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml -+++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable DHCP Service' - -diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml -index 48a2526..1835348 100644 ---- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml -+++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Uninstall bind Package' - -diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml -index d371769..596260f 100644 ---- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml -+++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable named Service' - -diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml -index b87046b..8ed3eda 100644 ---- a/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml -+++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Authenticate Zone Transfers' - -diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml -index 175cc98..130c6ef 100644 ---- a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml -+++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Dynamic Updates' - -diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml -index 05aa234..2a0eb9c 100644 ---- a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml -+++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Zone Transfers from the Nameserver' - -diff --git a/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml b/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml -index 443372d..18056bb 100644 ---- a/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml -+++ b/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ensure SELinux support is enabled in Docker' - -diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml -index 5869cac..c158b09 100644 ---- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml -+++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Install fapolicyd Package' - -diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml -index 44b97a8..619978e 100644 ---- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml -+++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol8,rhel8 -+prodtype: rhcos4,ol8,rhel8,rl8 - - title: 'Enable the File Access Policy Service' - -diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml -index dc7d79a..b710b25 100644 ---- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml -+++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Uninstall vsftpd Package' - -diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml -index 170f7c1..2913e4a 100644 ---- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml -+++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable vsftpd Service' - -diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml -index f94beaf..9ac58d0 100644 ---- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml -+++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable FTP Uploads if Possible' - -diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml -index 6281864..1dcc799 100644 ---- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml -+++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Place the FTP Home Directory on its Own Partition' - -diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml -index 3f9a0e0..ccabdcc 100644 ---- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml -+++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Enable Logging of All FTP Transactions' - -diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml -index 3590a08..3fa3a9e 100644 ---- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml -+++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,sle12 -+prodtype: fedora,rhel7,rhel8,rl8,sle12 - - title: 'Create Warning Banners for All FTP Users' - -diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml -index 855536a..3669086 100644 ---- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml -+++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Restrict Access to Anonymous Users if Possible' - -diff --git a/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml -index 7dd2833..cf9bc5b 100644 ---- a/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml -+++ b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Install vsftpd Package' - -diff --git a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml -index d04d858..ced065e 100644 ---- a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml -+++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Uninstall httpd Package' - -diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml -index a932449..856db5f 100644 ---- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml -+++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable httpd Service' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml -index bb71b36..cc86be4 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure Error Log Format' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml -index 3a9b317..25cfd13 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure The Number of Allowed Simultaneous Requests' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml -index 136cd7c..29dfec0 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Scan All Uploaded Content for Malicious Software' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml -index 2d0a5c5..3a9e53c 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure firewall to Allow Access to the Web Server' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml -index 1d308d4..8ed97a3 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ensure Remote Administrative Access Is Encrypted' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml -index 2cbde0f..c206b77 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Set Permissions on the /etc/httpd/conf/ Directory' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml -index 37e4243..1da194e 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Set Permissions on the /var/log/httpd/ Directory' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml -index 45af243..7347f48 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml -index 4af2599..9f952e4 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf/' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml -index 26651d5..6e78892 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml -index e09f15a..c673c0d 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'HTTPD Log Files Must Be Owned By Root' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml -index e04cdfd..9a1b7ea 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure HTTP PERL Scripts To Use TAINT Option' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml -index 130a822..47c098b 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Web Content Directories Must Not Be Shared Anonymously' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml -index 28cab36..1563b4b 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Remove Write Permissions From Filesystem Paths And Server Scripts' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml -index 81f39f7..3010ec6 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Anonymous FTP Access' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml -index cb6e4ef..7dae46a 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ignore HTTPD .htaccess Files' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml -index fb02b8d..e8af86a 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Limit Available Methods' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml -index 2194e26..8a7c4a6 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Restrict Other Critical Directories' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml -index a02162a..2d0c3a1 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Restrict Root Directory' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml -index cb5e523..138e197 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Restrict Web Directory' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml -index ea7ab8b..16f5ac7 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'MIME types for csh or sh shell programs must be disabled' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml -index f324b60..c2429d8 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable HTTPD Error Logging' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml -index e8bb96b..7f88d7c 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable HTTPD LogLevel' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml -index 33b9a33..f5ff683 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable HTTPD System Logging' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml -index fcf1c50..0bab628 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'The web server password(s) must be entrusted to the SA or Web Manager' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml -index 97b49e0..e351c1e 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Cache Support' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml -index 20ec65b..3619f18 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable CGI Support' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml -index 5bef090..333441d 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable HTTP Digest Authentication' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml -index 250f3ba..cf1fd40 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable log_config_module For HTTPD Logging' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml -index 6afbb50..2ee9e49 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable LDAP Support' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml -index a49a797..d567be9 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable MIME Magic' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml -index e72cd1b..a1804f1 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable HTTP mod_rewrite' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml -index 49ddb85..670fb9a 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Proxy Support' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml -index 59b00d0..5c3e76e 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Server Activity Status' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml -index 3b7a1c7..99f7add 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Web Server Configuration Display' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml -index 119cfb6..99d3935 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Server Side Includes' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml -index b11038c..f67a84b 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable URL Correction on Misspelled Entries' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml -index 0dbde81..d77e9ac 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable WebDAV (Distributed Authoring and Versioning)' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml -index 8389ba2..00a56d8 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Install mod_security' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml -index 4fcb674..e6777dc 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable Transport Layer Security (TLS) Encryption' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml -index 2fbe3e2..6b229e0 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure A Valid Server Certificate' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml -index f845c3e..00a3a09 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Install mod_ssl' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml -index 0842925..2a46b4c 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Require Client Certificates' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml -index 65c10b7..851ef34 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ extension' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml -index c0a8e19..c626043 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Installation of a compiler on production web server is prohibited' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml -index 177fc6b..db21d22 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'A private web server must be located on a separate controlled access subnet' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml -index 7b93fe2..3788662 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Public web server resources must not be shared with private assets' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml -index c26a075..a47dd7d 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Backup interactive scripts on the production web server are prohibited' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml -index 4719ef7..ab5d684 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Set httpd ServerSignature Directive to Off' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml -index 2b03cd5..39e9dea 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Set httpd ServerTokens Directive to Prod' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml -index f885d2c..4e8c50c 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure A Banner Page For Each Website' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml -index b3a76b8..da92b4f 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Each Web Content Directory Must Contain An index.html File' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml -index ea3b87e..58d334c 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Web Content Symbolic Links' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml -index f84d6d5..161c0f7 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Encrypt All File Uploads' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml -index 4e51937..c7b29bf 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Remove .java And .jpp Files' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml -index cc7c33d..c868494 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'The robots.txt Files Must Not Exist' - -diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml -index 6d7e27f..4018f88 100644 ---- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml -+++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ensure Web Content Located on Separate partition' - -diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml -index d03ccdc..69898c9 100644 ---- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml -+++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure Dovecot to Use the SSL Certificate file' - -diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml -index 34c4865..a66f7e1 100644 ---- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml -+++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure Dovecot to Use the SSL Key file' - -diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml -index cd829dd..1799286 100644 ---- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml -+++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Plaintext Authentication' - -diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml -index d88e112..8b86b8e 100644 ---- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml -+++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the SSL flag in /etc/dovecot.conf' - -diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml -index 597cb2c..b66c1d3 100644 ---- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml -+++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Uninstall dovecot Package' - -diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml -index d4436fe..a66be7f 100644 ---- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml -+++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable Dovecot Service' - -diff --git a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml -index 30a9fca..aa41126 100644 ---- a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml -+++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Remove the Kerberos Server Package' - -diff --git a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml -index 4aedda8..8379cb6 100644 ---- a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml -+++ b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,rhel7,rhel8 -+prodtype: rhcos4,rhel7,rhel8,rl8 - - title: 'Uninstall 389-ds-base Package' - -diff --git a/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml -index 75d7b2a..1d5b0f7 100644 ---- a/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml -+++ b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the LDAP Client For Use in Authconfig' - -diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh -index fbaef33..b56c7d4 100644 ---- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh -+++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml -index 1060d07..bee5186 100644 ---- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml -+++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Configure LDAP Client to Use TLS For All Transactions' - -diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml -index 52da6cc..772811f 100644 ---- a/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml -+++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure Certificate Directives for LDAP Use of TLS' - -diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml -index eb97565..c272112 100644 ---- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml -+++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Ensure LDAP client is not installed' - -diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml -index ce08c70..f52827b 100644 ---- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml -+++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Uninstall openldap-servers Package' - -diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml -index ed29daa..91ca9f3 100644 ---- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml -+++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Uninstall Sendmail Package' - -diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml -index e1c9d00..66a95d4 100644 ---- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml -+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh -index 2ef07dd..049b40f 100644 ---- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh -+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml -index b3a9ce8..836bfed 100644 ---- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml -+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable Postfix Network Listening' - -diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml -index 3b75cba..fce160b 100644 ---- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml -+++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure SMTP Greeting Banner' - -diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml -index 0a3d818..0081e19 100644 ---- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml -+++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 - - title: 'Prevent Unrestricted Mail Relaying' - -diff --git a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml -index 6f47a9c..c305b31 100644 ---- a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml -+++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Enable Postfix Service' - -diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml -index 2524bf7..27c3580 100644 ---- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable Network File System Lock Service (nfslock)' - -diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml -index 841bcaa..4c58c88 100644 ---- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable rpcbind Service' - -diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml -index 965d781..62866aa 100644 ---- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable Secure RPC Client Service (rpcgssd)' - -diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml -index 9dded93..2453795 100644 ---- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable RPC ID Mapping Service (rpcidmapd)' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml -index 322d592..cc92cf5 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure lockd to use static TCP port' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml -index ca67db9..2bc126a 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure lockd to use static UDP port' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml -index 7d8839f..584152a 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure mountd to use static port' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml -index adcc2e1..ae3b196 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure statd to use static port' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml -index 73a0d70..49236e8 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Specify UID and GID for Anonymous NFS Connections' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml -index aafb650..f6bba67 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,sle15 -+prodtype: fedora,rhel7,rhel8,rl8,sle15 - - title: 'Disable Network File System (nfs)' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml -index 8699bc1..48d130f 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable Secure RPC Server Service (rpcsvcgssd)' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml -index c8d0865..4738a26 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 - - title: 'Mount Remote Filesystems with Kerberos Security' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml -index 66f4558..b203484 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Mount Remote Filesystems with nodev' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml -index 4a50d79..e00b328 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Mount Remote Filesystems with noexec' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml -index 695e1a1..fe65528 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Mount Remote Filesystems with nosuid' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml -index daaf44a..f7b48ad 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Ensure Insecure File Locking is Not Allowed' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml -index 232bf40..c4bcb3c 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Restrict NFS Clients to Privileged Ports' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml -index 7b70a65..2481054 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Use Kerberos Security on All Exports' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml -index c5983cb..56ee0a2 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Use Root-Squashing on All Exports' - -diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml -index ed7373a..d730999 100644 ---- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall nfs-utils Package' - -diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh -index f6c14e4..cbf8822 100644 ---- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh -+++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Include source function library - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml -index bf52404..fdcd800 100644 ---- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml -index 83d1ba0..5abab0e 100644 ---- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml -+++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Disable chrony daemon from acting as server' - -diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh -index 13f20d6..7ee9ac0 100644 ---- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh -+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Include source function library - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml -index 6bb5e59..7dbe46a 100644 ---- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml -index d6d776a..2c4a7ef 100644 ---- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml -+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Disable network management of chrony daemon' - -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh -index b23deff..50403a3 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux,multi_platform_ol - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_time_service_set_maxpoll") }}} - -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml -index 8d12b74..833d557 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Configure Time Service Maxpoll Interval' - -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml -index d64f030..68ceb76 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Specify Additional Remote NTP Servers' - -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml -index ff485ae..9be292b 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Specify a Remote NTP Server' - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml -index ef98678..1c908b1 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,fedora,sle15 -+prodtype: rhel7,rhel8,rl8,fedora,sle15 - - title: 'Ensure that chronyd is running under chrony user account' - -diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml -index 056e3c6..15fb835 100644 ---- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml -+++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Enable the NTP Daemon' - -diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml -index debbca8..4ad5d55 100644 ---- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Uninstall xinetd Package' - -diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml -index b89c109..368d2e7 100644 ---- a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Disable xinetd Service' - -diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml -index c58db2c..3e13c71 100644 ---- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Remove NIS Client' - -diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml -index c5733c0..5ed69dc 100644 ---- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Uninstall ypserv Package' - -diff --git a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml -index c4b50ed..5563a08 100644 ---- a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable ypbind Service' - -diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh -index 26b3c51..f60e9aa 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh -+++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol - - # Identify local mounts - MOUNT_LIST=$(df --local | awk '{ print $6 }') -diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml -index 4944530..2f5c905 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml -+++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Remove Host-Based Authentication Files' - -diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml -index 7354a69..d8710b4 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml -+++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh -index d4cc7ef..9f79929 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh -+++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - find /home -maxdepth 2 -type f -name .rhosts -exec rm -f '{}' \; - - if [ -f /etc/hosts.equiv ]; then -diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh -index 6e90238..5cc54d4 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh -+++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol - - # Identify local mounts - MOUNT_LIST=$(df --local | awk '{ print $6 }') -diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml -index efb6386..01b9a85 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml -+++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Remove User Host-Based Authentication Files' - -diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml -index 23d30cb..7d719d9 100644 ---- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Uninstall rsh-server Package' - -diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml -index 5337d25..d1e9408 100644 ---- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Uninstall rsh Package' - -diff --git a/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml -index 862b6e5..cee95ff 100644 ---- a/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable rexec Service' - -diff --git a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml -index ef638e5..9e0147e 100644 ---- a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable rlogin Service' - -diff --git a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml -index e061a10..5efa137 100644 ---- a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable rsh Service' - -diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml -index 7cac07d..b2cb878 100644 ---- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,rhcos4,sle15 -+prodtype: rhel7,ol7,rhel8,rl8,ol8,fedora,rhv4,rhcos4,sle15 - - title: 'Ensure rsyncd service is diabled' - -diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml -index fb1760a..78861aa 100644 ---- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Uninstall talk-server Package' - -diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml -index 520bf79..c8f36df 100644 ---- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Uninstall talk Package' - -diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml -index f42bcba..eae64e6 100644 ---- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Uninstall telnet-server Package' - -diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml -index a541ab5..3907eb7 100644 ---- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Remove telnet Clients' - -diff --git a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml -index 38269b9..8ca47c1 100644 ---- a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable telnet Service' - -diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml -index 2d0258d..192abbf 100644 ---- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Uninstall tftp-server Package' - -diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml -index f7a8ba3..51cf897 100644 ---- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml -+++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Remove tftp Daemon' - -diff --git a/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml -index 7cd0d99..7980a9a 100644 ---- a/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable tftp Service' - -diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml -index 24cefbb..46b862b 100644 ---- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml -+++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure tftp Daemon Uses Secure Mode' - -diff --git a/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml -index c28ba33..eb21a19 100644 ---- a/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml -+++ b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Printer Browsing Entirely if Possible' - -diff --git a/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml -index 997c4b6..20304cd 100644 ---- a/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml -+++ b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Print Server Capabilities' - -diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml -index 1f73158..2e9c7b1 100644 ---- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml -+++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable the CUPS Service' - -diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml -index 563cad4..63d2e2c 100644 ---- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml -+++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall squid Package' - -diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml -index 04d0a12..4267f92 100644 ---- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml -+++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Disable Squid' - -diff --git a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml -index ebaea4a..88d42fe 100644 ---- a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml -+++ b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Remove the FreeRadius Server Package' - -diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml -index feebdff..34d61a2 100644 ---- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml -+++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Enable the Hardware RNG Entropy Gatherer Service' - -diff --git a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml -index 13bb730..d489dac 100644 ---- a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml -+++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall quagga Package' - -diff --git a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml -index ef4a10d..335a165 100644 ---- a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml -+++ b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable Quagga Service' - -diff --git a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml -index 9c2b065..d5fe864 100644 ---- a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml -+++ b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Require Client SMB Packet Signing, if using mount.cifs' - -diff --git a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml -index c83513b..2a4ef02 100644 ---- a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml -+++ b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,rhel7,rhel8,rhv4,sle15 -+prodtype: rhcos4,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Install the Samba Common Package' - -diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml -index a660686..05271cb 100644 ---- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml -+++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh -index 9e1f01f..44ad431 100644 ---- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh -+++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - ###################################################################### - #By Luke "Brisk-OH" Brisk - #luke.brisk@boeing.com or luke.brisk@gmail.com -diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml -index 103130b..ac40154 100644 ---- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml -+++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Require Client SMB Packet Signing, if using smbclient' - -diff --git a/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml -index 0cf80fb..db0d892 100644 ---- a/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml -+++ b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Root Access to SMB Shares' - -diff --git a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml -index dcf2366..a90dff7 100644 ---- a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml -+++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Uninstall Samba Package' - -diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml -index e5c7587..a0bdd2a 100644 ---- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml -+++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,sle15 -+prodtype: rhel7,rhel8,rl8,sle15 - - title: 'Disable Samba' - -diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml -index 9fefec4..0b3bbbc 100644 ---- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml -+++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Uninstall net-snmp Package' - -diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml -index 25483ab..db0d303 100644 ---- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml -+++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: debian10,debian9,rhel7,rhel8,sle15 -+prodtype: debian10,debian9,rhel7,rhel8,rl8,sle15 - - title: 'Disable snmpd Service' - -diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml -index 6e3dd2c..d7123b2 100644 ---- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml -+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Ensure SNMP Read Write is disabled' - -diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml -index 1a5c929..1b34ba3 100644 ---- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml -+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: debian10,debian9,fedora,ol7,ol8,rhel7,rhel8,wrlinux1019 -+prodtype: debian10,debian9,fedora,ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 - - title: 'Ensure Default SNMP Password Is Not Used' - -diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml -index 776652a..c4b907a 100644 ---- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml -+++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure SNMP Service to Use Only SNMPv3 or Newer' - -diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml -index 2b443f0..21ffea2 100644 ---- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml -+++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15,rhcos4 - - title: 'Verify Group Who Owns SSH Server config file' - -diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml -index 58eee9f..569e515 100644 ---- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml -+++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15,rhcos4 - - title: 'Verify Owner on SSH Server config file' - -diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml -index 3abdc39..e4a8173 100644 ---- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml -+++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 -+prodtype: rhel7,rhel8,rl8,rhv4,sle15,rhcos4 - - title: 'Verify Permissions on SSH Server config file' - -diff --git a/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml -index d49b5e5..f60336b 100644 ---- a/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml -+++ b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Remove SSH Server firewalld Firewall exception (Unusual)' - -diff --git a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml -index 2317d0d..1c20884 100644 ---- a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml -+++ b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8 -+prodtype: ol8,rhel8,rl8 - - title: 'Install OpenSSH client software' - -diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml -index 84882d5..3246eba 100644 ---- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml -+++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 -+prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 - - title: 'Install the OpenSSH Server Package' - -diff --git a/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml -index f866b98..b011a23 100644 ---- a/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml -+++ b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 -+prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 - - title: 'Remove the OpenSSH Server Package' - -diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml -index 81d6348..590baf7 100644 ---- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml -+++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Enable the OpenSSH Service' - -diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/oval/shared.xml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/oval/shared.xml -index fe6d3a5..7a9566a 100644 ---- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/oval/shared.xml -+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/oval/shared.xml -@@ -33,4 +33,4 @@ - 32 - - -- -\ No newline at end of file -+ -diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml -index a2b9bfa..eda985a 100644 ---- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml -+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8 -+prodtype: rhel8,rl8 - - title: 'SSH client uses strong entropy to seed (for CSH like shells)' - -diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/tests/file_missing.fail.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/tests/file_missing.fail.sh -index c2fead5..68b6ceb 100644 ---- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/tests/file_missing.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/tests/file_missing.fail.sh -@@ -1,3 +1,3 @@ - #!/bin/bash - --rm -f /etc/profile.d/cc-ssh-strong-rng.csh -\ No newline at end of file -+rm -f /etc/profile.d/cc-ssh-strong-rng.csh -diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/oval/shared.xml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/oval/shared.xml -index 23bda9b..b573dc8 100644 ---- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/oval/shared.xml -+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/oval/shared.xml -@@ -33,4 +33,4 @@ - 32 - - -- -\ No newline at end of file -+ -diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml -index 3de4df0..939e4e0 100644 ---- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml -+++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8 -+prodtype: rhel8,rl8 - - title: 'SSH client uses strong entropy to seed (Bash-like shells)' - -diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml -index ad3a41f..682ae00 100644 ---- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml -index 6e38d59..280f4fc 100644 ---- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml -+++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Enable SSH Server firewalld Firewall Exception' - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml -index 39102e5..884c41c 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh -index 590e96d..a6626fe 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml -index f8d422c..8894e52 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh -index 408c97d..4254652 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml -index 228a116..c9a4983 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh -index 319ec5c..9a444e6 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml -index 5b54ab8..a88248f 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml -index 16e3130..0a546b4 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh -index 2451c16..31965d8 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml -index 42cb32e..3110e14 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019,wrlinux8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019,wrlinux8 - - title: 'Use Only FIPS 140-2 Validated Ciphers' - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml -index 13997f9..517df1d 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,sle12,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,sle12,wrlinux1019 - - title: 'Use Only FIPS 140-2 Validated MACs' - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh -index 798c404..8c68e1d 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - - sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config - echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh -index 19faca7..2b472ec 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - - sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh -index 7733024..8ab842a 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - - sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config - echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh -index 8d33596..8e7527c 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - - sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml -index 8599987..befd3aa 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml -@@ -2,7 +2,7 @@ documentation_complete: true - - # TODO: The plan is not to need this for RHEL>=8.4 - # TODO: Compliant setting is SSH_USE_STRONG_RNG set to 32 or more --prodtype: rhel8 -+prodtype: rhel8,rl8 - - title: 'SSH server uses strong entropy to seed' - -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh -index f4f8c22..713242d 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - - echo 'SSH_USE_STRONG_RNG=1' > /etc/sysconfig/sshd -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh -index 70f53ac..ea50646 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - - echo 'SSH_USE_STRONG_RNG=32' > /etc/sysconfig/sshd -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh -index 1e5f0b2..d04ac42 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - - rm -f /etc/sysconfig/sshd -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh -index a10d24a..eaf56a6 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - - echo 'SSH_USE_STRONG_RNG="32"' > /etc/sysconfig/sshd -diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml -index 664db5e..a0dd894 100644 ---- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml -+++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Prevent remote hosts from connecting to the proxy display' - -diff --git a/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml -index ec0cf86..b9b399a 100644 ---- a/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml -+++ b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install sssd-ipa Package' - -diff --git a/linux_os/guide/services/sssd/package_sssd_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml -index 137177c..d9a5c18 100644 ---- a/linux_os/guide/services/sssd/package_sssd_installed/rule.yml -+++ b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Install the SSSD Package' - -diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml -index 0ee77aa..9f89664 100644 ---- a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml -+++ b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Enable the SSSD Service' - -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml -index a056742..2832463 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 - - title: 'Configure SSSD LDAP Backend Client CA Certificate' - -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml -index 202fc7f..0a9dc75 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh -index 614f597..64f046c 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml -index 570aa1b..6aafc63 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 - - title: 'Configure SSSD LDAP Backend Client CA Certificate Location' - -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml -index 891b3e2..1a6f33d 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh -index 62c2feb..a4558f6 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml -index 731b7c0..4d3d46e 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 - - title: 'Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server' - -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml -index b38bc41..8ea10a4 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh -index 805f7ad..5dd9510 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml -index 452de1d..0a3c66d 100644 ---- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml -+++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 - - title: 'Configure SSSD LDAP Backend to Use TLS For All Transactions' - -diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh -index 3c02911..4e17952 100644 ---- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_ol - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml -index 426635c..a340854 100644 ---- a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml -+++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Configure PAM in SSSD Services' - -diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml -index bcf9d58..9086f86 100644 ---- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml -+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4 - - title: 'Enable Smartcards in SSSD' - -diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml -index dd89d1f..c8b3f5b 100644 ---- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh -index 8bc689d..bb4175e 100644 ---- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml -index 457a25b..6c62cbd 100644 ---- a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml -+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Configure SSSD''s Memory Cache to Expire' - -diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml -index 585d511..c49264d 100644 ---- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh -index dbc68b0..c8281b3 100644 ---- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml -index 09ee518..f20d9e9 100644 ---- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml -+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4 - - title: 'Configure SSSD to Expire Offline Credentials' - -diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh -index e46d5ae..64be6e0 100644 ---- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - found=false - for f in $( ls /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf 2> /dev/null ) ; do -diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml -index 30599cf..3a7bde9 100644 ---- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml -+++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Configure SSSD to run as user sssd' - -diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml -index 5bbe0ec..538412e 100644 ---- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml -+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh -index e957d1c..eff0b80 100644 ---- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh -+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml -index 83b30c9..a8d0754 100644 ---- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml -+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhv4 -+prodtype: fedora,rhel7,rhel8,rl8,rhv4 - - title: 'Configure SSSD to Expire SSH Known Hosts' - -diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml -index b2fc36b..e25a283 100644 ---- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml -+++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Log USBGuard daemon audit events using Linux Audit' - -diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml -index f23176d..96f0fc1 100644 ---- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml -+++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install usbguard Package' - -diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml -index 918a299..4bf233f 100644 ---- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml -+++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Enable the USBGuard Service' - -diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml -index 2567ba5..4d9514b 100644 ---- a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml -+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Authorize Human Interface Devices in USBGuard daemon' - -diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml -index fdc6c19..1e0b9f8 100644 ---- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml -+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Authorize Human Interface Devices and USB hubs in USBGuard daemon' - -diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml -index 17a8a8d..7a998b3 100644 ---- a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml -+++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Authorize USB hubs in USBGuard daemon' - -diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml -index 789b846..e0be2dc 100644 ---- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml -+++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Remove the X Windows Package Group' - -diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml -index a1d60c3..7faf765 100644 ---- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml -+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle12,sle15,rhv4 - - title: 'Disable X Windows Startup By Setting Default Target' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml -index ff6b6ea..f3196ec 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh -index f6d5f16..2881d4a 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("login_banner_text") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml -index 5e00846..cfa9536 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Modify the System Login Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml -index e82619d..a0c6800 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh -index 4a3844a..7a18648 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("login_banner_text") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml -index 255c438..66e4468 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Modify the System Message of the Day Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml -index 00fc602..01a1cef 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Verify Group Ownership of System Login Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml -index a073bcb..365c458 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Verify Group Ownership of Message of the Day Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml -index 79ec35d..14f2b4f 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Verify ownership of System Login Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml -index 8d81ea7..edf2e29 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Verify ownership of Message of the Day Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml -index e425f8f..35c58f8 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Verify permissions on System Login Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml -index d6141d2..729f037 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Verify permissions on Message of the Day Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml -index 4a0da07..60fdad5 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml -index 47c4eda..5a00ed9 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Enable GNOME3 Login Warning Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml -index 7862ac2..8ca8d52 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml -index 135f15e..34605d6 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Set the GNOME3 Login Warning Banner Text' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh -index 1190adf..1172a44 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - - if grep -q "^session.*pam_lastlog.so" /etc/pam.d/postlogin; then - sed -i --follow-symlinks "/pam_lastlog.so/d" /etc/pam.d/postlogin -diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml -index 59a251e..90b07a5 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml -@@ -9,4 +9,4 @@ - path="/etc/pam.d/login", - regex="^\s*session\s+required\s+pam_namespace.so\s*$", - new_line="session required pam_namespace.so" --) }}} -\ No newline at end of file -+) }}} -diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh -index 8942cb0..5404900 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh -@@ -1,4 +1,4 @@ - # platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 - if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then - echo "session required pam_namespace.so" >> "/etc/pam.d/login" --fi -\ No newline at end of file -+fi -diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml -index 8e713fe..5bb6b50 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Set Up a Private Namespace in PAM Configuration - -diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/tests/correct.pass.sh -index ff3358f..419826d 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/tests/correct.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/tests/correct.pass.sh -@@ -2,4 +2,4 @@ - - if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then - echo "session required pam_namespace.so" >> "/etc/pam.d/login" --fi -\ No newline at end of file -+fi -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml -index 905acc3..3cf03b7 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh -index e0dabe6..305eea7 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_password_pam_unix_remember") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml -index 7824755..2a52c0d 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Limit Password Reuse' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml -index 0622ae7..f23fb30 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh -index 3157d34..aaac745 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml -index 85a0ba1..b2f97a6 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Set Deny For Failed Password Attempts' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml -index d81d8d8..4d744b9 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh -index d43c33d..9ecdb58 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - AUTH_FILES[0]="/etc/pam.d/system-auth" - AUTH_FILES[1]="/etc/pam.d/password-auth" -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml -index fb7a2d3..586a82d 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Configure the root Account for Failed Password Attempts' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml -index 17c9932..a7a6498 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel8 -+prodtype: fedora,rhel8,rl8 - - title: 'Enforce pam_faillock for Local Accounts Only' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml -index 96adcef..1f33698 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh -index 8731028..a69aca1 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # include our remediation functions library - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml -index 6bc0f02..6da6e53 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,rhv4 - - title: 'Set Interval For Counting Failed Password Attempts' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml -index db44ce4..8a61d9e 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh -index 7e36721..7ccf0c3 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml -index ead8f69..20f71a3 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Set Lockout Time for Failed Password Attempts' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml -index 11040cf..6486d81 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml -index d659f48..681d757 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Different Characters' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml -index ffbb014..12c38b1 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel8 -+prodtype: fedora,rhel8,rl8 - - title: 'Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml -index a3f0288..06674bf 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel8 -+prodtype: fedora,rhel8,rl8 - - title: 'Ensure PAM Enforces Password Requirements - Enforce for root User' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml -index 0863543..27aef10 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml -index 5bac335..7bae57f 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml -index 42d5584..23a7e50 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Set Password Maximum Consecutive Repeating Characters' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml -index 3e71d90..143786a 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml -index a79a03f..7ca8593 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Length' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml -index dd05085..f673cfe 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml -index af3010b..437f961 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml -index 90f74b2..ede2a9c 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml -index 5a656a4..c0a0675 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml -index f0b884d..3884a78 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh -index f929a6e..e44e8e4 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - LIBUSER_CONF="/etc/libuser.conf" - CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*' -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml -index 57c63cb..c5c67da 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Set Password Hashing Algorithm in /etc/libuser.conf' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml -index 8dedf99..6b353d8 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh -index 377570a..d8edc86 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml -index bbfcd7f..457342b 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Set Password Hashing Algorithm in /etc/login.defs' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh -index 02af406..c58894c 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - AUTH_FILES[0]="/etc/pam.d/system-auth" - AUTH_FILES[1]="/etc/pam.d/password-auth" -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml -index 40f5a16..6bb2b46 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: "Set PAM's Password Hashing Algorithm" - -diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml -index 6514bf4..96bbc71 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml -index 7192666..edf2efa 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable Ctrl-Alt-Del Burst Action' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh -index 2b70d22..927a5cb 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - {{%- if init_system == "systemd" -%}} - {{% if product in ["rhel7", "rhel8"] %}} - # The process to disable ctrl+alt+del has changed in RHEL7. -diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml -index 6066c93..6555df2 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Disable Ctrl-Alt-Del Reboot Activation' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml -index 76e58ca..6e4fb10 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Verify that Interactive Boot is Disabled' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh -index d8640d8..1ecac06 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - service_file="/usr/lib/systemd/system/emergency.service" - -diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml -index f9959f0..d5e860f 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Require Authentication for Emergency Systemd Target' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh -index b022a8e..da49f7b 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - {{% if init_system == "systemd" -%}} - -diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml -index 8acaaa8..eb9f797 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Require Authentication for Single User Mode' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml -index 2582145..e3a2b58 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8,rhcos4 -+prodtype: fedora,ol8,rhel8,rl8,rhcos4 - - title: 'Support session locking with tmux' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml -index dc63eb6..0d7a3ed 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml -index fe99051..13c065a 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8,rhcos4 -+prodtype: fedora,ol8,rhel8,rl8,rhcos4 - - title: 'Configure tmux to lock session after inactivity' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml -index 88ce99f..f8d7386 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8,rhcos4 -+prodtype: fedora,ol8,rhel8,rl8,rhcos4 - - title: 'Configure the tmux Lock Command' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml -index 2c7b96b..97209ab 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml -index cd62ece..bd0be24 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8,rhcos4 -+prodtype: fedora,ol8,rhel8,rl8,rhcos4 - - title: 'Prevent user from disabling the screen lock' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml -index c900612..20bedb9 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8,rhv4,rhcos4 -+prodtype: fedora,ol8,rhel8,rl8,rhv4,rhcos4 - - title: 'Install the tmux Package' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml -index a4f72af..2fa1674 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Configure opensc Smart Card Drivers' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml -index 435d299..b79e1b4 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Force opensc To Use Defined Smart Card Driver' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml -index d64240d..8c56c32 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,rhel7,rhel8 -+prodtype: fedora,ol7,rhel7,rhel8,rl8 - - title: 'Install Smart Card Packages For Multifactor Authentication' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml -index 74da38f..29d9362 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install the opensc Package For Multifactor Authentication' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml -index e2a96fa..5d1bdc3 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install the pcsc-lite package' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml -index cc45c99..af06378 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Enable the pcscd Service' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml -index 1088282..597d464 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Configure Smart Card Certificate Status Checking' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml -index 85d8288..878af36 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml -index 1f712ee..184b3de 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable debug-shell SystemD Service' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml -index 74598bc..f7fb257 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh -index c8c2a90..a319acb 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml -index 7e6b5d7..4bb40c3 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Set Account Expiration Following Inactivity' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml -index c3a2a13..ebcc1a2 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhv4,sle12 -+prodtype: fedora,rhel7,rhel8,rl8,rhv4,sle12 - - title: 'Assign Expiration Date to Temporary Accounts' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml -index bed135a..cdfbe39 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh -index 135eb49..4d62b43 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_fedora -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_rhv,multi_platform_fedora - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_accounts_maximum_age_login_defs") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml -index 0c81c0e..e032f49 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml -index eee37bd..d9ec22d 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh -index eb41213..e9bdada 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - . /usr/share/scap-security-guide/remediation_functions - declare var_accounts_password_minlen_login_defs - {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}} -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml -index 0ef1fcf..6921d2e 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Set Existing Passwords Maximum Age' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml -index cc07306..4dbc427 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Set Existing Passwords Minimum Age' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml -index 1091f8c..3efb267 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml -index 85f98d2..45d2f08 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh -index 258a761..85cde64 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml -index 5c605e7..b85ac51 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Set number of Password Hashing Rounds - password-auth' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml -index e7dccf3..05769b3 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh -index b2c8166..57d4a2b 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml -index 7a8c816..cfa59d1 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Set number of Password Hashing Rounds - system-auth' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml -index db35dac..7dc9d8d 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh -index 837c46b..2f74504 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - sed --follow-symlinks -i 's/\//g' /etc/pam.d/system-auth - sed --follow-symlinks -i 's/\//g' /etc/pam.d/password-auth -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml -index 288d0b8..15e1ca7 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml -index ba40c09..1ac3e80 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Ensure there are no legacy + NIS entries in /etc/group' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml -index ef2266d..828ad38 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Ensure there are no legacy + NIS entries in /etc/passwd' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml -index 687bbde..0da7047 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Ensure there are no legacy + NIS entries in /etc/shadow' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml -index 6fbb7c7..1c8665e 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml -index c504acf..08b2969 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml -index b5bfaba..2e03fa5 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Restrict Web Browser Use for Administrative Accounts' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml -index e47a67a..1bf596a 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml -index 5f9c92a..4908b77 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml -index 947c9f7..82f8626 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Root Path Must Be Vendor Default' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml -index 9459400..425c103 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml -index 7194be9..c9ac767 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh -index d001e73..3fcda7a 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # uncomment the option if commented - sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml -index 4cd0aaa..20b1da9 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Enforce usage of pam_wheel for su authentication' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml -index 9e19b90..0b85d7c 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,fedora -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019,fedora - - title: 'Ensure Home Directories are Created for New Users' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml -index cafb637..733935f 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_sle - # disruption = low - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh -index a8a77c1..25f4845 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml -index 536ac29..1728110 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh -index 65066e7..ee4e5e4 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/bash/shared.sh -index 38e95a8..c989ede 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/bash/shared.sh -@@ -10,4 +10,4 @@ if ! grep -Eq '^\s*/var/tmp\s+/var/tmp/tmp-inst/\s+level\s+root,adm$' /etc/secur - sed -i '/^\s*\/var\/tmp/d' /etc/security/namespace.conf - fi - echo "/var/tmp /var/tmp/tmp-inst/ level root,adm" >> /etc/security/namespace.conf --fi -\ No newline at end of file -+fi -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/correct.pass.sh -index a1b0f96..84ece4b 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/correct.pass.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/correct.pass.sh -@@ -1,4 +1,4 @@ - #!/bin/bash - rm -rf /var/tmp/tmp-inst - mkdir --mode 000 /var/tmp/tmp-inst --echo "/var/tmp /var/tmp/tmp-inst/ level root,adm" >> /etc/security/namespace.conf -\ No newline at end of file -+echo "/var/tmp /var/tmp/tmp-inst/ level root,adm" >> /etc/security/namespace.conf -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/directory_doesnt_exist.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/directory_doesnt_exist.fail.sh -index 98d9790..bd4dc53 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/directory_doesnt_exist.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/directory_doesnt_exist.fail.sh -@@ -1,3 +1,3 @@ - #!/bin/bash - rm -rf /var/tmp/tmp-inst --echo "/var/tmp /var/tmp/tmp-inst/ level root,adm" >> /etc/security/namespace.conf -\ No newline at end of file -+echo "/var/tmp /var/tmp/tmp-inst/ level root,adm" >> /etc/security/namespace.conf -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/line_not_there.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/line_not_there.fail.sh -index 2e4e48a..02cca90 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/line_not_there.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/line_not_there.fail.sh -@@ -1,4 +1,4 @@ - #!/bin/bash - rm -rf /var/tmp/tmp-inst - mkdir --mode 000 /var/tmp/tmp-inst --sed -i "/^\s*\/var\/tmp\s*/d" /etc/security/namespace.conf -\ No newline at end of file -+sed -i "/^\s*\/var\/tmp\s*/d" /etc/security/namespace.conf -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/wrong_mode.fail.sh b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/wrong_mode.fail.sh -index 9e895dd..4a77322 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/wrong_mode.fail.sh -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/tests/wrong_mode.fail.sh -@@ -1,4 +1,4 @@ - #!/bin/bash - rm -rf /var/tmp/tmp-inst - mkdir --mode 600 /var/tmp/tmp-inst --echo "/var/tmp /var/tmp/tmp-inst/ level root,adm" >> /etc/security/namespace.conf -\ No newline at end of file -+echo "/var/tmp /var/tmp/tmp-inst/ level root,adm" >> /etc/security/namespace.conf -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml -index 2c30490..89f2154 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml -index 895290d..1fe3fc8 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,rhcos4 - - title: 'Set Interactive Session Timeout' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml -index 1bcfca2..14860d2 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'User Initialization Files Must Be Group-Owned By The Primary User' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml -index d41cc0c..5bc25f7 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'User Initialization Files Must Not Run World-Writable Programs' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml -index da6dd8e..7d4390e 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'User Initialization Files Must Be Owned By the Primary User' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml -index 1439204..6dd1a05 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Ensure that Users Path Contains Only Local Directories' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml -index a4cf5c2..1d3d355 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'All Interactive Users Must Have A Home Directory Defined' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml -index 1c8fb04..6ac924f 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'All Interactive Users Home Directories Must Exist' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml -index e3e46f0..8df4236 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml -index 2739998..bc2048a 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'All User Files and Directories In The Home Directory Must Be Owned By The Primary User' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml -index fb57ff1..4427f23 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive' - -diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml -index 6c70cc8..5b6159f 100644 ---- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' - -diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml -index 37cb36c..32db685 100644 ---- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'All Interactive User Home Directories Must Be Owned By The Primary User' - -diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml -index ef62802..888ff00 100644 ---- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive' - -diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml -index 561f9f1..9f56d11 100644 ---- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive' - -diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml -index ee5a118..b60049c 100644 ---- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh -index a830169..4037584 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_ol - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_accounts_user_umask") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml -index e06ae36..4b1c255 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Ensure the Default Bash Umask is Set Correctly' - -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh -index 716dede..eeda535 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_ol - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_accounts_user_umask") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml -index fba5297..bac1691 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Ensure the Default C Shell Umask is Set Correctly' - -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml -index 259997f..00b19ac 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh -index f74cbfe..f9f17df 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux,multi_platform_ol - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_accounts_user_umask") }}} - -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml -index f364801..4ba928d 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Ensure the Default Umask is Set Correctly For Interactive Users' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml -index 44a426e..1beea48 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Record Any Attempts to Run chcon' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml -index 8c7b399..548c2ec 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Any Attempts to Run restorecon' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml -index 0b19258..2612e2d 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Record Any Attempts to Run semanage' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml -index af2cdfe..65bff25 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Any Attempts to Run setfiles' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml -index 8fa73ac..0f2ba49 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Record Any Attempts to Run setsebool' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml -index 5b7be88..583b60e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Any Attempts to Run seunshare' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh -index 02020a8..9f8c534 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml -index dd2c1a1..9e9a612 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Record Successful Permission Changes to Files - chmod' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml -index 5aa1277..e61de95 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Ownership Changes to Files - chown' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml -index ef1bd04..d8dd8c6 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Access Attempts to Files - creat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml -index 8a809c6..cbf3d4c 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Permission Changes to Files - fchmod' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml -index fbe2a24..eae86cb 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Permission Changes to Files - fchmodat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml -index 4de26ca..356c3d3 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Ownership Changes to Files - fchown' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml -index 35b0ab9..959f7c8 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Ownership Changes to Files - fchownat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml -index a9192fa..c15b34f 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Permission Changes to Files - fremovexattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml -index f158bf7..1dafe56 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Permission Changes to Files - fsetxattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml -index e02f99b..042d5cf 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Access Attempts to Files - ftruncate' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml -index 79b0a70..efcf933 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Ownership Changes to Files - lchown' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml -index 19d2e35..a3ffd16 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Permission Changes to Files - lremovexattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml -index 22b5164..4690619 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Permission Changes to Files - lsetxattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml -index e2e526c..9a7601b 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Access Attempts to Files - open' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml -index bcf48d5..22474d7 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Access Attempts to Files - open_by_handle_at' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml -index 4285ce7..e0e57c9 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml -index 8173344..67cd016 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml -index 8c90237..1b226d8 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Successful Creation Attempts to Files - open O_CREAT' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml -index 701b796..cf85cf0 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Successful Creation Attempts to Files - open O_TRUNC_WRITE' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml -index 032c3eb..14f4c99 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Access Attempts to Files - openat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml -index 2b9a474..249e2e0 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Successful Creation Attempts to Files - openat O_CREAT' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml -index 8382764..cfee05b 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml -index 61cb9be..b435265 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Permission Changes to Files - removexattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml -index 142bf75..02cf60a 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Delete Attempts to Files - rename' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml -index c2ab417..57c0991 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Delete Attempts to Files - renameat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml -index 7e737d6..d1484c6 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Permission Changes to Files - setxattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml -index 43622f2..e1219b2 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Access Attempts to Files - truncate' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml -index b3c54bf..3417b14 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Delete Attempts to Files - unlink' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml -index a211008..577d40b 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Record Successful Delete Attempts to Files - unlinkat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh -index cdde2ea..483c876 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml -index bb91b76..8d521ac 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - chmod' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml -index 3f0b1b5..9450c4b 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Ownership Changes to Files - chown' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml -index b5abef2..da44b66 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Record Unsuccessful Access Attempts to Files - creat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml -index 1acb134..3551860 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - fchmod' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml -index 2bf620b..c7586bf 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - fchmodat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml -index 278b34c..f5a34d1 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Ownership Changes to Files - fchown' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml -index 15257c5..45ace35 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Ownership Changes to Files - fchownat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml -index 9914de5..33fe6fe 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - fremovexattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml -index 44f0071..92b37bd 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - fsetxattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml -index 9ed6b36..bff0d6b 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Record Unsuccessful Access Attempts to Files - ftruncate' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml -index 884939d..dbf8480 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Ownership Changes to Files - lchown' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml -index 0a99fff..910d423 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - lremovexattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml -index bed13e9..ded6bd4 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - lsetxattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh -index c93a8d8..0cc5d51 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml -index 97aa771..d2f61f9 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Record Unsuccessful Access Attempts to Files - open' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh -index c93a8d8..0cc5d51 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml -index 2807674..def2a9d 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh -index c93a8d8..0cc5d51 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml -index 9ee9f9f..d954d38 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh -index c93a8d8..0cc5d51 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml -index 3460a48..21992a4 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh -index 282e673..50071f9 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml -index 30cb64b..4095ecf 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh -index 1e021c4..5ac1c0c 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml -index a7819c1..de4f5c3 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessful Creation Attempts to Files - open O_CREAT' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh -index 1e021c4..5ac1c0c 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml -index ec871cf..c057b67 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh -index 282e673..50071f9 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml -index 02ffe9a..2cc4093 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh -index 1e021c4..5ac1c0c 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml -index f1699ab..9cd8d07 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Record Unsuccessful Access Attempts to Files - openat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh -index 1e021c4..5ac1c0c 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml -index 9cfb328..08b4042 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessful Creation Attempts to Files - openat O_CREAT' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh -index 1e021c4..5ac1c0c 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml -index 2ed974e..6263476 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh -index 282e673..50071f9 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol - # - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml -index ea7291c..ea7c0fd 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml -index 531676d..ad7d201 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - removexattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml -index a85dd69..cb6a6f9 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Delete Attempts to Files - rename' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml -index 87a7ec0..a1e4773 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Delete Attempts to Files - renameat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml -index 7dae625..cea440d 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Permission Changes to Files - setxattr' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml -index 60d98c5..1a8cf91 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Record Unsuccessful Access Attempts to Files - truncate' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml -index 43e94bd..e31b39c 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Delete Attempts to Files - unlink' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml -index be69e8e..527b6a0 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Unsuccessul Delete Attempts to Files - unlinkat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml -index 8421076..36a0f6e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml -index c7b605e..195ee46 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_rhv,multi_platform_sle - # reboot = false - # complexity = low - # disruption = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml -index 0997c1c..0b0cc49 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml -index 3f3c3e3..2566ccd 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # complexity = low - # disruption = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml -index f54035b..25513d2 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml -index d804bbd..b955732 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_rhv,multi_platform_sle - # reboot = false - # complexity = low - # disruption = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml -index 829f3b2..ef89a4a 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh -index 9c86d27..3a95194 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml -index 3cdacb5..e77db5f 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Record Attempts to Alter Logon and Logout Events - faillock' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml -index 1d8a6f7..431772a 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Record Attempts to Alter Logon and Logout Events - lastlog' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml -index 730b7d7..48c7d7a 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15 - - title: 'Record Attempts to Alter Logon and Logout Events - tallylog' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml -index 2b01924..dbeeebf 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh -index 9e55247..522423b 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml -index 6639d95..8700cc6 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml -index 0fcf3fb..c4981ca 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml -index 62990d1..7d8e6dd 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml -index 0cd9202..97f0e10 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - crontab' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml -index 48d3c6c..2fec09e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml -index 4941b38..ac5b7ef 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle12 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - mount' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml -index efc78be..c0d5928 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml -index 462dda8..27a2ea4 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml -index 0365865..4c9cb7d 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml -index d6780b0..0480c31 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml -index 9323934..4420d55 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - passwd' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml -index e115387..c28792d 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postdrop' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml -index 5759f71..172ade2 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postqueue' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml -index 1cb5674..ca3a942 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml -index c29b6f8..0ae218a 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml -index 86c423d..6fef621 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - su' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml -index 9e9e892..358d81f 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml -index 56be077..db8c975 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml -index 2ce9d62..8b69eeb 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - umount' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml -index b458ed6..6db82dd 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml -index 08c4df8..b99c3ad 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - userhelper' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml -index 43146e6..0a28735 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml -index 25c2bed..43e23d1 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via open syscall - /etc/group' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml -index d8c8cfb..6bfafec 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml -index 29dd8a7..5ac177a 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via openat syscall - /etc/group' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml -index 3e3e5f5..da6c901 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via open syscall - /etc/gshadow' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml -index b2425c1..710e215 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml -index 6e3096d..810f348 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via openat syscall - /etc/gshadow' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml -index 4b19927..927b740 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via open syscall - /etc/passwd' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml -index aaf829f..cbf218a 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml -index 35dd183..e9fcb01 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via openat syscall - /etc/passwd' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml -index 1c72419..da22f1b 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via open syscall - /etc/shadow' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml -index e3c77b1..d37f7c2 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml -index ae78491..e4ab590 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Record Events that Modify User/Group Information via openat syscall - /etc/shadow' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh -index 29cd4a5..0700fde 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Traverse all of: - # -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml -index 4633be5..72007fe 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh -index 0d731ff..b032d52 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml -index fa07d5b..8986085 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot =false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh -index 4e4869a..333ba9d 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml -index 08694d3..68dccdf 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh -index e880137..89d9d78 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh -index b6a4e7e..ffefa41 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml -index e8a2db3..ee4590e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Shutdown System When Auditing Failures Occur' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh -index bb03098..e9b1978 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml -index 0af2178..ef97d24 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Record Events that Modify User/Group Information - /etc/group' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml -index f4dce55..47bffff 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Record Events that Modify User/Group Information - /etc/gshadow' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml -index 240d4d8..f2100f3 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Record Events that Modify User/Group Information - /etc/security/opasswd' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml -index 069916d..5fc6937 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Record Events that Modify User/Group Information - /etc/passwd' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml -index 5c13ca5..e34813c 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Record Events that Modify User/Group Information - /etc/shadow' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh -index 1eeb41d..3509259 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh -index ffddb94..3171d5e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh -index 1eeb41d..3509259 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh -index 1eeb41d..3509259 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh -index ed5ff64..016234f 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml -index 31b65a0..af928b7 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh -index fb64c24..e31ed8e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl - - if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then - GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh -index d6c4586..ea9f34e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_fedora,multi_platform_rhv - - if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then - GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml -index eae8a2d..46ccafe 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'System Audit Logs Must Have Mode 0640 or Less Permissive' - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml -index b3f245c..e8bef0c 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - # reboot = false - # strategy = configure - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh -index 0e3d32f..df44873 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_audispd_remote_server") }}} - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml -index c19af71..059b303 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Configure audispd Plugin To Send Logs To Remote Server' - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml -index d3bf284..932dd59 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Configure audispd''s Plugin disk_full_action When Disk Is Full' - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml -index 1943a00..80d3410 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Encrypt Audit Records Sent With audispd Plugin' - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml -index f756e47..80488d2 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Configure audispd''s Plugin network_failure_action On Network Failure' - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml -index 06f4a10..85f74c3 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh -index 2b17ddd..dbd9a0c 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml -index 61cc475..0592a96 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh -index b136cc1..804e568 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_sle - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml -index b82e6d1..b7f8140 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh -index ac78fe8..b12177a 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux,multi_platform_sle - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}} - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml -index 93d076f..8aa1ec4 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh -index 0c23a90..ed3c345 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - . /usr/share/scap-security-guide/remediation_functions - - {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}} -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml -index f909e5e..1bda408 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh -index efe151c..764f087 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_auditd_flush") }}} - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml -index ed78083..8c4761f 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml -index 8b889b9..47bf5af 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Configure auditd flush priority' - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh -index 9817ba8..f6e2fdd 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rl - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh -index 2dc2791..ab60bfe 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rl - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh -index dadc03e..06a401e 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rl - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh -index 741e548..1fd470d 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rl - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh -index fb0da2f..dd6dfd6 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rl - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh -index 9a930ab..6fc5ed3 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_fedora,multi_platform_rhel -+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rl - # profiles = xccdf_org.ssgproject.content_profile_ospp - # remediation = bash - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml -index 65c77aa..1d667b9 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh -index 9f40589..867da3a 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_auditd_max_log_file") }}} - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml -index 595959e..3b696c9 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh -index 42f987d..79c2fae 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml -index 6fe9e01..f084a80 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml -index ab0bea5..9c7ad3c 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh -index 9b79489..7efedc5 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_auditd_space_left") }}} - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml -index 7d84595..2b4e822 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Configure auditd space_left on Low Disk Space' - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml -index 04062e3..8bf1a0e 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh -index 1d2b211..d642b73 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - . /usr/share/scap-security-guide/remediation_functions - {{{ bash_instantiate_variables("var_auditd_space_left_action") }}} - -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml -index ed78083..8c4761f 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml -index ed78083..8c4761f 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml -index ed78083..8c4761f 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml -index ed78083..8c4761f 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml -index ed78083..8c4761f 100644 ---- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml -index d033770..cb66fa3 100644 ---- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml -+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon' - -diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml -index 27e19e7..cdff715 100644 ---- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml -+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Extend Audit Backlog Limit for the Audit Daemon' - -diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml -index 8ed5af7..4ecd6c3 100644 ---- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml -+++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install audispd-plugins Package' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml -index a11fe8e..f146547 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml -index 458ac7e..c5a95c0 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of unsuccessful file accesses' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml -index d4e767f..5b7ea61 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml -index 0646187..c89e220 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of successful file accesses' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml -index 6991012..182af5e 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml -index cce5e83..fa2ea57 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4,rhcos4 - - title: 'Configure basic parameters of Audit system' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml -index 2183f47..b9932de 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml -index 92800b4..1d79a95 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of unsuccessful file creations' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml -index 59db7b1..79e3170 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of successful file creations' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml -index 17ba8b3..ea7dcb5 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml -index 2f67a15..3a6296a 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of unsuccessful file deletions' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml -index 2b34b1e..fcc5a7c 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - - {{% set file_contents = """## Successful file delete - -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml -index f54899f..72a009a 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of successful file deletions' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml -index 95e6a2e..358163e 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml -index 073f29c..0f2750d 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure immutable Audit login UIDs' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml -index 3bdfdf8..c42e36f 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml -index 51f9d76..c5f3e22 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4,rhcos4 - - title: 'Configure auditing of unsuccessful file modifications' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml -index 430d311..09de561 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml -index b51acc0..8dbf6b8 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of successful file modifications' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml -index f3fc0df..c2ede72 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml -index 20bfca8..69b9a38 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4,rhcos4 - - title: 'Configure auditing of loading and unloading of kernel modules' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml -index d59066c..ac01e04 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml -index fbf7473..081aaed 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4,rhcos4 - - title: 'Perform general configuration of Audit for OSPP' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml -index b0052f8..650d078 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of unsuccessful ownership changes' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml -index 3657a32..3bf595b 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of successful ownership changes' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml -index 477c742..7a0399d 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of unsuccessful permission changes' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml -index 53ecf9d..2cf81de 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8,rhcos4 -+prodtype: ol8,rhel8,rl8,rhcos4 - - title: 'Configure auditing of successful permission changes' - -diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml -index 26e7016..25ef787 100644 ---- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml -+++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Configure audit according to OSPP requirements' - -diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml -index 2ab43f2..f066e22 100644 ---- a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml -index 89ffe07..802fe55 100644 ---- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8 -+prodtype: rhel8,rl8 - - title: 'Configure kernel to trust the CPU random number generator' - -diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml -index e3b63d9..76e36c9 100644 ---- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8 -+prodtype: fedora,ol8,rhel8,rl8 - - title: 'Enable Kernel Page-Table Isolation (KPTI)' - -diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml -index b090492..cb299d4 100644 ---- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable vsyscalls' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml -index 85ef10d..0f75345 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify /boot/grub2/grub.cfg Group Ownership' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml -index dcd00e1..4c58663 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify /boot/grub2/grub.cfg User Ownership' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml -index bd4f85b..184d1d9 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify /boot/grub2/grub.cfg Permissions' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml -index 4b04936..4a0f59f 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Set the Boot Loader Admin Username to a Non-Default Value' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml -index 5b2846e..be970f5 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Boot Loader Is Not Installed On Removeable Media' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml -index 92129ab..f5a8f1c 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Set Boot Loader Password in grub2' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml -index 4d9fdf5..69e84f6 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml -index a9f498e..23f4f44 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Verify the UEFI Boot Loader grub.cfg User Ownership' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml -index 1019d9b..7581a16 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Verify the UEFI Boot Loader grub.cfg Permissions' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml -index ea5c80f..d7c04ae 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Set the UEFI Boot Loader Admin Username to a Non-Default Value' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml -index decb94b..6c9540a 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Set the UEFI Boot Loader Password' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml -index cd1dd72..a5be1ec 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'UEFI Boot Loader Is Not Installed On Removeable Media' - -diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml -index c2fb5ba..ba5290f 100644 ---- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml -+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL' - -diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml -index 6548c35..df8320f 100644 ---- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml -+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL' - -diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml -index c3f032d..394d4ad 100644 ---- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml -+++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Ensure all zIPL boot entries are BLS compliant' - -diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml -index 13192cd..7e2fd6f 100644 ---- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml -+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Ensure zIPL bootmap is up to date' - -diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml -index 261b227..18cc45c 100644 ---- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml -+++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Ensure SELinux Not Disabled in zIPL' - -diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml -index 42c1c8a..eb578f7 100644 ---- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml -+++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Enable page allocator poisoning in zIPL' - -diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml -index 2f9b04f..8d55c00 100644 ---- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml -+++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Enable SLUB/SLAB allocator poisoning in zIPL' - -diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml -index f90a0fb..daf4118 100644 ---- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml -+++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Disable vsyscalls in zIPL' - -diff --git a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml -index 555d53c..9b107d7 100644 ---- a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml -+++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure Logwatch HostLimit Line' - -diff --git a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml -index 405034e..184f5b4 100644 ---- a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml -+++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure Logwatch SplitHosts Line' - -diff --git a/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml -index 245b9fa..996d115 100644 ---- a/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml -+++ b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable Logwatch on Clients if a Logserver Exists' - -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh -index bae2c02..ce2469b 100644 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - - if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then - mkdir -p /etc/rsyslog.d -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml -index 5e8f08f..d52c4af 100644 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure cron Is Logging To Rsyslog' - -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh -index 9e3dd5b..dcf5b3d 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check rsyslog.conf with root group-owner log from rules and - # non root group-owner log from $IncludeConfig fails. -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh -index 5954bff..8f82f87 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check rsyslog.conf with root group-owner log from rules and - # root group-owner log from $IncludeConfig passes. -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh -index 85d125d..00bae03 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check if log file with non root group-owner in rsyslog.conf fails. - -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh -index 233bf31..087274a 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check if log file with root group-owner in rsyslog.conf passes. - -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh -index c7aba8d..334ad7d 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check rsyslog.conf with root user log from rules and - # non root user log from $IncludeConfig fails. -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh -index c2d09af..0c0858f 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check rsyslog.conf with root user log from rules and - # root user log from $IncludeConfig passes. -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh -index c9768fc..d09fb56 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check if log file with non root user in rsyslog.conf fails. - -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh -index f61f9f6..1bfc56e 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check if log file with root user in rsyslog.conf passes. - -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh -index d9c2f79..79850b8 100644 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - # List of log file paths to be inspected for correct permissions - # * Primarily inspect log file paths listed in /etc/rsyslog.conf -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh -index 3bb5818..402ee43 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check rsyslog.conf with log file permissions 0600 from rules and - # log file permissions 0600 from $IncludeConfig passes. -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh -index 2ae5c89..cef8a22 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check rsyslog.conf with log file permissions 0600 from rules and - # log file permissions 0601 from $IncludeConfig fails. -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh -index e511187..8599ba0 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check if log file with permissions 0600 in rsyslog.conf passes. - -diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh -index 89d1e26..0e55340 100755 ---- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh -+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - # Check if log file with permissions 0601 in rsyslog.conf fails. - -diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml -index fe06b1c..4538adb 100644 ---- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml -+++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server' - -diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml -index 407e1be..9061ec2 100644 ---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml -+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh -index 836f0af..e5d890f 100644 ---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh -+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - - . /usr/share/scap-security-guide/remediation_functions - -diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml -index e8c2ea6..668576b 100644 ---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml -+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8 -+prodtype: fedora,ol8,rhel8,rl8 - - title: 'Configure TLS for rsyslog remote logging' - -diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml -index d08374a..4a1ee39 100644 ---- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml -+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8 -+prodtype: fedora,ol8,rhel8,rl8 - - title: 'Configure CA certificate for rsyslog remote logging' - -diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml -index 7aea04c..77fb839 100644 ---- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml -+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Install firewalld Package' - -diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml -index 818edc3..5fec484 100644 ---- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml -+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Verify firewalld Enabled' - -diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml -index 04c7ceb..21a9d4c 100644 ---- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml -+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Configure the Firewalld Ports' - -diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml -index 60520b2..6a39ecc 100644 ---- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml -+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Set Default firewalld Zone for Incoming Packets' - -diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml -index a72513b..fc11f51 100644 ---- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml -+++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Verify Any Configured IPSec Tunnel Connections' - -diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml -index d5d4b9b..29d8ea4 100644 ---- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml -+++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install libreswan Package' - -diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml -index 15b66f5..f9064ff 100644 ---- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml -+++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Install iptables Package' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml -index 23dfed4..644cb11 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Manually Assign IPv6 Router Address' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh -index d787fbb..95ddee4 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_ol - - # enable randomness in ipv6 address generation - for interface in /etc/sysconfig/network-scripts/ifcfg-* -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml -index 5d554b2..49c5015 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Use Privacy Extensions for Address' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml -index aac0fae..8cc94d8 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Manually Assign Global IPv6 Address' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml -index f3b2aee..9444f23 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml -index 0b38e2f..90cc01d 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml -index 5b5bfc9..c6e13aa 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml -index d75989f..cfd60c8 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml -index 09d263c..c52f189 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml -index ede503c..c064b2c 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml -index 9253f72..7b1415d 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml -index 6d05fa2..096b6dc 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml -index 8767a52..2d84e1a 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml -index e7b9455..74729b4 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Auto Configuration on All IPv6 Interfaces - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml -index 2944e5f..524dc40 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable Kernel Parameter for IPv6 Forwarding' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml -index 6621abe..30ead65 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml -index d9841fe..82010b3 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure Denying Router Solicitations on All IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml -index 4ec63bd..aeed7b5 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml -index 167fb59..19c0f09 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml -index 5cf9830..f375cc7 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml -index d7dad19..0b43fd4 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml -index b6ee061..a1b0df1 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml -index 849b0d4..e4c9f4e 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml -index 970db38..03019dd 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml -index 6a26a8f..1535a65 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml -index af6be95..5e74a42 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12 - - title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml -index af2322b..cd6b612 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Auto Configuration on All IPv6 Interfaces By Default - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml -index 32ade22..46016f8 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml -index c2871e0..4ef8c7b 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Configure Denying Router Solicitations on All IPv6 Interfaces By Default' - -diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml -index aa60680..082bfe6 100644 ---- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Ensure IPv6 is disabled through kernel boot parameter' - -diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml -index 86299ff..53809f3 100644 ---- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable Interface Usage of IPv6' - -diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh -index 48e71c2..60fc85f 100644 ---- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh -+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl - - # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC - # services for NFSv4 from attempting to start IPv6 network listeners -diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml -index 489bfe6..78b91ab 100644 ---- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhv4 -+prodtype: fedora,rhel7,rhel8,rl8,rhv4 - - title: 'Disable Support for RPC IPv6' - -diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml -index ed9b097..fc276f6 100644 ---- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Disable IPv6 Networking Support Automatic Loading' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml -index 53eed93..3011b9d 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml -index ffbc452..6fc07bf 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml -index 9aa09b2..45960ed 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml -index 4bb38a2..9c0e767 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml -index 0747c89..75907e0 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml -index 876186b..10defff 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml -index c29abff..b223879 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml -index 3d1dfb6..a704344 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml -index 8a150f8..37a2a59 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml -index 5d71eb2..e7ef77d 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml -index 31f042b..4d47409 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml -index 4486a92..39d799c 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,sle12 - - title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml -index 8262ae8..42b416e 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml -index f7ee2e9..616f4cd 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml -index 52d0de9..5adb0fa 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml -index f28664d..2de1a65 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml -index 06defef..4aa4845 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml -index 8624008..38cfec6 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml -index bdcc7bb..554b3f4 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml -index 022a67d..b747a68 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml -index 83baebf..e30d8d5 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml -index f1c4947..ad98c44 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml -index 3ac8723..420cccd 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml -index 730ba04..34a6cc9 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml -index e38eceb..5652ac2 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Set Kernel Parameter to Increase Local Port Range' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml -index e68faf0..4ecb6ae 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15,wrlinux1019 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15,wrlinux1019 - - title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml -index 7843c18..29823dd 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml -index b063545..c9d26f1 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml -index 7989394..eb3d4ce 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Enable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml -index 7e93640..a37e592 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml -index 779b926..885eae5 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml -index 2b3c36d..2328cc9 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml -index ade1338..e7ce56f 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml -index 6274897..62c24c9 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4,sle12 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,rhcos4,sle12 - - title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml -index dea03ee..28629a8 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml -index caff3aa..777c843 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel7,rhel8,rl8 - - title: 'Disable ATM Support' - -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml -index 9149b18..43cb761 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml -index f25e86a..b853b42 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel7,rhel8,rl8 - - title: 'Disable CAN Support' - -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml -index d9db321..c423fe4 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 - - title: 'Disable DCCP Support' - -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml -index b245fd6..6b58c82 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml -index 3c85647..2d05d5e 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel7,rhel8,rl8 - - title: 'Disable IEEE 1394 (FireWire) Support' - -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml -index 22d44d7..d97e17c 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml -index 8db0f11..57b39d0 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Disable SCTP Support' - -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml -index 209afc0..a6bed26 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml -index 18187e5..e807522 100644 ---- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml -index a6c9b7e..75317da 100644 ---- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable Bluetooth Kernel Module' - -diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml -index a39d662..e9ab781 100644 ---- a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhv4,rhcos4 -+prodtype: fedora,rhel7,rhel8,rl8,rhv4,rhcos4 - - title: 'Disable Bluetooth Service' - -diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml -index 36507a5..8c5e811 100644 ---- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml -+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8 - - title: 'Disable WiFi or Bluetooth in BIOS' - -diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml -index d683b2e..20ddc3e 100644 ---- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml -+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Deactivate Wireless Network Interfaces' - -diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml -index 8450e29..2491d53 100644 ---- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml -+++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Configure Multiple DNS Servers in /etc/resolv.conf' - -diff --git a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml -index 3e286d3..2148f99 100644 ---- a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml -+++ b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable Client Dynamic DNS Updates' - -diff --git a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml -index 4ad51bb..504c102 100644 ---- a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml -+++ b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable Zeroconf Networking' - -diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml -index 3ead3ea..718d7f7 100644 ---- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml -+++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8,rhv4 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4 - - title: 'Prevent non-Privileged Users from Modifying Network Interfaces using nmcli' - -diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml -index 222063a..e8eafcf 100644 ---- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml -+++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure System is Not Acting as a Network Sniffer' - -diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml -index 02e9ce0..314b827 100644 ---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml -+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure All World-Writable Directories Are Owned by root user' - -diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh -index e49942d..f6d2623 100644 ---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh -+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_sle - df --local -P | awk '{if (NR!=1) print $6}' \ - | xargs -I '{}' find '{}' -xdev -type d \ - \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \ -diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml -index e5d22bf..eaa23db 100644 ---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml -+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure All World-Writable Directories Are Owned by a System Account' - -diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml -index 8578172..f8f5b28 100644 ---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml -+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Ensure All World-Writable Directories Are Group Owned by a System Account' - -diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml -index 6ff491f..9cf0db7 100644 ---- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml -+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml -@@ -2,7 +2,7 @@ documentation_complete: true - - title: 'Ensure All SGID Executables Are Authorized' - --prodtype: fedora,ol7,ol8,rhel7,rhel8,wrlinux1019,sle15,wrlinux8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,wrlinux1019,sle15,wrlinux8 - - description: |- - The SGID (set group id) bit should be set only on files that were -diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml -index a49890c..010fa53 100644 ---- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml -+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml -@@ -2,7 +2,7 @@ documentation_complete: true - - title: 'Ensure All SUID Executables Are Authorized' - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,wrlinux1019,wrlinux8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,wrlinux1019,wrlinux8 - - description: |- - The SUID (set user id) bit should be set only on files that were -diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml -index a9efbdd..8d4ab33 100644 ---- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml -+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Ensure All Files Are Owned by a Group' - -diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml -index 6acae65..aa9db57 100644 ---- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml -+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Ensure All Files Are Owned by a User' - -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml -index 5b1e48a..16c4ca2 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = medium -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh -index e2495d2..f6f14b4 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_ol - find /bin/ \ - /usr/bin/ \ - /usr/local/bin/ \ -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml -index c13c1a0..10d041b 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = medium -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh -index d92ff6c..34cab7d 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol - for LIBDIR in /usr/lib /usr/lib64 /lib /lib64 - do - if [ -d $LIBDIR ] -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml -index a7d8bc9..96c0110 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = medium -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh -index 5d95c98..2779b92 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_ol - DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec" - for dirPath in $DIRS; do - find "$dirPath" -perm /022 -exec chmod go-w '{}' \; -diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml -index a174202..fd4f7a1 100644 ---- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml -+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml -index 1da03eb..7896371 100644 ---- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml -index 202dcf4..812c66d 100644 ---- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml -index 184a746..ce8f256 100644 ---- a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Assign Password to Prevent Changes to Boot Firmware Configuration' - -diff --git a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml -index ce7279a..fa98cc5 100644 ---- a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8 - - title: 'Disable Booting from USB Devices in Boot Firmware' - -diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml -index de30837..928fb7c 100644 ---- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8 - - title: 'Disable Kernel Support for USB via Bootloader Configuration' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml -index a69f66e..87db0fa 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml -index 302154b..d9a287b 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,ubuntu1804 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 - - title: 'Disable Mounting of cramfs' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml -index 9d6e828..d487754 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml -index 4da8a20..7544036 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 - - title: 'Disable Mounting of freevxfs' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml -index 3baf256..acb0314 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml -index bca3d89..85f6ee3 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 - - title: 'Disable Mounting of hfs' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml -index 0313807..8f04a37 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml -index b6d9235..f2ba5e4 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 - - title: 'Disable Mounting of hfsplus' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml -index b0ecca7..4d16bf8 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml -index 6397b9c..54e8e85 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 - - title: 'Disable Mounting of jffs2' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml -index be99e6b..af3c6cc 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml -index 90b041a..c23366b 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8,sle15 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8,sle15 - - title: 'Disable Mounting of squashfs' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml -index 83486ee..de921a8 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml -index 4686c41..446f6ae 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8,sle15,ubuntu1804 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8,sle15,ubuntu1804 - - title: 'Disable Mounting of udf' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml -index 8c8c5b0..69d25a0 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml -index d1d2bf9..fc11c82 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Disable Modprobe Loading of USB Storage Driver' - -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml -index 2df05ff..589c497 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml -index 7383973..5f0b5d3 100644 ---- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Disable Mounting of vFAT filesystems' - -diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml -index 00f06ba..ab0860f 100644 ---- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml -index 00d1282..dcb5e36 100644 ---- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,ubuntu1804 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,ubuntu1804 - - title: 'Disable the Automounter' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml -index 5c65ac7..eb4b5dc 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Add noauto Option to /boot' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml -index 5256119..d7806fe 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nodev Option to /boot' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml -index b5925dd..ea7e8b2 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Add noexec Option to /boot' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml -index a4da22f..c959239 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nosuid Option to /boot' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml -index f41387a..75257c4 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 - - title: 'Add noexec Option to /dev/shm' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml -index dd944b4..e2b6ddd 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 - - title: 'Add nodev Option to /home' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml -index 4e60c7a..a12dc05 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Add noexec Option to /home' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml -index 37e8f7f..359df5b 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,rhcos4,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,rhcos4,sle12 - - title: 'Add nosuid Option to /home' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml -index f7c3502..4255b3e 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nodev Option to Non-Root Local Partitions' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml -index 5912fb9..2a60311 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15,ubuntu1804 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4,sle15,ubuntu1804 - - title: 'Add nodev Option to Removable Media Partitions' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml -index d329ad2..18c5f6f 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15,ubuntu1804 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4,sle15,ubuntu1804 - - title: 'Add noexec Option to Removable Media Partitions' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml -index 9ed257a..f95c4b8 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,rhcos4,ubuntu1804 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019,rhcos4,ubuntu1804 - - title: 'Add nosuid Option to Removable Media Partitions' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml -index 949ccbd..8f7bc4d 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Add nosuid Option to /opt' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml -index 9e90545..17cd747 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Add nosuid Option to /srv' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml -index 35173f9..347676c 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,ubuntu1804,rhcos4 - - title: 'Add nodev Option to /tmp' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml -index 4f831bd..a700102 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,rhcos4 - - title: 'Add noexec Option to /tmp' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml -index 5bcbebd..3dc67b8 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,ubuntu1804,rhcos4 - - title: 'Add nosuid Option to /tmp' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml -index 404386d..12315b9 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nodev Option to /var/log/audit' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml -index 93c63a7..1f2c1d9 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add noexec Option to /var/log/audit' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml -index 7ee7213..1cfd0f8 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nosuid Option to /var/log/audit' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml -index 8959bd0..d898388 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nodev Option to /var/log' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml -index baf1eea..fa46406 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add noexec Option to /var/log' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml -index beee543..96fc540 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nosuid Option to /var/log' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml -index fe4aaae..1472760 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nodev Option to /var' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml -index ef2dc47..1ec2cdb 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Add noexec Option to /var' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml -index 9aa1cd2..b7bc469 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhcos4 -+prodtype: fedora,rhel7,rhel8,rl8,rhcos4 - - title: 'Add nosuid Option to /var' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh -index 1466eff..5f9614d 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - - . /usr/share/scap-security-guide/remediation_functions - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml -index 394a3a7..3a20335 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Bind Mount /var/tmp To /tmp' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml -index 136ba13..7585fbf 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 - - title: 'Add nodev Option to /var/tmp' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml -index 8eb0eaf..8164b33 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 - - title: 'Add noexec Option to /var/tmp' - -diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml -index 90c5787..9078ff8 100644 ---- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml -+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 - - title: 'Add nosuid Option to /var/tmp' - -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml -index 23647c6..6b47687 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml -index 23647c6..6b47687 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh -index 5d6b55f..d192ccc 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rl,multi_platform_ol - SECURITY_LIMITS_FILE="/etc/security/limits.conf" - - if grep -qE '\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml -index 6f9455b..034051a 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml -index 991c92d..071b716 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Disable Core Dumps for All Users' - -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml -index 125e764..7fbb6fe 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Disable acquiring, saving, and processing core dumps' - -diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml -index 9039909..f3c07b0 100644 ---- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Set Daemon Umask' - -diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml -index c584d7f..1578bd9 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhv4 -+prodtype: fedora,rhel7,rhel8,rl8,rhv4 - - title: 'Enable ExecShield via sysctl' - -diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml -index b213678..4b4d267 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml -index 1284acb..5480832 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml -index e3a6c5a..47e7517 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Enable NX or XD Support in the BIOS' - -diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml -index ff60829..2416d65 100644 ---- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhv4 -+prodtype: fedora,rhel7,rhel8,rl8,rhv4 - - title: 'Install PAE Kernel on Supported 32-bit x86 Systems' - -diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml -index 48acc4d..afd1282 100644 ---- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Enable page allocator poisoning' - -diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml -index 516409b..cad3961 100644 ---- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Enable SLUB/SLAB allocator poisoning' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml -index dcc07dd..5b8254c 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml -index 60e5048..f6abc4e 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Disable storing core dumps' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml -index 2a41e26..f57abea 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml -index 90fcd34..fa17dd3 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Restrict Access to Kernel Message Buffer' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml -index 0e9d3cc..2032028 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml -index 83710b7..abc34f4 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable Kernel Image Loading' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml -index 438cd27..9c68d19 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel7,rhel8 -+prodtype: fedora,ol8,rhel7,rhel8,rl8 - - title: 'Disable loading and unloading of kernel modules' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml -index eb580cf..903b81f 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel7,rhel8 -+prodtype: fedora,ol8,rhel7,rhel8,rl8 - - title: 'Limit CPU consumption of the Perf system' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml -index 3123fe4..18c8acb 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel7,rhel8 -+prodtype: fedora,ol8,rhel7,rhel8,rl8 - - title: 'Limit sampling frequency of the Perf system' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml -index 842cf6c..d097e17 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml -index c9fe044..3e583b3 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel7,rhel8,rl8 - - title: 'Disallow kernel profiling by unprivileged users' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml -index a9f426c..aac66bb 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel7,rhel8 -+prodtype: fedora,ol8,rhel7,rhel8,rl8 - - title: 'Configure maximum number of process identifiers' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml -index ae2af13..06bcdf0 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel7,rhel8 -+prodtype: fedora,ol8,rhel7,rhel8,rl8 - - title: 'Disallow magic SysRq key' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml -index 5260f3d..8912ebb 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml -index 200c2eb..4f6ac26 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml -index 8f8ee9e..a8169ad 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml -index 6848343..21ea83f 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Restrict usage of ptrace to descendant processes' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml -index 0658d75..99f84ad 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rl,multi_platform_fedora - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml -index 9094985..d0ec761 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Harden the operation of the BPF just-in-time compiler' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml -index 66aae71..9c0fcae 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhcos - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml -index 5e3929e..ba9858b 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8 - - title: 'Disable the use of user namespaces' - -diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml -index 026c651..aee4355 100644 ---- a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel7,rhel8 -+prodtype: fedora,ol8,rhel7,rhel8,rl8 - - title: 'Prevent applications from mapping low portion of virtual memory' - -diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml -index e9ff094..28c528f 100644 ---- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml -+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh -index 735354a..1350adb 100644 ---- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh -+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 - - sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* - sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* -diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml -index a5bab5f..576bab1 100644 ---- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml -+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Ensure SELinux Not Disabled in /etc/default/grub' - -diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml -index 1785951..903e32c 100644 ---- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml -+++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4,sle15 - - title: 'Install libselinux Package' - -diff --git a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml -index 6cbcc4f..0c9603e 100644 ---- a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml -+++ b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,sle15 -+prodtype: fedora,rhel7,rhel8,rl8,sle15 - - title: 'Uninstall mcstrans Package' - -diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml -index 6c23fae..aab7897 100644 ---- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml -+++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8 -+prodtype: ol8,rhel8,rl8 - - title: 'Install policycoreutils-python-utils package' - -diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml -index a107af6..7e0bdb7 100644 ---- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml -+++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install policycoreutils Package' - -diff --git a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml -index fb25ba1..ddd5991 100644 ---- a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml -+++ b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,sle15 -+prodtype: fedora,rhel7,rhel8,rl8,sle15 - - title: 'Uninstall setroubleshoot Package' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml -index 8cf0b59..b502045 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the abrt_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml -index 96a33aa..bae2e2a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the abrt_handle_event SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml -index 8bb491c..e7d4dcc 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the abrt_upload_watch_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml -index 121a20b..775d864 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the antivirus_can_scan_system SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml -index e6e4db3..4116246 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the antivirus_use_jit SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml -index 7f62cbc..02307ac 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the auditadm_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml -index 94da96b..63d2a04 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the authlogin_nsswitch_use_ldap SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml -index 0c7cd89..1f5461c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the authlogin_radius SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml -index d5c3b2d..9fe13bb 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the authlogin_yubikey SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml -index 8d3ba46..5262a0f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the awstats_purge_apache_log_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml -index ada23a1..9b98d39 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the boinc_execmem SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml -index c91ea63..e77514c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cdrecord_read_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml -index 379ff1f..f967e06 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cluster_can_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml -index 59d8031..c9a932c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cluster_manage_all_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml -index 7821e87..b11b075 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cluster_use_execmem SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml -index 20410a1..df95812 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cobbler_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml -index 51019f3..fbcf271 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cobbler_can_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml -index b13d5ad..bedb1f4 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cobbler_use_cifs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml -index d966a91..705b12e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cobbler_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml -index a37cdae..79ee7de 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the collectd_tcp_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml -index 013787b..75564b3 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the condor_tcp_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml -index d11043a..7524c6a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the conman_can_network SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml -index 4a79647..86733fb 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the container_connect_any SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml -index df12459..20c7178 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the cron_can_relabel SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml -index 1ad93e3..c3dc0ff 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the cron_system_cronjob_use_shares SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml -index d975541..cc888eb 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the cron_userdomain_transition SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml -index ee135d2..d5b90d3 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cups_execmem SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml -index 0c30cca..975faf6 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the cvs_read_shadow SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml -index dbe5066..3f7a110 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the daemons_dump_core SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml -index a20039a..bc71522 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the daemons_enable_cluster_mode SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml -index 6794624..7fba67a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the daemons_use_tcp_wrapper SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml -index 5837c3b..aed8081 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the daemons_use_tty SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml -index 858c0d1..802b1fd 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the dbadm_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml -index 931e304..a75c977 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the dbadm_manage_user_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml -index d3d5a7f..c9cbffe 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the dbadm_read_user_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml -index ed96d01..acc97d0 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the deny_execmem SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml -index d3fa16f..0dba725 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the deny_ptrace SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml -index 8ba0890..27a3796 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the dhcpc_exec_iptables SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml -index b5d3065..fa7cbf0 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the dhcpd_use_ldap SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml -index 274049a..fcfecb1 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the domain_fd_use SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml -index 0ebcd13..1bd1594 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the domain_kernel_load_modules SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml -index 4670b92..c0ffbbb 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the entropyd_use_audio SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml -index d51de11..f08b4d2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the exim_can_connect_db SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml -index ba27309..9759e0a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the exim_manage_user_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml -index 07d19af..344bfd7 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the exim_read_user_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml -index d4cd0f8..b428447 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the fcron_crond SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml -index f470600..fcd4d2f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the fenced_can_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml -index d37d627..615600a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the fenced_can_ssh SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml -index cc3abdf..167f759 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the fips_mode SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml -index 543d3fd..cacea25 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ftpd_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml -index ddf070c..aa7bca3 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ftpd_connect_all_unreserved SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml -index 580302e..19d127e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ftpd_connect_db SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml -index e92d9e3..dc22abc 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ftpd_full_access SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml -index 57a2076..d6c8dd3 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ftpd_use_cifs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml -index 8384701..3715e17 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ftpd_use_fusefs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml -index 677a6c3..fb0f368 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ftpd_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml -index 2fe3581..9573a1e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ftpd_use_passive_mode SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml -index 94fc0b5..49c4bdb 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the git_cgi_enable_homedirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml -index dd96e9a..59c211d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the git_cgi_use_cifs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml -index 305ec10..178ff13 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the git_cgi_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml -index 7ac68e4..dd16856 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the git_session_bind_all_unreserved_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml -index 4d94155..e75552c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the git_session_users SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml -index 4a576e0..e30a282 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the git_system_enable_homedirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml -index ea60ce0..1269287 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the git_system_use_cifs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml -index 7c3b62a..e994266 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the git_system_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml -index 6d18755..f4b3277 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the gitosis_can_sendmail SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml -index 0a6caa2..bcda971 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the glance_api_can_network SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml -index da6ee7f..a594e9b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the glance_use_execmem SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml -index 18643fd..6909e74 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the glance_use_fusefs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml -index 6169ee9..fdebd89 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the global_ssp SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml -index 43e7389..e205b1b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the gluster_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml -index 30fde50..2643c67 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the gluster_export_all_ro SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml -index 297f92f..b771497 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure the gluster_export_all_rw SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml -index 462281b..a885632 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the gpg_web_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml -index f29ec4b..7b566ef 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the gssd_read_tmp SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml -index e5d7e81..3d21696 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the guest_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml -index 8907de5..b8e5349 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the haproxy_connect_any SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml -index c5c4f1c..b40bef2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml -index e0cb965..ef47705 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure the httpd_builtin_scripting SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml -index 2481c2b..c5e81c4 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_check_spam SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml -index 82594b3..a19750d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_connect_ftp SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml -index 85df412..7ee2e59 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_connect_ldap SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml -index 5e34e3d..0340f90 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_connect_mythtv SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml -index e3d6dff..547a746 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_connect_zabbix SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml -index 3a07d28..c49ea01 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml -index 4dd1624..800233d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_network_connect_cobbler SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml -index 65d7fe4..fe2037b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_network_connect_db SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml -index 91dac40..c20acc9 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_network_memcache SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml -index 684bc84..a57364b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_network_relay SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml -index b608759..d7e13ec 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_can_sendmail SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml -index 932d032..6a32953 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_dbus_avahi SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml -index fb8ba25..1ee777d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_dbus_sssd SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml -index aaef314..e58f3b9 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_dontaudit_search_dirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml -index 3a7f808..f940d9c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Configure the httpd_enable_cgi SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml -index 4d5a4f6..795b0af 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_enable_ftp_server SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml -index 5a49993..898804f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_enable_homedirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml -index 80cbfba..7e4e774 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_execmem SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml -index 4e189e2..63ff580 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the httpd_graceful_shutdown SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml -index 5ba2f80..8c3997c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_manage_ipa SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml -index 4d295d3..20743c5 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_mod_auth_ntlm_winbind SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml -index 0305e79..3689527 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_mod_auth_pam SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml -index 13a5b5c..92193a6 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_read_user_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml -index 1af4ae4..250ae9b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_run_ipa SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml -index 4dd0276..3327311 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_run_preupgrade SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml -index db408ca..ebeda86 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_run_stickshift SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml -index c54f61d..49f6982 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_serve_cobbler_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml -index 148a248..967e725 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_setrlimit SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml -index c6f2551..a4d5556 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_ssi_exec SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml -index d8c0f8e..58094a7 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_sys_script_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml -index 4463d5d..c379b4e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_tmp_exec SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml -index f8d32c4..24cdd11 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_tty_comm SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml -index 827d0cf..ec6081d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_unified SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml -index 02930c0..fc82cbf 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_use_cifs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml -index 5eea959..f8bfa47 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_use_fusefs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml -index 081e5f6..40e6af2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_use_gpg SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml -index df5fcc6..847c2f0 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml -index 58bd098..3b94f3a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_use_openstack SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml -index e0dae7c..78191d0 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_use_sasl SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml -index bd47bbc..16d786f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the httpd_verify_dns SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml -index 86f3502..3d322c7 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the icecast_use_any_tcp_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml -index e2b1dca..71ad78e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the irc_use_any_tcp_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml -index 23a1b61..b82e790 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the irssi_use_full_network SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml -index 20fba25..dca0793 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the kdumpgui_run_bootloader SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml -index ee6964c..b97a18b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the kerberos_enabled SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml -index 7167775..115df7d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ksmtuned_use_cifs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml -index a02e146..9fda608 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the ksmtuned_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml -index 837b10c..8ccd48e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the logadm_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml -index 3a0d053..2114e0f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the logging_syslogd_can_sendmail SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml -index 5cbbcc6..c678417 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the logging_syslogd_run_nagios_plugins SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml -index 6e62e20..c053ab6 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the logging_syslogd_use_tty SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml -index 29bd516..0dba56c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the login_console_enabled SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml -index 6480418..e8fd7b0 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the logrotate_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml -index 01ff4c6..7f1c3c2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the logwatch_can_network_connect_mail SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml -index db118dc..6b84cc6 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the lsmd_plugin_connect_any SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml -index 7208dbf..ba367eb 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mailman_use_fusefs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml -index 2f859e1..6cc7373 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mcelog_client SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml -index 5ab580e..fb3193c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the mcelog_exec_scripts SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml -index d0020a5..10e751b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mcelog_foreground SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml -index 785a3b4..87f1e4e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mcelog_server SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml -index 815ceb6..3b0994f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the minidlna_read_generic_user_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml -index 41956c8..eb3e104 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the mmap_low_allowed SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml -index 05719a6..ca33b85 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the mock_enable_homedirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml -index 5f8a680..804fa3f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the mount_anyfile SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml -index 47917c1..db76094 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mozilla_plugin_bind_unreserved_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml -index 41247b1..268296f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mozilla_plugin_can_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml -index 0aa299a..3a64c0e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mozilla_plugin_use_bluejeans SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml -index 1031331..b94ea0d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mozilla_plugin_use_gps SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml -index 36ec086..3600ca3 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mozilla_plugin_use_spice SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml -index b31818a..5fa8e39 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mozilla_read_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml -index 764e4dc..eea3d5b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mpd_enable_homedirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml -index a979b22..67b7a38 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mpd_use_cifs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml -index bcba81e..c030e8f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mpd_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml -index 415da57..4392ecf 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mplayer_execstack SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml -index 655cd23..b409dca 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the mysql_connect_any SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml -index 829676a..c475ece 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the nagios_run_pnp4nagios SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml -index 5daed0e..d153481 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the nagios_run_sudo SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml -index 7f66574..09aff0c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the named_tcp_bind_http_port SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml -index 90f6620..b94da02 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the named_write_master_zones SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml -index cdde885..e0346c8 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the neutron_can_network SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml -index af9ffb1..862ba27 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the nfs_export_all_ro SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml -index 55e97e8..6a8df12 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the nfs_export_all_rw SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml -index b1c6fda..d659eff 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the nfsd_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml -index 598e6e7..21c663c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the nis_enabled SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml -index 7bbb60f..e8e61cb 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the nscd_use_shm SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml -index 0122a31..975ed07 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the openshift_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml -index 40f28c7..5b71d8f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the openvpn_can_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml -index 5d68295..18a198e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the openvpn_enable_homedirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml -index f2d44d6..17dfe5c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the openvpn_run_unconfined SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml -index e6c5857..fd56085 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the pcp_bind_all_unreserved_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml -index 4e9862b..9f01cb2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the pcp_read_generic_logs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml -index 0b11612..293a8a6 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the piranha_lvs_can_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml -index 534e069..e81cc5c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the polipo_connect_all_unreserved SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml -index 3d7823f..d108f44 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the polipo_session_bind_all_unreserved_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml -index fe36272..d92c6f1 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the polipo_session_users SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml -index fdad813..278a5f9 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the polipo_use_cifs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml -index 367db10..bec08a1 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the polipo_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml -index b54d82a..37b7b19 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the polyinstantiation_enabled SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml -index 7d17422..5528733 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the postfix_local_write_mail_spool SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml -index 9d3f42d..21c7a99 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the postgresql_can_rsync SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml -index 345571d..45d53a7 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the postgresql_selinux_transmit_client_label SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml -index c9d065f..5211efa 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the postgresql_selinux_unconfined_dbadm SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml -index 3a053f3..59e3662 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the postgresql_selinux_users_ddl SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml -index 8483121..d18afb3 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the pppd_can_insmod SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml -index 96416d7..277f56d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the pppd_for_user SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml -index d5bb6b1..911a3e2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the privoxy_connect_any SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml -index 8451fe7..41e4b27 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the prosody_bind_http_port SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml -index a610ff1..1d17d66 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the puppetagent_manage_all_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml -index 30db174..a66ccfa 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the puppetmaster_use_db SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml -index def236f..5c928f2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the racoon_read_shadow SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml -index 59375ff..cf3e1b1 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the rsync_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml -index 54c06cc..e257a24 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the rsync_client SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml -index 3c70648..d22f845 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the rsync_export_all_ro SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml -index fa843c9..a92d015 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the rsync_full_access SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml -index d67c3a0..c044ee2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_create_home_dirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml -index 0d4d6e7..de0ab35 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_domain_controller SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml -index 88d8b68..15119c4 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_enable_home_dirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml -index a7ec2a3..76ec784 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_export_all_ro SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml -index d5c1b80..bbe8c95 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_export_all_rw SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml -index e06e0fc..106978a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_load_libgfapi SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml -index 48a07f1..8040fb8 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_portmapper SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml -index e0c780f..ede87aa 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_run_unconfined SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml -index 52d25ff..cad5e8a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_share_fusefs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml -index 819ae31..d186d73 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the samba_share_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml -index effcaf7..35c8b24 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the sanlock_use_fusefs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml -index 0294e81..d820677 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the sanlock_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml -index 3510087..6efe579 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the sanlock_use_samba SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml -index 847144a..8a93caa 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the saslauthd_read_shadow SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml -index 2773cae..dcf6da2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the secadm_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml -index 8656558..50f75c5 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the secure_mode SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml -index 116da23..c3d42ea 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the secure_mode_insmod SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml -index 9560297..c62e701 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the secure_mode_policyload SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml -index 7211eac..93f9e9e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Configure the selinuxuser_direct_dri_enabled SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml -index d9a093f..3b3f97a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Disable the selinuxuser_execheap SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml -index 8178f28..a0111c0 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Enable the selinuxuser_execmod SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml -index 0a54595..68c2338 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'disable the selinuxuser_execstack SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml -index e1d16d1..de02f18 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the selinuxuser_mysql_connect_enabled SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml -index d07ffa2..8a56623 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the selinuxuser_ping SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml -index 62db4de..4583e3c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml -index 193a6c0..69d9bd8 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the selinuxuser_rw_noexattrfile SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml -index a15bf88..5ac3573 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the selinuxuser_share_music SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml -index 29955b7..ae9a285 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the selinuxuser_tcp_server SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml -index b099226..941dd9c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the selinuxuser_udp_server SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml -index 0dc63fd..3a5c053 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the selinuxuser_use_ssh_chroot SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml -index 639fcda..f73d1f1 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the sge_domain_can_network_connect SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml -index 99f9959..535d6e5 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the sge_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml -index 5fbe9a9..0cf27f2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the smartmon_3ware SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml -index cd8cb0d..a48a9bd 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the smbd_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml -index 59c269b..e73255c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the spamassassin_can_network SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml -index 40ae769..0f8647a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the spamd_enable_home_dirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml -index 13d9c59..757d19e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the squid_connect_any SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml -index 3c4161d..975ac4a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the squid_use_tproxy SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml -index bf36b6c..b6db1f9 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the ssh_chroot_rw_homedirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml -index 69c20fc..a43401a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the ssh_keysign SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml -index 4d264e5..200a193 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the ssh_sysadm_login SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml -index 0cd2cbb..9163d6f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the staff_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml -index 3a276af..b95a069 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the staff_use_svirt SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml -index fa9e3d2..2381f9c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the swift_can_network SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml -index d0d798d..fd29e11 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the sysadm_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml -index 2a04d71..b31f3f1 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the telepathy_connect_all_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml -index e203eda..2a88149 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the telepathy_tcp_connect_generic_network_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml -index 4485d50..dc22429 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the tftp_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml -index 4d9cce1..7d233f8 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the tftp_home_dir SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml -index 0ca41b3..915afb2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the tmpreaper_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml -index f07f7b5..f9ec7be 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the tmpreaper_use_samba SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml -index 5ae33cf..77d5774 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the tor_bind_all_unreserved_ports SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml -index 4ea25f1..904234d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the tor_can_network_relay SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml -index c51f2c2..7b6ce59 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the unconfined_chrome_sandbox_transition SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml -index 73ce5a0..42b4775 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the unconfined_login SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml -index 2e7fce6..ce3b3da 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the unconfined_mozilla_plugin_transition SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml -index b777477..2319758 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the unprivuser_use_svirt SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml -index 91e2904..436eb8e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the use_ecryptfs_home_dirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml -index af7e2d5..a2b071f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the use_fusefs_home_dirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml -index fc5521f..649432a 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the use_lpd_server SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml -index e27a097..7d41eb5 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the use_nfs_home_dirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml -index 91d29d8..63394bc 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the use_samba_home_dirs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml -index c205cef..533ae2b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Enable the user_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml -index 309e8ab..78f8db9 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the varnishd_connect_any SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml -index 8469ba1..b89b212 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_read_qemu_ga_data SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml -index 1444788..7e41ae6 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_rw_qemu_ga_data SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml -index 4e4fce6..37e5f41 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_sandbox_use_all_caps SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml -index 0df3ed2..eca9209 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the virt_sandbox_use_audit SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml -index 2f32f8b..155db7f 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_sandbox_use_mknod SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml -index 8be2b32..34cd794 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_sandbox_use_netlink SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml -index eb77bc7..29d9985 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_sandbox_use_sys_admin SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml -index dff84eb..ed29d4b 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_transition_userdomain SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml -index aa39cff..8b94821 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_comm SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml -index 9fe91b1..0d1026e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_execmem SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml -index 31f18e0..deef5cc 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_fusefs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml -index 1e62cde..a699441 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml -index 616f596..582de0c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_rawip SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml -index 4bd85cd..af6ecc3 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_samba SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml -index ec76880..82a1277 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_sanlock SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml -index 51ae4c2..09b68be 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_usb SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml -index 1d2a092..e6e933d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the virt_use_xserver SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml -index 5389b1c..1b33d5c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the webadm_manage_user_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml -index b5a0681..73d08fa 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the webadm_read_user_files SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml -index 50da2c6..79d9bc4 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the wine_mmap_zero_ignore SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml -index 2fae8e5..35ff7ff 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xdm_bind_vnc_tcp_port SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml -index 981bb5c..2671dde 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xdm_exec_bootloader SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml -index 81a94e2..cac1232 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xdm_sysadm_login SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml -index e9a9a58..7ecc66d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xdm_write_home SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml -index 9ce6183..a78470c 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the xen_use_nfs SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml -index 75dabac..7210196 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the xend_run_blktap SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml -index da3c989..f697291 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable the xend_run_qemu SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml -index cba7103..48e29e6 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xguest_connect_network SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml -index b816ab2..c50e692 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xguest_exec_content SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml -index cc72497..3eefefc 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xguest_mount_media SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml -index fc8139a..eb6495d 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xguest_use_bluetooth SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml -index 9bb8a66..d27376e 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xserver_clients_write_xshm SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml -index 9ff72d3..b27b9ae 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xserver_execmem SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml -index bde9e8c..dea7d26 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Disable the xserver_object_manager SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml -index 9d838bb..623fff7 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the zabbix_can_network SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml -index 8a28b2a..57ac0d9 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the zarafa_setrlimit SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml -index 6d5c267..16d23f3 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the zebra_write_config SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml -index 0408691..e9570e9 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the zoneminder_anon_write SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml -index 3d0dd1b..e6278c2 100644 ---- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml -+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Disable the zoneminder_run_sudo SELinux Boolean' - -diff --git a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml -index b2b9436..0757de1 100644 ---- a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml -+++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure No Device Files are Unlabeled by SELinux' - -diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml -index d48b713..b48ef4f 100644 ---- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml -+++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Ensure No Daemons are Unconfined by SELinux' - -diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml -index 73e6ec7..aeb0114 100644 ---- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml -+++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh -index d84c8ac..890f160 100644 ---- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh -+++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml -index f7d6ce6..e092ad7 100644 ---- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml -+++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Configure SELinux Policy' - -diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml -index 1c1560a..25e2dcf 100644 ---- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml -+++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh -index ad53e52..3f556bc 100644 ---- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh -+++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platorm_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platorm_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml -index 0c4056d..78b10da 100644 ---- a/linux_os/guide/system/selinux/selinux_state/rule.yml -+++ b/linux_os/guide/system/selinux/selinux_state/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Ensure SELinux State is Enforcing' - -diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml -index 1a02b54..4a78631 100644 ---- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml -+++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Map System Users To The Appropriate SELinux Role' - -diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml -index 8d5b722..5ea1b48 100644 ---- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml -+++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4,sle12 - - title: 'Encrypt Partitions' - -diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml -index ab0fcaa..4940c9a 100644 ---- a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml -+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure /boot Located On Separate Partition' - -diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml -index 2c0e346..55f7569 100644 ---- a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml -+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure /opt Located On Separate Partition' - -diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml -index 0956cb8..b6e4eab 100644 ---- a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml -+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure /usr Located On Separate Partition' - -diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml -index 340af24..1487cc7 100644 ---- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml -+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 - - title: 'Ensure /var/tmp Located On Separate Partition' - -diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh -index db06c9f..f004c87 100644 ---- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh -+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh -@@ -1,3 +1,3 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - - dconf update -diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml -index 3d37eee..4959465 100644 ---- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml -+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Make sure that the dconf databases are up-to-date with regards to respective keyfiles' - -diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml -index d954668..04f4aca 100644 ---- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml -+++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15 - - title: 'Configure GNOME3 DConf User Profile' - -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml -index a6066d3..a11cbe4 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml -index 58274f4..787fdbc 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable the GNOME3 Login Restart and Shutdown Buttons' - -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml -index c4b757a..c31aaf3 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml -index 0dd463b..5eb15e3 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable the GNOME3 Login User List' - -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml -index a1cb94c..b892b36 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml -index c0ac9db..b33b74f 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Enable the GNOME3 Login Smartcard Authentication' - -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml -index a41844f..c57b2ea 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml -index c85f070..4821c37 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Set the GNOME3 Login Number of Failures' - -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml -index 189dace..84bffad 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_sle - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml -index 0594702..dd5df26 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle12 - - title: 'Disable GDM Automatic Login' - -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml -index ef2933c..f99be93 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml -index 4d2915f..0cb4d43 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable GDM Guest Login' - -diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml -index 0ca67c7..1ea7e4e 100644 ---- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml -index 5a3c30d..9f2c717 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml -index eb56d94..548aa1c 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable GNOME3 Automounting' - -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml -index e0c9aed..eb8c01b 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml -index f14363a..8e9907d 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable GNOME3 Automount Opening' - -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml -index 7f01df1..5ed08c9 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml -index 41c2817..401eafc 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable GNOME3 Automount running' - -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml -index a4da19f..18fe243 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml -index 3348fbe..3fb08b7 100644 ---- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable All GNOME3 Thumbnailers' - -diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml -index 22200f6..c4647be 100644 ---- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml -index 6e88631..0c8ef0d 100644 ---- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable WIFI Network Connection Creation in GNOME3' - -diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml -index 4b5a468..d5168be 100644 ---- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml -index 75479d9..4ca53b2 100644 ---- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable WIFI Network Notification in GNOME3' - -diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml -index 2472417..4e1cb44 100644 ---- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml -index bdb4eb1..8b9d798 100644 ---- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Require Credential Prompting for Remote Access in GNOME3' - -diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml -index 63af198..e151343 100644 ---- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml -index 5b3558a..ff0d46b 100644 ---- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Require Encryption for Remote Access in GNOME3' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml -index 8b3d034..03b77b3 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml -index 4071329..f8d8165 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Enable GNOME3 Screensaver Idle Activation' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml -index 0247f8a..25caebc 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml -index 2d0e710..130b426 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure Users Cannot Change GNOME3 Screensaver Idle Activation' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml -index 05663ec..4bebf6f 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml -index cd33cd5..d015353 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Set GNOME3 Screensaver Inactivity Timeout' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml -index a901c24..453fabc 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml -index d8a5965..be48576 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Set GNOME3 Screensaver Lock Delay After Activation Period' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml -index 2159f32..582fd51 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml -index aa492e1..ca066e0 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Enable GNOME3 Screensaver Lock After Idle Period' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml -index bb784e2..d082d08 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml -index 8267a04..962b83a 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml -index 818874f..5240156 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml -index b1a6ed7..8f8a530 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Implement Blank Screensaver' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml -index 47fc886..3a09d30 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml -index 3b70ff2..91f95b4 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable Full User Name on Splash Shield' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml -index f6ed794..296ac2c 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml -index 2cf9857..2869c4f 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure Users Cannot Change GNOME3 Screensaver Settings' - -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml -index 700b6d2..6d407ca 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml -index f074441..1e5f386 100644 ---- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure Users Cannot Change GNOME3 Session Idle Settings' - -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml -index 82b5623..7bc0e87 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml -index d89bc40..582101c 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3' - -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml -index 5313812..9873061 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml -index 92aa113..9a2ce92 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable Geolocation in GNOME3' - -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml -index 78d44cd..c643757 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8 -+prodtype: fedora,rhel7,rhel8,rl8 - - title: 'Disable Power Settings in GNOME3' - -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml -index f31fc59..52aa48f 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml -index a585809..3c7235e 100644 ---- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml -+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Disable User Administration in GNOME3' - -diff --git a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml -index cdf34d4..a7663fe 100644 ---- a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml -+++ b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhv4 -+prodtype: fedora,rhel7,rhel8,rl8,rhv4 - - title: 'Remove the GDM Package Group' - -diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml -index 48f6517..477dc75 100644 ---- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml -+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15 - - title: 'The Installed Operating System Is FIPS 140-2 Certified' - -diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml -index fba676f..3c021ad 100644 ---- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml -+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'The Installed Operating System Is Vendor Supported' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml -index 37ee1ce..92a9015 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 - - title: 'Configure BIND to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml -index e605391..fa51a42 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 - - title: 'Configure System Cryptography Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml -index fe713aa..812be53 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 - - title: 'Configure Kerberos to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml -index 01d6f68..6fc95ca 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 - - title: 'Configure Libreswan to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml -index 4998986..eeebf04 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 - - title: 'Configure OpenSSL library to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml -index 51788a3..e9a7392 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8,rhv4,rhcos4 -+prodtype: fedora,ol8,rhel8,rl8,rhv4,rhcos4 - - title: 'Configure SSH to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml -index f8fc85a..ed58040 100644 ---- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Harden OpenSSL Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml -index d98526e..3177865 100644 ---- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml -@@ -1,7 +1,7 @@ - documentation_complete: true - - # TODO: The plan is not to need this for RHEL>=8.4 --prodtype: rhel8 -+prodtype: rhel8,rl8 - - title: 'OpenSSL uses strong entropy source' - -diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml -index bde69a1..020980f 100644 ---- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8 -+prodtype: ol8,rhel8,rl8 - - title: 'Install crypto-policies package' - -diff --git a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml -index e054892..134918a 100644 ---- a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8,rhcos4 -+prodtype: rhel8,rl8,rhcos4 - - title: 'Configure session renegotiation for SSH client' - -diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml -index 1ac4527..4d7c3a7 100644 ---- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml -index fc1f0d9..c334904 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install Virus Scanning Software' - -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml -index c12bbb3..927c5bc 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhel7,rhel8,rhv4 -+prodtype: fedora,rhel7,rhel8,rl8,rhv4 - - title: 'Install Intrusion Detection Software' - -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml -index 68e974d..f290223 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install McAfee Virus Scanning Software' - -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml -index 6e9f3bc..1a85a6d 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Install the McAfee Runtime Libraries and Linux Agent' - -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml -index 92c8495..c2977f2 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Virus Scanning Software Definitions Are Updated' - -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml -index 0707fe4..14101e4 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Install the Asset Configuration Compliance Module (ACCM)' - -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml -index a237bef..5c59464 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Install the Policy Auditor (PA) Module' - -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml -index 9dc7e3c..c48654c 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15 -+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rl8,rhv4,sle12,sle15 - - title: 'Install the Host Intrusion Prevention System (HIPS) Module' - -diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml -index b427265..0c62567 100644 ---- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml -+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Enable nails Service' - -diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml -index d9a3362..7729565 100644 ---- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml -+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 - - title: "Enable Dracut FIPS Module" - -diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml -index 558dfc8..22f6ce3 100644 ---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml -+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 - - title: Enable FIPS Mode - -diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/tests/ocp4/e2e.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/tests/ocp4/e2e.yml -index 5248395..9df1716 100644 ---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/tests/ocp4/e2e.yml -+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/tests/ocp4/e2e.yml -@@ -1,4 +1,4 @@ - --- - # This has to pass by default as in the moderate e2e test we enable - # FIPS in the job itself. --default_result: PASS -\ No newline at end of file -+default_result: PASS -diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml -index 7b2076d..68d244c 100644 ---- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml -+++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: Ensure '/etc/system-fips' exists - -diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml -index b439a03..cde62b5 100644 ---- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml -+++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol8,rhel8,rhv4 -+prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 - - title: "Set kernel parameter 'crypto.fips_enabled' to 1" - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh -index 7c25aeb..4035ed1 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl - - {{{ bash_package_install("aide") }}} - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh -index aa605c8..10b3df2 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rl,multi_platform_wrlinux - - {{{ bash_package_install("aide") }}} - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml -index 5966905..21474cc 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Configure Periodic Execution of AIDE' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml -index 80a0bce..b56596c 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 - - title: 'Configure Notification of Post-AIDE Scan Details' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh -index 3e829ab..e51f67f 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol - - {{{ bash_package_install("aide") }}} - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml -index 1f86ed8..ad9aed6 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Configure AIDE to Use FIPS 140-2 for Validating Hashes' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh -index 1de7a6f..6db7fcd 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol - - {{{ bash_package_install("aide") }}} - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml -index 451ad97..2496e1e 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Configure AIDE to Verify Access Control Lists (ACLs)' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh -index 1bce723..12ecf5d 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rl,multi_platform_ol - - {{{ bash_package_install("aide") }}} - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml -index 3be8209..d57d144 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Configure AIDE to Verify Extended Attributes' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml -index abf13a2..9db164c 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 - - title: 'Install AIDE' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh -index b98aca6..6edc6bc 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Find which files have incorrect hash (not in /etc, because of the system related config files) and then get files names - files_with_incorrect_hash="$(rpm -Va --noconfig | grep -E '^..5' | awk '{print $NF}' )" -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml -index b0a2d00..ee78eba 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Verify File Hashes with RPM' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml -index ed49049..7d69658 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_rhv,multi_platform_ol - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh -index 329a00f..b8a2837 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml -index d4f76c4..feb278a 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Verify and Correct Ownership with RPM' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml -index 517cc38..1f329dd 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh -index 03cbc39..097dd7e 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv -+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_fedora,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = high -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml -index 87a4934..7340cd7 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 - - title: 'Verify and Correct File Permissions with RPM' - -diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml -index 4b78278..c1bc313 100644 ---- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml -+++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 -+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 - - title: 'Install sudo Package' - -diff --git a/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml -index 477a330..204ef5f 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml -+++ b/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ensure sudo Runs In A Minimal Environment - sudo env_reset' - -diff --git a/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml -index 2b4fd4b..6fadc14 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml -+++ b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot' - -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml -index d2100dd..2f668af 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ensure sudo umask is appropriate - sudo umask' - -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh -index 5d9a8b4..840885a 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - # variables = var_sudo_umask=0027 - - # Default umask is not explicitly set and has value 0022 -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh -index c7f7aee..7d26d78 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - # variables = var_sudo_umask=0027 - - # Default umask is not explicitly set and has value 0022 -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh -index 2f41b65..2a2c45f 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - # variables = var_sudo_umask=0027 - - # Default umask is not explicitly set and has value 0022 -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh -index c86da24..7fa317b 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - # variables = var_sudo_umask=0027 - - echo "Defaults use_pty,umask=0022,noexec" >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh -index a812074..46a5817 100644 ---- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh -@@ -1,5 +1,5 @@ - #!/bin/bash --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - # variables = var_sudo_umask=0027 - - echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers -diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml -index 770b714..bc51444 100644 ---- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml -+++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ensure a dedicated group owns sudo' - -diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh -index 1c87c96..147f782 100644 ---- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh -+++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel -+# platform = multi_platform_rhel,multi_platform_rl - # remediation = none - - # Make sure sudo is owned by root group -diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml -index 4452e89..51dfd31 100644 ---- a/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml -+++ b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8 -+prodtype: rhel7,rhel8,rl8 - - title: 'Ensure only owner and members of group owner of /usr/bin/sudo can execute it' - -diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml -index ed2fc64..f432669 100644 ---- a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall abrt-addon-ccpp Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml -index 8bbf9ea..7a42724 100644 ---- a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall abrt-addon-kerneloops Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml -index 9be8b08..8358e7b 100644 ---- a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall abrt-addon-python Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml -index 9aa7f11..84b6054 100644 ---- a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall abrt-cli Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml -index d970def..f451ca8 100644 ---- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall abrt-plugin-logger Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml -index 7f7787a..c1414a4 100644 ---- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall abrt-plugin-rhtsupport Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml -index 6107659..8e6be0c 100644 ---- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall abrt-plugin-sosreport Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml -index ec4f690..70ee0a7 100644 ---- a/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install binutils Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml -index 904ef62..bb6f900 100644 ---- a/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel8 -+prodtype: rhel8,rl8 - - title: 'Install dnf-plugin-subscription-manager Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml -index eef5d88..b1d8648 100644 ---- a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall geolite2-city Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml -index 8022a4b..d00ea54 100644 ---- a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall geolite2-country Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml -index fa94959..74a6956 100644 ---- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall gssproxy Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml -index 9ec5c88..7973dc8 100644 ---- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall iprutils Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml -index 9753c2c..8af960f 100644 ---- a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall krb5-workstation Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml -index 6696d58..a48db63 100644 ---- a/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install libcap-ng-utils Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml -index a600b42..bf7f5d9 100644 ---- a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install openscap-scanner Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml -index 80a273b..01960e9 100644 ---- a/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol8,rhel8 -+prodtype: ol8,rhel8,rl8 - - title: 'Uninstall pigz Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml -index 375301f..98636c2 100644 ---- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Install rear Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml -index 4ab170b..9d27635 100644 ---- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install rng-tools Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml -index 94bf947..2d6c687 100644 ---- a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install scap-security-guide Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml -index 59a0440..0463148 100644 ---- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4 -+prodtype: rhel7,rhel8,rl8,rhv4 - - title: 'Install subscription-manager Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml -index e5b9a44..598e9fb 100644 ---- a/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install tar Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml -index f12bbc2..752988e 100644 ---- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 - - title: 'Uninstall tuned Package' - -diff --git a/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml -index f67605d..4ae6a0f 100644 ---- a/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml -+++ b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Install vim Package' - -diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml -index caaeb5c..1cdf604 100644 ---- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml -index 6239e95..09e0fad 100644 ---- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml -+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Ensure {{{ pkg_manager }}} Removes Previous Package Versions' - -diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml -index fd53efc..7439ae4 100644 ---- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml -+++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8 -+prodtype: fedora,ol8,rhel8,rl8 - - title: Configure dnf-automatic to Install Available Updates Automatically - -diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml -index 1a61232..fac41da 100644 ---- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml -+++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8 -+prodtype: fedora,ol8,rhel8,rl8 - - title: Configure dnf-automatic to Install Only Security Updates - -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml -index 24be33b..28f5ce4 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh -index 4469a46..8937c29 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_fedora,multi_platform_rhv - . /usr/share/scap-security-guide/remediation_functions - - replace_or_append "{{{ pkg_manager_config_file }}}" '^gpgcheck' '1' '@CCENUM@' -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml -index 7d031c9..0e35d1d 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15 - - title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' - -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml -index 68553a1..e584d88 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = unknown - # complexity = low -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml -index 54a584c..51b1198 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 - - title: 'Ensure gpgcheck Enabled for Local Packages' - -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml -index 05d707d..669ad74 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_fedora,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh -index a9b33d8..a579380 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh -@@ -1,2 +1,2 @@ --# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_ol,multi_platform_fedora,multi_platform_rhv - sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/* -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml -index e9c7f70..978f7cc 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 - - title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories' - -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml -index 1dc15ec..e07d982 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: ol7,ol8,rhel7,rhel8 -+prodtype: ol7,ol8,rhel7,rhel8,rl8 - - title: 'Ensure gpgcheck Enabled for Repository Metadata' - -diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml -index cc0ced9..3f8b757 100644 ---- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml -+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform=multi_platform_rhel,multi_platform_rhv -+# platform=multi_platform_rhel,multi_platform_rl,multi_platform_rhv - # reboot = false - # strategy = restrict - # complexity = medium -diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh -index 5095432..c3e7d98 100644 ---- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh -+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_rhv - # The two fingerprints below are retrieved from https://access.redhat.com/security/team/key - readonly REDHAT_RELEASE_FINGERPRINT="{{{ release_key_fingerprint }}}" - readonly REDHAT_AUXILIARY_FINGERPRINT="{{{ auxiliary_key_fingerprint }}}" -diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml -index 61b6fcc..9d0d4f8 100644 ---- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml -+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: rhel7,rhel8,rhv4,rhcos4 -+prodtype: rhel7,rhel8,rl8,rhv4,rhcos4 - - title: 'Ensure Red Hat GPG Key Installed' - -diff --git a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml -index 2c4b739..85496ad 100644 ---- a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml -+++ b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8 -+prodtype: fedora,ol8,rhel8,rl8 - - title: 'Install dnf-automatic Package' - -diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh -index 70de60d..2972da5 100644 ---- a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh -+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel -+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rl - # reboot = true - # strategy = patch - # complexity = low -diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -index 32f67fe..afabeac 100644 ---- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804 -+prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804 - - title: 'Ensure Software Patches Installed' - -diff --git a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml -index 38a3d8a..c8cf4b9 100644 ---- a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml -+++ b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: fedora,ol8,rhel8 -+prodtype: fedora,ol8,rhel8,rl8 - - title: Enable dnf-automatic Timer - -diff --git a/rl8/CMakeLists.txt b/rl8/CMakeLists.txt -new file mode 100644 -index 0000000..fe01a68 ---- /dev/null -+++ b/rl8/CMakeLists.txt -@@ -0,0 +1,36 @@ -+# Sometimes our users will try to do: "cd rl8; cmake ." That needs to error in a nice way. -+if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") -+ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") -+endif() -+ -+set(PRODUCT "rl8") -+set(DISA_SRG_TYPE "os") -+ -+ssg_build_product(${PRODUCT}) -+ -+ssg_build_html_table_by_ref(${PRODUCT} "nist") -+ssg_build_html_table_by_ref(${PRODUCT} "cui") -+ssg_build_html_table_by_ref(${PRODUCT} "cis") -+ssg_build_html_table_by_ref(${PRODUCT} "pcidss") -+ssg_build_html_table_by_ref(${PRODUCT} "anssi") -+ -+ssg_build_html_nistrefs_table(${PRODUCT} "standard") -+ssg_build_html_nistrefs_table(${PRODUCT} "ospp") -+ssg_build_html_nistrefs_table(${PRODUCT} "stig") -+ -+ssg_build_html_anssirefs_table(${PRODUCT} "bp28_minimal") -+ssg_build_html_anssirefs_table(${PRODUCT} "bp28_intermediary") -+ssg_build_html_anssirefs_table(${PRODUCT} "bp28_enhanced") -+ssg_build_html_anssirefs_table(${PRODUCT} "bp28_high") -+ -+ssg_build_html_cce_table(${PRODUCT}) -+ -+ssg_build_html_srgmap_tables(${PRODUCT} "stig" ${DISA_SRG_TYPE}) -+ -+ssg_build_html_stig_tables(${PRODUCT} "stig") -+ -+#ssg_build_html_stig_tables(${PRODUCT} "ospp") -+ -+#if (SSG_CENTOS_DERIVATIVES_ENABLED) -+# ssg_build_derivative_product(${PRODUCT} "centos" "centos8") -+#endif() -diff --git a/rl8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg b/rl8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg -new file mode 100644 -index 0000000..e0f247d ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg -@@ -0,0 +1,163 @@ -+# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for Rocky Linux 8 -+# Version: 0.0.1 -+# Date: 2021-01-28 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --bootproto dhcp --noipv6 -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" -+part pv.01 --grow --size=1 -+ -+# Create a Logical Volume Management (LVM) group (optional) -+volgroup VolGroup --pesize=4096 pv.01 -+ -+# Create particular logical volumes (optional) -+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow -+# Ensure /usr Located On Separate Partition -+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" -+# Ensure /opt Located On Separate Partition -+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" -+# Ensure /srv Located On Separate Partition -+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" -+# Ensure /home Located On Separate Partition -+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# Ensure /tmp Located On Separate Partition -+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/tmp Located On Separate Partition -+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var Located On Separate Partition -+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" -+# Ensure /var/log Located On Separate Partition -+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/log/audit Located On Separate Partition -+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -+logvol swap --name=swap --vgname=VolGroup --size=2016 -+ -+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) -+# content - security policies - on the installed system.This add-on has been enabled by default -+# since Rocky Linux 7.2. When enabled, the packages necessary to provide this -+# functionality will automatically be installed. However, by default, no policies are enforced, -+# meaning that no checks are performed during or after installation unless specifically configured. -+# -+# Important -+# Applying a security policy is not necessary on all systems. This screen should only be used -+# when a specific policy is mandated by your organization rules or government regulations. -+# Unlike most other commands, this add-on does not accept regular options, but uses key-value -+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. -+# Values can be optionally enclosed in single quotes (') or double quotes ("). -+# -+# The following keys are recognized by the add-on: -+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. -+# - If the content-type is scap-security-guide, the add-on will use content provided by the -+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. -+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. -+# xccdf-id - ID of the benchmark you want to use. -+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. -+# profile - ID of the profile to be applied. Use default to apply the default profile. -+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. -+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. -+# -+# The following is an example %addon org_fedora_oscap section which uses content from the -+# scap-security-guide on the installation media: -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg b/rl8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg -new file mode 100644 -index 0000000..36d1697 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-anssi_bp28_high-ks.cfg -@@ -0,0 +1,167 @@ -+# SCAP Security Guide ANSSI BP-028 (high) profile kickstart for Rocky Linux 8 -+# Version: 0.0.1 -+# Date: 2020-12-10 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --bootproto dhcp --noipv6 -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# State of SELinux on the installed system (optional) -+# Defaults to enforcing -+selinux --enforcing -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" -+part pv.01 --grow --size=1 -+ -+# Create a Logical Volume Management (LVM) group (optional) -+volgroup VolGroup --pesize=4096 pv.01 -+ -+# Create particular logical volumes (optional) -+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow -+# Ensure /usr Located On Separate Partition -+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" -+# Ensure /opt Located On Separate Partition -+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" -+# Ensure /srv Located On Separate Partition -+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" -+# Ensure /home Located On Separate Partition -+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# Ensure /tmp Located On Separate Partition -+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/tmp Located On Separate Partition -+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var Located On Separate Partition -+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" -+# Ensure /var/log Located On Separate Partition -+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/log/audit Located On Separate Partition -+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -+logvol swap --name=swap --vgname=VolGroup --size=2016 -+ -+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) -+# content - security policies - on the installed system.This add-on has been enabled by default -+# since Rocky Linux 7.2. When enabled, the packages necessary to provide this -+# functionality will automatically be installed. However, by default, no policies are enforced, -+# meaning that no checks are performed during or after installation unless specifically configured. -+# -+# Important -+# Applying a security policy is not necessary on all systems. This screen should only be used -+# when a specific policy is mandated by your organization rules or government regulations. -+# Unlike most other commands, this add-on does not accept regular options, but uses key-value -+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. -+# Values can be optionally enclosed in single quotes (') or double quotes ("). -+# -+# The following keys are recognized by the add-on: -+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. -+# - If the content-type is scap-security-guide, the add-on will use content provided by the -+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. -+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. -+# xccdf-id - ID of the benchmark you want to use. -+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. -+# profile - ID of the profile to be applied. Use default to apply the default profile. -+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. -+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. -+# -+# The following is an example %addon org_fedora_oscap section which uses content from the -+# scap-security-guide on the installation media: -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_high -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg b/rl8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg -new file mode 100644 -index 0000000..64c0e04 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg -@@ -0,0 +1,163 @@ -+# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for Rocky Linux 8 -+# Version: 0.0.1 -+# Date: 2021-01-28 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --bootproto dhcp --noipv6 -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+bootloader --location=mbr -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" -+part pv.01 --grow --size=1 -+ -+# Create a Logical Volume Management (LVM) group (optional) -+volgroup VolGroup --pesize=4096 pv.01 -+ -+# Create particular logical volumes (optional) -+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow -+# Ensure /usr Located On Separate Partition -+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" -+# Ensure /opt Located On Separate Partition -+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" -+# Ensure /srv Located On Separate Partition -+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" -+# Ensure /home Located On Separate Partition -+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# Ensure /tmp Located On Separate Partition -+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/tmp Located On Separate Partition -+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var Located On Separate Partition -+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" -+# Ensure /var/log Located On Separate Partition -+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/log/audit Located On Separate Partition -+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -+logvol swap --name=swap --vgname=VolGroup --size=2016 -+ -+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) -+# content - security policies - on the installed system.This add-on has been enabled by default -+# since Rocky Linux 7.2. When enabled, the packages necessary to provide this -+# functionality will automatically be installed. However, by default, no policies are enforced, -+# meaning that no checks are performed during or after installation unless specifically configured. -+# -+# Important -+# Applying a security policy is not necessary on all systems. This screen should only be used -+# when a specific policy is mandated by your organization rules or government regulations. -+# Unlike most other commands, this add-on does not accept regular options, but uses key-value -+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. -+# Values can be optionally enclosed in single quotes (') or double quotes ("). -+# -+# The following keys are recognized by the add-on: -+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. -+# - If the content-type is scap-security-guide, the add-on will use content provided by the -+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. -+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. -+# xccdf-id - ID of the benchmark you want to use. -+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. -+# profile - ID of the profile to be applied. Use default to apply the default profile. -+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. -+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. -+# -+# The following is an example %addon org_fedora_oscap section which uses content from the -+# scap-security-guide on the installation media: -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg b/rl8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg -new file mode 100644 -index 0000000..5673540 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg -@@ -0,0 +1,127 @@ -+# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for Rocky Linux 8 -+# Version: 0.0.1 -+# Date: 2021-01-28 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --bootproto dhcp -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+bootloader --location=mbr -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+autopart -+ -+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) -+# content - security policies - on the installed system.This add-on has been enabled by default -+# since Rocky Linux 7.2. When enabled, the packages necessary to provide this -+# functionality will automatically be installed. However, by default, no policies are enforced, -+# meaning that no checks are performed during or after installation unless specifically configured. -+# -+# Important -+# Applying a security policy is not necessary on all systems. This screen should only be used -+# when a specific policy is mandated by your organization rules or government regulations. -+# Unlike most other commands, this add-on does not accept regular options, but uses key-value -+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. -+# Values can be optionally enclosed in single quotes (') or double quotes ("). -+# -+# The following keys are recognized by the add-on: -+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. -+# - If the content-type is scap-security-guide, the add-on will use content provided by the -+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. -+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. -+# xccdf-id - ID of the benchmark you want to use. -+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. -+# profile - ID of the profile to be applied. Use default to apply the default profile. -+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. -+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. -+# -+# The following is an example %addon org_fedora_oscap section which uses content from the -+# scap-security-guide on the installation media: -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-cis-ks.cfg b/rl8/kickstart/ssg-rhel8-cis-ks.cfg -new file mode 100644 -index 0000000..8321ac2 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-cis-ks.cfg -@@ -0,0 +1,146 @@ -+# SCAP Security Guide CIS profile kickstart for Rocky Linux 8 Server -+# Version: 0.0.1 -+# Date: 2020-03-30 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart -+ -+# Install a fresh new system (optional) -+install -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+ -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --device eth0 --bootproto dhcp --noipv6 -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create -+# encrypted password form for different plaintext password -+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set up the authentication options for the system (required) -+# sssd profile sets sha512 to hash passwords -+# passwords are shadowed by default -+# See the manual page for authselect-profile for a complete list of possible options. -+authselect select sssd -+ -+# State of SELinux on the installed system (optional) -+# Defaults to enforcing -+selinux --enforcing -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create -+# encrypted password form for different plaintext password -+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+part /boot --fstype=xfs --size=512 -+part pv.01 --grow --size=1 -+ -+# Create a Logical Volume Management (LVM) group (optional) -+volgroup VolGroup --pesize=4096 pv.01 -+ -+# Create particular logical volumes (optional) -+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow -+# Ensure /home Located On Separate Partition -+logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# Ensure /tmp Located On Separate Partition -+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" -+# Ensure /var/tmp Located On Separate Partition -+logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var Located On Separate Partition -+logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 -+# Ensure /var/log Located On Separate Partition -+logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 -+# Ensure /var/log/audit Located On Separate Partition -+logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 -+logvol swap --name=lv_swap --vgname=VolGroup --size=2016 -+ -+ -+# Harden installation with CIS profile -+# For more details and configuration options see -+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_cis -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-cui-ks.cfg b/rl8/kickstart/ssg-rhel8-cui-ks.cfg -new file mode 100644 -index 0000000..b41bd31 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-cui-ks.cfg -@@ -0,0 +1,167 @@ -+# SCAP Security Guide CUI profile kickstart for Rocky Linux 8 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg -+ -+# Install a fresh new system (optional) -+install -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --bootproto dhcp -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set up the authentication options for the system (required) -+# --enableshadow enable shadowed passwords by default -+# --passalgo hash / crypt algorithm for new passwords -+# See the manual page for authconfig for a complete list of possible options. -+authconfig --enableshadow --passalgo=sha512 -+ -+# State of SELinux on the installed system (optional) -+# Defaults to enforcing -+selinux --enforcing -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+part /boot --fstype=xfs --size=512 -+part pv.01 --grow --size=1 -+ -+# Create a Logical Volume Management (LVM) group (optional) -+volgroup VolGroup --pesize=4096 pv.01 -+ -+# Create particular logical volumes (optional) -+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow -+# Ensure /home Located On Separate Partition -+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# Ensure /tmp Located On Separate Partition -+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/tmp Located On Separate Partition -+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var Located On Separate Partition -+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" -+# Ensure /var/log Located On Separate Partition -+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/log/audit Located On Separate Partition -+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -+logvol swap --name=swap --vgname=VolGroup --size=2016 -+ -+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) -+# content - security policies - on the installed system.This add-on has been enabled by default -+# since Rocky Linux 7.2. When enabled, the packages necessary to provide this -+# functionality will automatically be installed. However, by default, no policies are enforced, -+# meaning that no checks are performed during or after installation unless specifically configured. -+# -+# Important -+# Applying a security policy is not necessary on all systems. This screen should only be used -+# when a specific policy is mandated by your organization rules or government regulations. -+# Unlike most other commands, this add-on does not accept regular options, but uses key-value -+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. -+# Values can be optionally enclosed in single quotes (') or double quotes ("). -+# -+# The following keys are recognized by the add-on: -+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. -+# - If the content-type is scap-security-guide, the add-on will use content provided by the -+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. -+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. -+# xccdf-id - ID of the benchmark you want to use. -+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. -+# profile - ID of the profile to be applied. Use default to apply the default profile. -+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. -+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. -+# -+# The following is an example %addon org_fedora_oscap section which uses content from the -+# scap-security-guide on the installation media: -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_cui -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-e8-ks.cfg b/rl8/kickstart/ssg-rhel8-e8-ks.cfg -new file mode 100644 -index 0000000..a0c2c50 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-e8-ks.cfg -@@ -0,0 +1,125 @@ -+# SCAP Security Guide Essential Eight profile kickstart for Rocky Linux 8 Server -+# Version: 0.0.1 -+# Date: 2019-11-13 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart -+ -+# Install a fresh new system (optional) -+install -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+ -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --device eth0 --bootproto dhcp --noipv6 -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create -+# encrypted password form for different plaintext password -+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set up the authentication options for the system (required) -+# sssd profile sets sha512 to hash passwords -+# passwords are shadowed by default -+# See the manual page for authselect-profile for a complete list of possible options. -+authselect select sssd -+ -+# State of SELinux on the installed system (optional) -+# Defaults to enforcing -+selinux --enforcing -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create -+# encrypted password form for different plaintext password -+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+autopart -+ -+# Harden installation with Essential Eight profile -+# For more details and configuration options see -+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_e8 -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-hipaa-ks.cfg b/rl8/kickstart/ssg-rhel8-hipaa-ks.cfg -new file mode 100644 -index 0000000..84db898 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-hipaa-ks.cfg -@@ -0,0 +1,125 @@ -+# SCAP Security Guide HIPAA profile kickstart for Rocky Linux 8 Server -+# Version: 0.0.1 -+# Date: 2020-05-25 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart -+ -+# Install a fresh new system (optional) -+install -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+ -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --device eth0 --bootproto dhcp --noipv6 -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create -+# encrypted password form for different plaintext password -+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set up the authentication options for the system (required) -+# sssd profile sets sha512 to hash passwords -+# passwords are shadowed by default -+# See the manual page for authselect-profile for a complete list of possible options. -+authselect select sssd -+ -+# State of SELinux on the installed system (optional) -+# Defaults to enforcing -+selinux --enforcing -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create -+# encrypted password form for different plaintext password -+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+autopart -+ -+# Harden installation with HIPAA profile -+# For more details and configuration options see -+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_hipaa -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-ospp-ks.cfg b/rl8/kickstart/ssg-rhel8-ospp-ks.cfg -new file mode 100644 -index 0000000..4d594b6 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-ospp-ks.cfg -@@ -0,0 +1,167 @@ -+# SCAP Security Guide OSPP profile kickstart for Rocky Linux 8 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg -+ -+# Install a fresh new system (optional) -+install -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --bootproto dhcp -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set up the authentication options for the system (required) -+# --enableshadow enable shadowed passwords by default -+# --passalgo hash / crypt algorithm for new passwords -+# See the manual page for authconfig for a complete list of possible options. -+authconfig --enableshadow --passalgo=sha512 -+ -+# State of SELinux on the installed system (optional) -+# Defaults to enforcing -+selinux --enforcing -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+part /boot --fstype=xfs --size=512 -+part pv.01 --grow --size=1 -+ -+# Create a Logical Volume Management (LVM) group (optional) -+volgroup VolGroup --pesize=4096 pv.01 -+ -+# Create particular logical volumes (optional) -+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow -+# Ensure /home Located On Separate Partition -+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# Ensure /tmp Located On Separate Partition -+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/tmp Located On Separate Partition -+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var Located On Separate Partition -+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" -+# Ensure /var/log Located On Separate Partition -+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/log/audit Located On Separate Partition -+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -+logvol swap --name=swap --vgname=VolGroup --size=2016 -+ -+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) -+# content - security policies - on the installed system.This add-on has been enabled by default -+# since Rocky Linux 7.2. When enabled, the packages necessary to provide this -+# functionality will automatically be installed. However, by default, no policies are enforced, -+# meaning that no checks are performed during or after installation unless specifically configured. -+# -+# Important -+# Applying a security policy is not necessary on all systems. This screen should only be used -+# when a specific policy is mandated by your organization rules or government regulations. -+# Unlike most other commands, this add-on does not accept regular options, but uses key-value -+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. -+# Values can be optionally enclosed in single quotes (') or double quotes ("). -+# -+# The following keys are recognized by the add-on: -+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. -+# - If the content-type is scap-security-guide, the add-on will use content provided by the -+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. -+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. -+# xccdf-id - ID of the benchmark you want to use. -+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. -+# profile - ID of the profile to be applied. Use default to apply the default profile. -+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. -+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. -+# -+# The following is an example %addon org_fedora_oscap section which uses content from the -+# scap-security-guide on the installation media: -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_ospp -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg b/rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg -new file mode 100644 -index 0000000..3544a6d ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg -@@ -0,0 +1,157 @@ -+# SCAP Security Guide PCI-DSS profile kickstart for Rocky Linux 8 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg -+ -+# Install a fresh new system (optional) -+install -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+ -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+network --onboot yes --bootproto dhcp --noipv6 -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set up the authentication options for the system (required) -+# --enableshadow enable shadowed passwords by default -+# --passalgo hash / crypt algorithm for new passwords -+# See the manual page for authconfig for a complete list of possible options. -+authconfig --enableshadow --passalgo=sha512 -+ -+# State of SELinux on the installed system (optional) -+# Defaults to enforcing -+selinux --enforcing -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+# -+# PASSWORD TEMPORARILY DISABLED -+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" -+#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 -+ -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+part /boot --fstype=xfs --size=512 -+part pv.01 --grow --size=1 -+ -+# Create a Logical Volume Management (LVM) group (optional) -+volgroup VolGroup --pesize=4096 pv.01 -+ -+# Create particular logical volumes (optional) -+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow -+# CCE-26557-9: Ensure /home Located On Separate Partition -+logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# CCE-26435-8: Ensure /tmp Located On Separate Partition -+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" -+# CCE-26639-5: Ensure /var Located On Separate Partition -+logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 --fsoptions="nodev" -+# CCE-26215-4: Ensure /var/log Located On Separate Partition -+logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition -+logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" -+logvol swap --name=lv_swap --vgname=VolGroup --size=2016 -+ -+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) -+# content - security policies - on the installed system.This add-on has been enabled by default -+# since Rocky Linux 7.2. When enabled, the packages necessary to provide this -+# functionality will automatically be installed. However, by default, no policies are enforced, -+# meaning that no checks are performed during or after installation unless specifically configured. -+# -+# Important -+# Applying a security policy is not necessary on all systems. This screen should only be used -+# when a specific policy is mandated by your organization rules or government regulations. -+# Unlike most other commands, this add-on does not accept regular options, but uses key-value -+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. -+# Values can be optionally enclosed in single quotes (') or double quotes ("). -+# -+# The following keys are recognized by the add-on: -+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. -+# - If the content-type is scap-security-guide, the add-on will use content provided by the -+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. -+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. -+# xccdf-id - ID of the benchmark you want to use. -+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. -+# profile - ID of the profile to be applied. Use default to apply the default profile. -+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. -+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. -+# -+# The following is an example %addon org_fedora_oscap section which uses content from the -+# scap-security-guide on the installation media: -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_pci-dss -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/kickstart/ssg-rhel8-stig-ks.cfg b/rl8/kickstart/ssg-rhel8-stig-ks.cfg -new file mode 100644 -index 0000000..efb0bc9 ---- /dev/null -+++ b/rl8/kickstart/ssg-rhel8-stig-ks.cfg -@@ -0,0 +1,168 @@ -+# SCAP Security Guide STIG profile kickstart for Rocky Linux 8 -+# -+# Based on: -+# https://pykickstart.readthedocs.io/en/latest/ -+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg -+ -+# Install a fresh new system (optional) -+install -+ -+# Specify installation method to use for installation -+# To use a different one comment out the 'url' one below, update -+# the selected choice with proper options & un-comment it -+# -+# Install from an installation tree on a remote server via FTP or HTTP: -+# --url the URL to install from -+# -+# Example: -+# -+# url --url=http://192.168.122.1/image -+# -+# Modify concrete URL in the above example appropriately to reflect the actual -+# environment machine is to be installed in -+# -+# Other possible / supported installation methods: -+# * install from the first CD-ROM/DVD drive on the system: -+# -+# cdrom -+# -+# * install from a directory of ISO images on a local drive: -+# -+# harddrive --partition=hdb2 --dir=/tmp/install-tree -+# -+# * install from provided NFS server: -+# -+# nfs --server= --dir= [--opts=] -+# -+# Set language to use during installation and the default language to use on the installed system (required) -+lang en_US.UTF-8 -+ -+# Set system keyboard type / layout (required) -+keyboard us -+ -+# Configure network information for target system and activate network devices in the installer environment (optional) -+# --onboot enable device at a boot time -+# --device device to be activated and / or configured with the network command -+# --bootproto method to obtain networking configuration for device (default dhcp) -+# --noipv6 disable IPv6 on this device -+# -+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, -+# "--bootproto=static" must be used. For example: -+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 -+# -+network --onboot yes --bootproto dhcp -+ -+# Set the system's root password (required) -+# Plaintext password is: server -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 -+ -+# The selected profile will restrict root login -+# Add a user that can login and escalate privileges -+# Plaintext password is: admin123 -+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted -+ -+# Configure firewall settings for the system (optional) -+# --enabled reject incoming connections that are not in response to outbound requests -+# --ssh allow sshd service through the firewall -+firewall --enabled --ssh -+ -+# Set up the authentication options for the system (required) -+# --enableshadow enable shadowed passwords by default -+# --passalgo hash / crypt algorithm for new passwords -+# See the manual page for authconfig for a complete list of possible options. -+authconfig --enableshadow --passalgo=sha512 -+ -+# State of SELinux on the installed system (optional) -+# Defaults to enforcing -+selinux --enforcing -+ -+# Set the system time zone (required) -+timezone --utc America/New_York -+ -+# Specify how the bootloader should be installed (required) -+# Plaintext password is: password -+# Refer to e.g. -+# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw -+# to see how to create encrypted password form for different plaintext password -+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 -+ -+# Initialize (format) all disks (optional) -+zerombr -+ -+# The following partition layout scheme assumes disk of size 20GB or larger -+# Modify size of partitions appropriately to reflect actual machine's hardware -+# -+# Remove Linux partitions from the system prior to creating new ones (optional) -+# --linux erase all Linux partitions -+# --initlabel initialize the disk label to the default based on the underlying architecture -+clearpart --linux --initlabel -+ -+# Create primary system partitions (required for installs) -+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" -+part pv.01 --grow --size=1 -+ -+# Create a Logical Volume Management (LVM) group (optional) -+volgroup VolGroup --pesize=4096 pv.01 -+ -+# Create particular logical volumes (optional) -+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow -+# Ensure /home Located On Separate Partition -+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" -+# Ensure /tmp Located On Separate Partition -+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/tmp Located On Separate Partition -+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var Located On Separate Partition -+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" -+# Ensure /var/log Located On Separate Partition -+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" -+# Ensure /var/log/audit Located On Separate Partition -+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" -+logvol swap --name=swap --vgname=VolGroup --size=2016 -+ -+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) -+# content - security policies - on the installed system.This add-on has been enabled by default -+# since Rocky Linux 7.2. When enabled, the packages necessary to provide this -+# functionality will automatically be installed. However, by default, no policies are enforced, -+# meaning that no checks are performed during or after installation unless specifically configured. -+# -+# Important -+# Applying a security policy is not necessary on all systems. This screen should only be used -+# when a specific policy is mandated by your organization rules or government regulations. -+# Unlike most other commands, this add-on does not accept regular options, but uses key-value -+# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. -+# Values can be optionally enclosed in single quotes (') or double quotes ("). -+# -+# The following keys are recognized by the add-on: -+# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. -+# - If the content-type is scap-security-guide, the add-on will use content provided by the -+# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. -+# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. -+# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. -+# xccdf-id - ID of the benchmark you want to use. -+# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. -+# profile - ID of the profile to be applied. Use default to apply the default profile. -+# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. -+# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. -+# -+# The following is an example %addon org_fedora_oscap section which uses content from the -+# scap-security-guide on the installation media: -+%addon org_fedora_oscap -+ content-type = scap-security-guide -+ profile = xccdf_org.ssgproject.content_profile_stig -+%end -+ -+# Packages selection (%packages section is required) -+%packages -+ -+# Require @Base -+@Base -+ -+%end # End of %packages section -+ -+# Reboot after the installation is complete (optional) -+# --eject attempt to eject CD or DVD media before rebooting -+reboot --eject -diff --git a/rl8/overlays/srg_support.xml b/rl8/overlays/srg_support.xml -new file mode 100644 -index 0000000..7c89f52 ---- /dev/null -+++ b/rl8/overlays/srg_support.xml -@@ -0,0 +1,173 @@ -+ -diff --git a/rl8/overlays/stig_overlay.xml b/rl8/overlays/stig_overlay.xml -new file mode 100644 -index 0000000..6cf1c1d ---- /dev/null -+++ b/rl8/overlays/stig_overlay.xml -@@ -0,0 +1,1367 @@ -+ -+ -+ -+ -+ -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010010" disa="366" severity="medium"> -+ <VMSinfo VKey="230222" SVKey="230222r5997" VRelease="r599732"/> -+ <title text="RHEL 8 vendor packaged system security patches and updates must be installed and up to date."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010020" disa="68" severity="high"> -+ <VMSinfo VKey="230223" SVKey="230223r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010030" disa="1199" severity="medium"> -+ <VMSinfo VKey="230224" SVKey="230224r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local disk partitions must implement cryptographic mechanisms to prevent unauthorized disclosure or modification of all information that requires at rest protection."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010040" disa="48" severity="medium"> -+ <VMSinfo VKey="230225" SVKey="230225r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a ssh logon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010050" disa="48" severity="medium"> -+ <VMSinfo VKey="230226" SVKey="230226r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a graphical user logon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010060" disa="48" severity="medium"> -+ <VMSinfo VKey="230227" SVKey="230227r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must display the Standard Mandatory DoD Notice and Consent Banner before granting local or remote access to the system via a command line user logon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010070" disa="67" severity="medium"> -+ <VMSinfo VKey="230228" SVKey="230228r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 remote access methods must be monitored."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010090" disa="185" severity="medium"> -+ <VMSinfo VKey="230229" SVKey="230229r5997" VRelease="r599732"/> -+ <title text="RHEL 8, for PKI-based authentication, must validate certificates by constructing a certification path (which includes status information) to an accepted trust anchor."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010100" disa="186" severity="medium"> -+ <VMSinfo VKey="230230" SVKey="230230r5997" VRelease="r599732"/> -+ <title text="RHEL 8, for certificate-based authentication, must enforce authorized access to the corresponding private key."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010110" disa="196" severity="medium"> -+ <VMSinfo VKey="230231" SVKey="230231r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010120" disa="196" severity="medium"> -+ <VMSinfo VKey="230232" SVKey="230232r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010130" disa="196" severity="medium"> -+ <VMSinfo VKey="230233" SVKey="230233r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all created passwords."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010140" disa="213" severity="high"> -+ <VMSinfo VKey="230234" SVKey="230234r5997" VRelease="r599732"/> -+ <title text="RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010150" disa="213" severity="high"> -+ <VMSinfo VKey="230235" SVKey="230235r5997" VRelease="r599732"/> -+ <title text="RHEL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010151" disa="213" severity="medium"> -+ <VMSinfo VKey="230236" SVKey="230236r5997" VRelease="r599732"/> -+ <title text="RHEL 8 operating systems must require authentication upon booting into emergency or rescue modes."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010160" disa="803" severity="medium"> -+ <VMSinfo VKey="230237" SVKey="230237r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 pam_unix.so module must use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010161" disa="803" severity="medium"> -+ <VMSinfo VKey="230238" SVKey="230238r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent system daemons from using Kerberos for authentication."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010162" disa="803" severity="medium"> -+ <VMSinfo VKey="230239" SVKey="230239r5997" VRelease="r599732"/> -+ <title text="The krb5-workstation package must not be installed on RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010170" disa="1084" severity="medium"> -+ <VMSinfo VKey="230240" SVKey="230240r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must use a Linux Security Module configured to enforce limits on system services."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010171" disa="1084" severity="low"> -+ <VMSinfo VKey="230241" SVKey="230241r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must have policycoreutils package installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010180" disa="1090" severity="medium"> -+ <VMSinfo VKey="230242" SVKey="230242r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 public directories must be owned by root or a system account to prevent unauthorized and unintended information transferred via shared system resources."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010190" disa="1090" severity="medium"> -+ <VMSinfo VKey="230243" SVKey="230243r5997" VRelease="r599732"/> -+ <title text="A sticky bit must be set on all RHEL 8 public directories to prevent unauthorized and unintended information transferred via shared system resources."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010200" disa="1133" severity="medium"> -+ <VMSinfo VKey="230244" SVKey="230244r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010210" disa="1314" severity="medium"> -+ <VMSinfo VKey="230245" SVKey="230245r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 /var/log/messages file must have mode 0640 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010220" disa="1314" severity="medium"> -+ <VMSinfo VKey="230246" SVKey="230246r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 /var/log/messages file must be owned by root."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010230" disa="1314" severity="medium"> -+ <VMSinfo VKey="230247" SVKey="230247r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 /var/log/messages file must be group-owned by root."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010240" disa="1314" severity="medium"> -+ <VMSinfo VKey="230248" SVKey="230248r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 /var/log directory must have mode 0755 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010250" disa="1314" severity="medium"> -+ <VMSinfo VKey="230249" SVKey="230249r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 /var/log directory must be owned by root."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010260" disa="1314" severity="medium"> -+ <VMSinfo VKey="230250" SVKey="230250r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 /var/log directory must be group-owned by root."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010290" disa="1453" severity="medium"> -+ <VMSinfo VKey="230251" SVKey="230251r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 SSH daemon must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-2 validated cryptographic hash algorithms."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010291" disa="1453" severity="medium"> -+ <VMSinfo VKey="230252" SVKey="230252r5997" VRelease="r599778"/> -+ <title text="The RHEL 8 operating system must implement DoD-approved encryption to protect the confidentiality of SSH connections."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010292" disa="366" severity="low"> -+ <VMSinfo VKey="230253" SVKey="230253r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must ensure the SSH server uses strong entropy."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010293" disa="1453" severity="medium"> -+ <VMSinfo VKey="230254" SVKey="230254r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 operating system must implement DoD-approved encryption in the OpenSSL package."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010294" disa="1453" severity="medium"> -+ <VMSinfo VKey="230255" SVKey="230255r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010295" disa="1453" severity="medium"> -+ <VMSinfo VKey="230256" SVKey="230256r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 operating system must implement DoD-approved TLS encryption in the GnuTLS package."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010300" disa="1499" severity="medium"> -+ <VMSinfo VKey="230257" SVKey="230257r5997" VRelease="r599732"/> -+ <title text="RHEL 8 system commands must have mode 0755 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010310" disa="1499" severity="medium"> -+ <VMSinfo VKey="230258" SVKey="230258r5997" VRelease="r599732"/> -+ <title text="RHEL 8 system commands must be owned by root."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010320" disa="1499" severity="medium"> -+ <VMSinfo VKey="230259" SVKey="230259r5997" VRelease="r599732"/> -+ <title text="RHEL 8 system commands must be group-owned by root or a system account."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010330" disa="1499" severity="medium"> -+ <VMSinfo VKey="230260" SVKey="230260r5997" VRelease="r599732"/> -+ <title text="RHEL 8 library files must have mode 0755 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010340" disa="1499" severity="medium"> -+ <VMSinfo VKey="230261" SVKey="230261r5997" VRelease="r599732"/> -+ <title text="RHEL 8 library files must be owned by root."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010350" disa="1499" severity="medium"> -+ <VMSinfo VKey="230262" SVKey="230262r5997" VRelease="r599732"/> -+ <title text="RHEL 8 library files must be group-owned by root or a system account."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010360" disa="1744" severity="medium"> -+ <VMSinfo VKey="230263" SVKey="230263r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 file integrity tool must notify the system administrator when changes to the baseline configuration or anomalies in the operation of any security functions are discovered within an organizationally defined frequency."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010370" disa="1749" severity="high"> -+ <VMSinfo VKey="230264" SVKey="230264r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010371" disa="1749" severity="high"> -+ <VMSinfo VKey="230265" SVKey="230265r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010372" disa="1749" severity="medium"> -+ <VMSinfo VKey="230266" SVKey="230266r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent the loading of a new kernel for later execution."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010373" disa="2165" severity="medium"> -+ <VMSinfo VKey="230267" SVKey="230267r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010374" disa="2165" severity="medium"> -+ <VMSinfo VKey="230268" SVKey="230268r5998" VRelease="r599818"/> -+ <title text="RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010375" disa="1090" severity="low"> -+ <VMSinfo VKey="230269" SVKey="230269r5998" VRelease="r599820"/> -+ <title text="RHEL 8 must restrict access to the kernel message buffer."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010376" disa="1090" severity="low"> -+ <VMSinfo VKey="230270" SVKey="230270r5998" VRelease="r599823"/> -+ <title text="RHEL 8 must prevent kernel profiling by unprivileged users."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010380" disa="2038" severity="medium"> -+ <VMSinfo VKey="230271" SVKey="230271r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must require users to provide a password for privilege escalation."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010381" disa="2038" severity="medium"> -+ <VMSinfo VKey="230272" SVKey="230272r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must require users to reauthenticate for privilege escalation."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010390" disa="1948" severity="medium"> -+ <VMSinfo VKey="230273" SVKey="230273r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must have the packages required for multifactor authentication installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010400" disa="1948" severity="medium"> -+ <VMSinfo VKey="230274" SVKey="230274r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must implement certificate status checking for multifactor authentication."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010410" disa="1953" severity="medium"> -+ <VMSinfo VKey="230275" SVKey="230275r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must accept Personal Identity Verification (PIV) credentials."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010420" disa="2824" severity="medium"> -+ <VMSinfo VKey="230276" SVKey="230276r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must implement non-executable data to protect its memory from unauthorized code execution."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010421" disa="1084" severity="medium"> -+ <VMSinfo VKey="230277" SVKey="230277r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must clear the page allocator to prevent use-after-free attacks."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010422" disa="1084" severity="medium"> -+ <VMSinfo VKey="230278" SVKey="230278r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable virtual syscalls."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010423" disa="1084" severity="medium"> -+ <VMSinfo VKey="230279" SVKey="230279r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must clear SLUB/SLAB objects to prevent use-after-free attacks."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010430" disa="2824" severity="medium"> -+ <VMSinfo VKey="230280" SVKey="230280r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010440" disa="2617" severity="low"> -+ <VMSinfo VKey="230281" SVKey="230281r5997" VRelease="r599732"/> -+ <title text="YUM must remove all software components after updated versions have been installed on RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010450" disa="2696" severity="medium"> -+ <VMSinfo VKey="230282" SVKey="230282r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enable the SELinux targeted policy."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010460" disa="366" severity="high"> -+ <VMSinfo VKey="230283" SVKey="230283r5997" VRelease="r599732"/> -+ <title text="There must be no shosts.equiv files on the RHEL 8 operating system."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010470" disa="366" severity="high"> -+ <VMSinfo VKey="230284" SVKey="230284r5997" VRelease="r599732"/> -+ <title text="There must be no .shosts files on the RHEL 8 operating system."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010471" disa="366" severity="low"> -+ <VMSinfo VKey="230285" SVKey="230285r5997" VRelease="r599779"/> -+ <title text="RHEL 8 must enable the hardware random number generator entropy gatherer service."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010480" disa="366" severity="medium"> -+ <VMSinfo VKey="230286" SVKey="230286r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 SSH public host key files must have mode 0644 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010490" disa="366" severity="medium"> -+ <VMSinfo VKey="230287" SVKey="230287r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 SSH private host key files must have mode 0640 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010500" disa="366" severity="medium"> -+ <VMSinfo VKey="230288" SVKey="230288r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010510" disa="366" severity="medium"> -+ <VMSinfo VKey="230289" SVKey="230289r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 SSH daemon must not allow compression or must only allow compression after successful authentication."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010520" disa="366" severity="medium"> -+ <VMSinfo VKey="230290" SVKey="230290r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 SSH daemon must not allow authentication using known host’s authentication."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010521" disa="366" severity="medium"> -+ <VMSinfo VKey="230291" SVKey="230291r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 SSH daemon must not allow unused methods of authentication."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010540" disa="366" severity="low"> -+ <VMSinfo VKey="230292" SVKey="230292r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must use a separate file system for /var."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010541" disa="366" severity="low"> -+ <VMSinfo VKey="230293" SVKey="230293r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must use a separate file system for /var/log."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010542" disa="366" severity="low"> -+ <VMSinfo VKey="230294" SVKey="230294r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must use a separate file system for the system audit data path."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010543" disa="366" severity="medium"> -+ <VMSinfo VKey="230295" SVKey="230295r5997" VRelease="r599732"/> -+ <title text="A separate RHEL 8 filesystem must be used for the /tmp directory."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010550" disa="770" severity="medium"> -+ <VMSinfo VKey="230296" SVKey="230296r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not permit direct logons to the root account using remote access via SSH."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010560" disa="366" severity="medium"> -+ <VMSinfo VKey="230297" SVKey="230297r5997" VRelease="r599732"/> -+ <title text="The auditd service must be running in RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010561" disa="366" severity="medium"> -+ <VMSinfo VKey="230298" SVKey="230298r5997" VRelease="r599732"/> -+ <title text="The rsyslog service must be running in RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010570" disa="366" severity="medium"> -+ <VMSinfo VKey="230299" SVKey="230299r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010571" disa="366" severity="medium"> -+ <VMSinfo VKey="230300" SVKey="230300r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010580" disa="366" severity="medium"> -+ <VMSinfo VKey="230301" SVKey="230301r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent special devices on non-root local partitions."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010590" disa="366" severity="medium"> -+ <VMSinfo VKey="230302" SVKey="230302r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent code from being executed on file systems that contain user home directories."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010600" disa="366" severity="medium"> -+ <VMSinfo VKey="230303" SVKey="230303r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent special devices on file systems that are used with removable media."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010610" disa="366" severity="medium"> -+ <VMSinfo VKey="230304" SVKey="230304r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent code from being executed on file systems that are used with removable media."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010620" disa="366" severity="medium"> -+ <VMSinfo VKey="230305" SVKey="230305r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are used with removable media."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010630" disa="366" severity="medium"> -+ <VMSinfo VKey="230306" SVKey="230306r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent code from being executed on file systems that are imported via Network File System (NFS)."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010640" disa="366" severity="medium"> -+ <VMSinfo VKey="230307" SVKey="230307r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent special devices on file systems that are imported via Network File System (NFS)."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010650" disa="366" severity="medium"> -+ <VMSinfo VKey="230308" SVKey="230308r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS)."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010660" disa="366" severity="medium"> -+ <VMSinfo VKey="230309" SVKey="230309r5997" VRelease="r599732"/> -+ <title text="Local RHEL 8 initialization files must not execute world-writable programs."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010670" disa="366" severity="medium"> -+ <VMSinfo VKey="230310" SVKey="230310r5997" VRelease="r599780"/> -+ <title text="RHEL 8 must disable kernel dumps unless needed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010671" disa="366" severity="medium"> -+ <VMSinfo VKey="230311" SVKey="230311r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable the kernel.core_pattern."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010672" disa="366" severity="medium"> -+ <VMSinfo VKey="230312" SVKey="230312r5997" VRelease="r599782"/> -+ <title text="RHEL 8 must disable acquiring, saving, and processing core dumps."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010673" disa="366" severity="medium"> -+ <VMSinfo VKey="230313" SVKey="230313r5997" VRelease="r599784"/> -+ <title text="RHEL 8 must disable core dumps for all users."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010674" disa="366" severity="medium"> -+ <VMSinfo VKey="230314" SVKey="230314r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable storing core dumps."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010675" disa="366" severity="medium"> -+ <VMSinfo VKey="230315" SVKey="230315r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable core dump backtraces."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010680" disa="366" severity="medium"> -+ <VMSinfo VKey="230316" SVKey="230316r5997" VRelease="r599732"/> -+ <title text="For RHEL 8 systems using Domain Name Servers (DNS) resolution, at least two name servers must be configured."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010690" disa="366" severity="medium"> -+ <VMSinfo VKey="230317" SVKey="230317r5997" VRelease="r599732"/> -+ <title text="Executable search paths within the initialization files of all local interactive RHEL 8 users must only contain paths that resolve to the system default or the users home directory."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010700" disa="366" severity="medium"> -+ <VMSinfo VKey="230318" SVKey="230318r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 world-writable directories must be owned by root, sys, bin, or an application group."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010710" disa="366" severity="medium"> -+ <VMSinfo VKey="230319" SVKey="230319r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 world-writable directories must be group-owned by root, sys, bin, or an application group."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010720" disa="366" severity="medium"> -+ <VMSinfo VKey="230320" SVKey="230320r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local interactive users must have a home directory assigned in the /etc/passwd file."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010730" disa="366" severity="medium"> -+ <VMSinfo VKey="230321" SVKey="230321r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local interactive user home directories must have mode 0750 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010740" disa="366" severity="medium"> -+ <VMSinfo VKey="230322" SVKey="230322r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local interactive user home directories must be group-owned by the home directory owner’s primary group."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010750" disa="366" severity="medium"> -+ <VMSinfo VKey="230323" SVKey="230323r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local interactive user home directories defined in the /etc/passwd file must exist."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010760" disa="366" severity="medium"> -+ <VMSinfo VKey="230324" SVKey="230324r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local interactive user accounts must be assigned a home directory upon creation."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010770" disa="366" severity="medium"> -+ <VMSinfo VKey="230325" SVKey="230325r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local initialization files must have mode 0740 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010780" disa="366" severity="medium"> -+ <VMSinfo VKey="230326" SVKey="230326r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local files and directories must have a valid owner."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010790" disa="366" severity="medium"> -+ <VMSinfo VKey="230327" SVKey="230327r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 local files and directories must have a valid group owner."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010800" disa="366" severity="medium"> -+ <VMSinfo VKey="230328" SVKey="230328r5997" VRelease="r599732"/> -+ <title text="A separate RHEL 8 filesystem must be used for user home directories (such as /home or an equivalent)."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010820" disa="366" severity="high"> -+ <VMSinfo VKey="230329" SVKey="230329r5997" VRelease="r599732"/> -+ <title text="Unattended or automatic logon via the RHEL 8 graphical user interface must not be allowed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-010830" disa="366" severity="medium"> -+ <VMSinfo VKey="230330" SVKey="230330r5997" VRelease="r599732"/> -+ <title text="Unattended or automatic logon to RHEL 8 via ssh must not be allowed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020000" disa="16" severity="medium"> -+ <VMSinfo VKey="230331" SVKey="230331r5998" VRelease="r599824"/> -+ <title text="RHEL 8 temporary user accounts must be provisioned with an expiration time of 72 hours or less."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020010" disa="44" severity="medium"> -+ <VMSinfo VKey="230332" SVKey="230332r5998" VRelease="r599827"/> -+ <title text="RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020011" disa="44" severity="medium"> -+ <VMSinfo VKey="230333" SVKey="230333r5998" VRelease="r599828"/> -+ <title text="RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020012" disa="44" severity="medium"> -+ <VMSinfo VKey="230334" SVKey="230334r5998" VRelease="r599829"/> -+ <title text="RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020013" disa="44" severity="medium"> -+ <VMSinfo VKey="230335" SVKey="230335r5998" VRelease="r599830"/> -+ <title text="RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020014" disa="44" severity="medium"> -+ <VMSinfo VKey="230336" SVKey="230336r5998" VRelease="r599831"/> -+ <title text="RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020015" disa="44" severity="medium"> -+ <VMSinfo VKey="230337" SVKey="230337r5998" VRelease="r599832"/> -+ <title text="RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020016" disa="44" severity="medium"> -+ <VMSinfo VKey="230338" SVKey="230338r5998" VRelease="r599833"/> -+ <title text="RHEL 8 must ensure account lockouts persist."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020017" disa="44" severity="medium"> -+ <VMSinfo VKey="230339" SVKey="230339r5998" VRelease="r599834"/> -+ <title text="RHEL 8 must ensure account lockouts persist."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020018" disa="44" severity="medium"> -+ <VMSinfo VKey="230340" SVKey="230340r5998" VRelease="r599835"/> -+ <title text="RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020019" disa="44" severity="medium"> -+ <VMSinfo VKey="230341" SVKey="230341r5998" VRelease="r599836"/> -+ <title text="RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020020" disa="44" severity="medium"> -+ <VMSinfo VKey="230342" SVKey="230342r5998" VRelease="r599837"/> -+ <title text="RHEL 8 must log user name information when unsuccessful logon attempts occur."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020021" disa="44" severity="medium"> -+ <VMSinfo VKey="230343" SVKey="230343r5998" VRelease="r599838"/> -+ <title text="RHEL 8 must log user name information when unsuccessful logon attempts occur."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020022" disa="44" severity="medium"> -+ <VMSinfo VKey="230344" SVKey="230344r5998" VRelease="r599839"/> -+ <title text="RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020023" disa="44" severity="medium"> -+ <VMSinfo VKey="230345" SVKey="230345r5998" VRelease="r599840"/> -+ <title text="RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020024" disa="54" severity="low"> -+ <VMSinfo VKey="230346" SVKey="230346r5997" VRelease="r599786"/> -+ <title text="RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020030" disa="56" severity="medium"> -+ <VMSinfo VKey="230347" SVKey="230347r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020040" disa="56" severity="medium"> -+ <VMSinfo VKey="230348" SVKey="230348r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020041" disa="56" severity="medium"> -+ <VMSinfo VKey="230349" SVKey="230349r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must ensure session control is automatically started at shell initialization."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020042" disa="56" severity="low"> -+ <VMSinfo VKey="230350" SVKey="230350r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent users from disabling session control mechanisms."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020050" disa="56" severity="medium"> -+ <VMSinfo VKey="230351" SVKey="230351r5997" VRelease="r599792"/> -+ <title text="RHEL 8 must be able to initiate directly a session lock for all connection types using smartcard when the smartcard is removed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020060" disa="57" severity="medium"> -+ <VMSinfo VKey="230352" SVKey="230352r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must automatically lock graphical user sessions after 15 minutes of inactivity."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020070" disa="57" severity="medium"> -+ <VMSinfo VKey="230353" SVKey="230353r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must automatically lock command line user sessions after 15 minutes of inactivity."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020080" disa="57" severity="medium"> -+ <VMSinfo VKey="230354" SVKey="230354r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent a user from overriding graphical user interface settings."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020090" disa="187" severity="medium"> -+ <VMSinfo VKey="230355" SVKey="230355r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must map the authenticated identity to the user or group account for PKI-based authentication."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020100" disa="192" severity="medium"> -+ <VMSinfo VKey="230356" SVKey="230356r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must ensure a password complexity module is enabled."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020110" disa="192" severity="medium"> -+ <VMSinfo VKey="230357" SVKey="230357r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enforce password complexity by requiring that at least one uppercase character be used."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020120" disa="193" severity="medium"> -+ <VMSinfo VKey="230358" SVKey="230358r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enforce password complexity by requiring that at least one lower-case character be used."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020130" disa="194" severity="medium"> -+ <VMSinfo VKey="230359" SVKey="230359r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enforce password complexity by requiring that at least one numeric character be used."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020140" disa="195" severity="medium"> -+ <VMSinfo VKey="230360" SVKey="230360r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020150" disa="195" severity="medium"> -+ <VMSinfo VKey="230361" SVKey="230361r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020160" disa="195" severity="medium"> -+ <VMSinfo VKey="230362" SVKey="230362r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must require the change of at least four character classes when passwords are changed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020170" disa="195" severity="medium"> -+ <VMSinfo VKey="230363" SVKey="230363r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must require the change of at least 8 characters when passwords are changed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020180" disa="198" severity="medium"> -+ <VMSinfo VKey="230364" SVKey="230364r5997" VRelease="r599732"/> -+ <title text="RHEL 8 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020190" disa="198" severity="medium"> -+ <VMSinfo VKey="230365" SVKey="230365r5997" VRelease="r599732"/> -+ <title text="RHEL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/logins.def."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020200" disa="199" severity="medium"> -+ <VMSinfo VKey="230366" SVKey="230366r5997" VRelease="r599732"/> -+ <title text="RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020210" disa="199" severity="medium"> -+ <VMSinfo VKey="230367" SVKey="230367r5997" VRelease="r599732"/> -+ <title text="RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020220" disa="200" severity="medium"> -+ <VMSinfo VKey="230368" SVKey="230368r5997" VRelease="r599732"/> -+ <title text="RHEL 8 passwords must be prohibited from reuse for a minimum of five generations."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020230" disa="205" severity="medium"> -+ <VMSinfo VKey="230369" SVKey="230369r5997" VRelease="r599732"/> -+ <title text="RHEL 8 passwords must have a minimum of 15 characters."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020231" disa="205" severity="medium"> -+ <VMSinfo VKey="230370" SVKey="230370r5997" VRelease="r599732"/> -+ <title text="RHEL 8 passwords for new users must have a minimum of 15 characters."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020240" disa="764" severity="medium"> -+ <VMSinfo VKey="230371" SVKey="230371r5997" VRelease="r599732"/> -+ <title text="RHEL 8 duplicate User IDs (UIDs) must not exist for interactive users."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020250" disa="765" severity="medium"> -+ <VMSinfo VKey="230372" SVKey="230372r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must implement smart card logon for multifactor authentication for access to interactive accounts."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020260" disa="795" severity="medium"> -+ <VMSinfo VKey="230373" SVKey="230373r5997" VRelease="r599732"/> -+ <title text="RHEL 8 account identifiers (individuals, groups, roles, and devices) must be disabled after 35 days of inactivity."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020270" disa="1682" severity="medium"> -+ <VMSinfo VKey="230374" SVKey="230374r5997" VRelease="r599732"/> -+ <title text="RHEL 8 emergency accounts must be automatically removed or disabled after the crisis is resolved or within 72 hours."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020280" disa="1619" severity="medium"> -+ <VMSinfo VKey="230375" SVKey="230375r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 passwords must contain at least one special character."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020290" disa="2007" severity="medium"> -+ <VMSinfo VKey="230376" SVKey="230376r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prohibit the use of cached authentications after one day."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020300" disa="366" severity="medium"> -+ <VMSinfo VKey="230377" SVKey="230377r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent the use of dictionary words for passwords."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020310" disa="366" severity="medium"> -+ <VMSinfo VKey="230378" SVKey="230378r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020320" disa="366" severity="medium"> -+ <VMSinfo VKey="230379" SVKey="230379r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not have unnecessary accounts."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020330" disa="366" severity="high"> -+ <VMSinfo VKey="230380" SVKey="230380r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not have accounts configured with blank or null passwords."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020340" disa="366" severity="low"> -+ <VMSinfo VKey="230381" SVKey="230381r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must display the date and time of the last successful account logon upon logon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020350" disa="366" severity="medium"> -+ <VMSinfo VKey="230382" SVKey="230382r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must display the date and time of the last successful account logon upon an SSH logon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020351" disa="366" severity="medium"> -+ <VMSinfo VKey="230383" SVKey="230383r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020352" disa="366" severity="medium"> -+ <VMSinfo VKey="230384" SVKey="230384r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must set the umask value to 077 for all local interactive user accounts."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-020353" disa="366" severity="medium"> -+ <VMSinfo VKey="230385" SVKey="230385r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must define default permissions for logon and non-logon shells."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030000" disa="2233" severity="medium"> -+ <VMSinfo VKey="230386" SVKey="230386r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030010" disa="366" severity="medium"> -+ <VMSinfo VKey="230387" SVKey="230387r5997" VRelease="r599732"/> -+ <title text="Cron logging must be implemented in RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030020" disa="139" severity="medium"> -+ <VMSinfo VKey="230388" SVKey="230388r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030030" disa="139" severity="medium"> -+ <VMSinfo VKey="230389" SVKey="230389r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 Information System Security Officer (ISSO) and System Administrator (SA) (at a minimum) must have mail aliases to be notified of an audit processing failure."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030040" disa="140" severity="medium"> -+ <VMSinfo VKey="230390" SVKey="230390r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 System must take appropriate action when an audit processing failure occurs."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030050" disa="140" severity="medium"> -+ <VMSinfo VKey="230391" SVKey="230391r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted when the audit storage volume is full."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030060" disa="140" severity="medium"> -+ <VMSinfo VKey="230392" SVKey="230392r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit system must take appropriate action when the audit storage volume is full."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030061" disa="366" severity="medium"> -+ <VMSinfo VKey="230393" SVKey="230393r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit system must audit local events."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030062" disa="1851" severity="medium"> -+ <VMSinfo VKey="230394" SVKey="230394r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must label all off-loaded audit logs before sending them to the central log server."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030063" disa="366" severity="low"> -+ <VMSinfo VKey="230395" SVKey="230395r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must resolve audit information before writing to disk."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030070" disa="162" severity="medium"> -+ <VMSinfo VKey="230396" SVKey="230396r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030080" disa="162" severity="medium"> -+ <VMSinfo VKey="230397" SVKey="230397r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit logs must be owned by root to prevent unauthorized read access."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030090" disa="162" severity="medium"> -+ <VMSinfo VKey="230398" SVKey="230398r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030100" disa="162" severity="medium"> -+ <VMSinfo VKey="230399" SVKey="230399r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit log directory must be owned by root to prevent unauthorized read access."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030110" disa="162" severity="medium"> -+ <VMSinfo VKey="230400" SVKey="230400r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030120" disa="162" severity="medium"> -+ <VMSinfo VKey="230401" SVKey="230401r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030121" disa="162" severity="medium"> -+ <VMSinfo VKey="230402" SVKey="230402r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit system must protect auditing rules from unauthorized change."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030122" disa="162" severity="medium"> -+ <VMSinfo VKey="230403" SVKey="230403r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit system must protect logon UIDs from unauthorized change."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030130" disa="169" severity="medium"> -+ <VMSinfo VKey="230404" SVKey="230404r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030140" disa="169" severity="medium"> -+ <VMSinfo VKey="230405" SVKey="230405r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030150" disa="169" severity="medium"> -+ <VMSinfo VKey="230406" SVKey="230406r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030160" disa="169" severity="medium"> -+ <VMSinfo VKey="230407" SVKey="230407r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030170" disa="169" severity="medium"> -+ <VMSinfo VKey="230408" SVKey="230408r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030171" disa="169" severity="medium"> -+ <VMSinfo VKey="230409" SVKey="230409r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030172" disa="169" severity="medium"> -+ <VMSinfo VKey="230410" SVKey="230410r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030180" disa="169" severity="medium"> -+ <VMSinfo VKey="230411" SVKey="230411r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit records must contain information to establish what type of events occurred, the source of events, where events occurred, and the outcome of events."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030190" disa="169" severity="medium"> -+ <VMSinfo VKey="230412" SVKey="230412r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030200" disa="169" severity="medium"> -+ <VMSinfo VKey="230413" SVKey="230413r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit system must be configured to audit any usage of the lremovexattr system call."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030210" disa="169" severity="medium"> -+ <VMSinfo VKey="230414" SVKey="230414r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit system must be configured to audit any usage of the removexattr system call."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030220" disa="169" severity="medium"> -+ <VMSinfo VKey="230415" SVKey="230415r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit system must be configured to audit any usage of the lsetxattr system call."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030230" disa="169" severity="medium"> -+ <VMSinfo VKey="230416" SVKey="230416r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit system must be configured to audit any usage of the fsetxattr system call."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030240" disa="169" severity="medium"> -+ <VMSinfo VKey="230417" SVKey="230417r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit system must be configured to audit any usage of the fremovexattr system call."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030250" disa="169" severity="medium"> -+ <VMSinfo VKey="230418" SVKey="230418r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the chage command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030260" disa="169" severity="medium"> -+ <VMSinfo VKey="230419" SVKey="230419r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030270" disa="169" severity="medium"> -+ <VMSinfo VKey="230420" SVKey="230420r5997" VRelease="r599794"/> -+ <title text="The RHEL 8 audit system must be configured to audit any usage of the setxattr system call."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030280" disa="169" severity="medium"> -+ <VMSinfo VKey="230421" SVKey="230421r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the ssh-agent in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030290" disa="169" severity="medium"> -+ <VMSinfo VKey="230422" SVKey="230422r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the passwd command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030300" disa="169" severity="medium"> -+ <VMSinfo VKey="230423" SVKey="230423r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the mount command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030301" disa="169" severity="medium"> -+ <VMSinfo VKey="230424" SVKey="230424r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the umount command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030302" disa="169" severity="medium"> -+ <VMSinfo VKey="230425" SVKey="230425r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030310" disa="169" severity="medium"> -+ <VMSinfo VKey="230426" SVKey="230426r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the unix_update in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030311" disa="169" severity="medium"> -+ <VMSinfo VKey="230427" SVKey="230427r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of postdrop in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030312" disa="169" severity="medium"> -+ <VMSinfo VKey="230428" SVKey="230428r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of postqueue in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030313" disa="169" severity="medium"> -+ <VMSinfo VKey="230429" SVKey="230429r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of semanage in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030314" disa="169" severity="medium"> -+ <VMSinfo VKey="230430" SVKey="230430r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of setfiles in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030315" disa="169" severity="medium"> -+ <VMSinfo VKey="230431" SVKey="230431r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of userhelper in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030316" disa="169" severity="medium"> -+ <VMSinfo VKey="230432" SVKey="230432r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of setsebool in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030317" disa="169" severity="medium"> -+ <VMSinfo VKey="230433" SVKey="230433r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030320" disa="169" severity="medium"> -+ <VMSinfo VKey="230434" SVKey="230434r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030330" disa="169" severity="medium"> -+ <VMSinfo VKey="230435" SVKey="230435r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the setfacl command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030340" disa="169" severity="medium"> -+ <VMSinfo VKey="230436" SVKey="230436r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the pam_timestamp_check command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030350" disa="169" severity="medium"> -+ <VMSinfo VKey="230437" SVKey="230437r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the newgrp command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030360" disa="169" severity="medium"> -+ <VMSinfo VKey="230438" SVKey="230438r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the init_module command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030361" disa="169" severity="medium"> -+ <VMSinfo VKey="230439" SVKey="230439r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the rename command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030362" disa="169" severity="medium"> -+ <VMSinfo VKey="230440" SVKey="230440r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the renameat command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030363" disa="169" severity="medium"> -+ <VMSinfo VKey="230441" SVKey="230441r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the rmdir command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030364" disa="169" severity="medium"> -+ <VMSinfo VKey="230442" SVKey="230442r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the unlink command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030365" disa="169" severity="medium"> -+ <VMSinfo VKey="230443" SVKey="230443r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the unlinkat command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030370" disa="169" severity="medium"> -+ <VMSinfo VKey="230444" SVKey="230444r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the gpasswd command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030380" disa="169" severity="medium"> -+ <VMSinfo VKey="230445" SVKey="230445r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the finit_module command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030390" disa="169" severity="medium"> -+ <VMSinfo VKey="230446" SVKey="230446r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030400" disa="169" severity="medium"> -+ <VMSinfo VKey="230447" SVKey="230447r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the crontab command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030410" disa="169" severity="medium"> -+ <VMSinfo VKey="230448" SVKey="230448r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the chsh command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030420" disa="169" severity="medium"> -+ <VMSinfo VKey="230449" SVKey="230449r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the truncate command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030430" disa="169" severity="medium"> -+ <VMSinfo VKey="230450" SVKey="230450r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the openat system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030440" disa="169" severity="medium"> -+ <VMSinfo VKey="230451" SVKey="230451r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the open system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030450" disa="169" severity="medium"> -+ <VMSinfo VKey="230452" SVKey="230452r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the open_by_handle_at system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030460" disa="169" severity="medium"> -+ <VMSinfo VKey="230453" SVKey="230453r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the ftruncate command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030470" disa="169" severity="medium"> -+ <VMSinfo VKey="230454" SVKey="230454r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the creat system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030480" disa="169" severity="medium"> -+ <VMSinfo VKey="230455" SVKey="230455r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the chown command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030490" disa="169" severity="medium"> -+ <VMSinfo VKey="230456" SVKey="230456r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the chmod command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030500" disa="169" severity="medium"> -+ <VMSinfo VKey="230457" SVKey="230457r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the lchown system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030510" disa="169" severity="medium"> -+ <VMSinfo VKey="230458" SVKey="230458r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the fchownat system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030520" disa="169" severity="medium"> -+ <VMSinfo VKey="230459" SVKey="230459r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the fchown system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030530" disa="169" severity="medium"> -+ <VMSinfo VKey="230460" SVKey="230460r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the fchmodat system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030540" disa="169" severity="medium"> -+ <VMSinfo VKey="230461" SVKey="230461r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the fchmod system call in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030550" disa="169" severity="medium"> -+ <VMSinfo VKey="230462" SVKey="230462r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the sudo command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030560" disa="169" severity="medium"> -+ <VMSinfo VKey="230463" SVKey="230463r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the usermod command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030570" disa="169" severity="medium"> -+ <VMSinfo VKey="230464" SVKey="230464r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the chacl command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030580" disa="169" severity="medium"> -+ <VMSinfo VKey="230465" SVKey="230465r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030590" disa="169" severity="medium"> -+ <VMSinfo VKey="230466" SVKey="230466r5998" VRelease="r599841"/> -+ <title text="Successful/unsuccessful modifications to the faillock log file in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030600" disa="169" severity="medium"> -+ <VMSinfo VKey="230467" SVKey="230467r5997" VRelease="r599732"/> -+ <title text="Successful/unsuccessful modifications to the lastlog file in RHEL 8 must generate an audit record."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030601" disa="169" severity="low"> -+ <VMSinfo VKey="230468" SVKey="230468r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enable auditing of processes that start prior to the audit daemon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030602" disa="1849" severity="low"> -+ <VMSinfo VKey="230469" SVKey="230469r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030603" disa="169" severity="low"> -+ <VMSinfo VKey="230470" SVKey="230470r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enable Linux audit logging for the USBGuard daemon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030610" disa="171" severity="medium"> -+ <VMSinfo VKey="230471" SVKey="230471r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030620" disa="1493" severity="medium"> -+ <VMSinfo VKey="230472" SVKey="230472r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit tools must have a mode of 0755 or less permissive."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030630" disa="1493" severity="medium"> -+ <VMSinfo VKey="230473" SVKey="230473r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit tools must be owned by root."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030640" disa="1493" severity="medium"> -+ <VMSinfo VKey="230474" SVKey="230474r5997" VRelease="r599732"/> -+ <title text="RHEL 8 audit tools must be group-owned by root."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030650" disa="1496" severity="medium"> -+ <VMSinfo VKey="230475" SVKey="230475r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must use cryptographic mechanisms to protect the integrity of audit tools."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030660" disa="1849" severity="medium"> -+ <VMSinfo VKey="230476" SVKey="230476r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030670" disa="366" severity="medium"> -+ <VMSinfo VKey="230477" SVKey="230477r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must have the packages required for offloading audit logs installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030680" disa="366" severity="medium"> -+ <VMSinfo VKey="230478" SVKey="230478r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must have the packages required for encrypting offloaded audit logs installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030690" disa="1851" severity="medium"> -+ <VMSinfo VKey="230479" SVKey="230479r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 audit records must be off-loaded onto a different system or storage media from the system being audited."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030700" disa="1851" severity="medium"> -+ <VMSinfo VKey="230480" SVKey="230480r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must take appropriate action when the internal event queue is full."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030710" disa="1851" severity="medium"> -+ <VMSinfo VKey="230481" SVKey="230481r5997" VRelease="r599796"/> -+ <title text="RHEL 8 must encrypt the transfer of audit records off-loaded onto a different system or media from the system being audited."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030720" disa="1851" severity="medium"> -+ <VMSinfo VKey="230482" SVKey="230482r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must authenticate the remote logging server for off-loading audit logs."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030730" disa="1855" severity="medium"> -+ <VMSinfo VKey="230483" SVKey="230483r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must notify the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030740" disa="1891" severity="medium"> -+ <VMSinfo VKey="230484" SVKey="230484r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must securely compare internal information system clocks at least every 24 hours with a server synchronized to an authoritative time source, such as the United States Naval Observatory (USNO) time servers, or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet), and/or the Global Positioning System (GPS)."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030741" disa="381" severity="low"> -+ <VMSinfo VKey="230485" SVKey="230485r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable the chrony daemon from acting as a server."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-030742" disa="381" severity="low"> -+ <VMSinfo VKey="230486" SVKey="230486r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable network management of the chrony daemon."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040000" disa="381" severity="high"> -+ <VMSinfo VKey="230487" SVKey="230487r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not have the telnet-server package installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040001" disa="381" severity="medium"> -+ <VMSinfo VKey="230488" SVKey="230488r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not have any automated bug reporting tools installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040002" disa="381" severity="medium"> -+ <VMSinfo VKey="230489" SVKey="230489r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not have the sendmail package installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040003" disa="381" severity="medium"> -+ <VMSinfo VKey="230490" SVKey="230490r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not have the gssproxy package installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040004" disa="381" severity="low"> -+ <VMSinfo VKey="230491" SVKey="230491r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enable mitigations against processor-based vulnerabilities."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040010" disa="381" severity="high"> -+ <VMSinfo VKey="230492" SVKey="230492r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not have the rsh-server package installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040020" disa="381" severity="medium"> -+ <VMSinfo VKey="230493" SVKey="230493r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must cover or disable the built-in or attached camera when not in use."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040021" disa="381" severity="low"> -+ <VMSinfo VKey="230494" SVKey="230494r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable the asynchronous transfer mode (ATM) protocol."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040022" disa="381" severity="low"> -+ <VMSinfo VKey="230495" SVKey="230495r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable the controller area network (CAN) protocol."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040023" disa="381" severity="low"> -+ <VMSinfo VKey="230496" SVKey="230496r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable the stream control transmission (SCTP) protocol."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040024" disa="381" severity="low"> -+ <VMSinfo VKey="230497" SVKey="230497r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable the transparent inter-process communication (TIPC) protocol."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040025" disa="381" severity="low"> -+ <VMSinfo VKey="230498" SVKey="230498r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable mounting of cramfs."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040026" disa="381" severity="low"> -+ <VMSinfo VKey="230499" SVKey="230499r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable IEEE 1394 (FireWire) Support."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040030" disa="382" severity="medium"> -+ <VMSinfo VKey="230500" SVKey="230500r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must be configured to prohibit or restrict the use of functions, ports, protocols, and/or services, as defined in the Ports, Protocols, and Services Management (PPSM) Category Assignments List (CAL) and vulnerability assessments."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040060" disa="1941" severity="high"> -+ <VMSinfo VKey="230501" SVKey="230501r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must enforce SSHv2 for network access to all accounts."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040070" disa="778" severity="medium"> -+ <VMSinfo VKey="230502" SVKey="230502r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 file system automounter must be disabled unless required."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040080" disa="778" severity="medium"> -+ <VMSinfo VKey="230503" SVKey="230503r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must be configured to disable USB mass storage."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040090" disa="2314" severity="medium"> -+ <VMSinfo VKey="230504" SVKey="230504r5997" VRelease="r599732"/> -+ <title text="A RHEL 8 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040100" disa="2314" severity="medium"> -+ <VMSinfo VKey="230505" SVKey="230505r5997" VRelease="r599732"/> -+ <title text="A firewall must be installed on RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040110" disa="1444" severity="medium"> -+ <VMSinfo VKey="230506" SVKey="230506r5997" VRelease="r599732"/> -+ <title text="RHEL 8 wireless network adapters must be disabled."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040111" disa="1443" severity="medium"> -+ <VMSinfo VKey="230507" SVKey="230507r5997" VRelease="r599732"/> -+ <title text="RHEL 8 Bluetooth must be disabled."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040120" disa="1764" severity="medium"> -+ <VMSinfo VKey="230508" SVKey="230508r5997" VRelease="r599797"/> -+ <title text="RHEL 8 must mount /dev/shm with the nodev option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040121" disa="1764" severity="medium"> -+ <VMSinfo VKey="230509" SVKey="230509r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must mount /dev/shm with the nosuid option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040122" disa="1764" severity="medium"> -+ <VMSinfo VKey="230510" SVKey="230510r5997" VRelease="r599798"/> -+ <title text="RHEL 8 must mount /dev/shm with the noexec option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040123" disa="1764" severity="medium"> -+ <VMSinfo VKey="230511" SVKey="230511r5997" VRelease="r599799"/> -+ <title text="RHEL 8 must mount /tmp with the nodev option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040124" disa="1764" severity="medium"> -+ <VMSinfo VKey="230512" SVKey="230512r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must mount /tmp with the nosuid option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040125" disa="1764" severity="medium"> -+ <VMSinfo VKey="230513" SVKey="230513r5998" VRelease="r599800"/> -+ <title text="RHEL 8 must mount /tmp with the noexec option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040126" disa="1764" severity="medium"> -+ <VMSinfo VKey="230514" SVKey="230514r5998" VRelease="r599801"/> -+ <title text="RHEL 8 must mount /var/log with the nodev option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040127" disa="1764" severity="medium"> -+ <VMSinfo VKey="230515" SVKey="230515r5998" VRelease="r599802"/> -+ <title text="RHEL 8 must mount /var/log with the nosuid option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040128" disa="1764" severity="medium"> -+ <VMSinfo VKey="230516" SVKey="230516r5998" VRelease="r599803"/> -+ <title text="RHEL 8 must mount /var/log with the noexec option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040129" disa="1764" severity="medium"> -+ <VMSinfo VKey="230517" SVKey="230517r5998" VRelease="r599804"/> -+ <title text="RHEL 8 must mount /var/log/audit with the nodev option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040130" disa="1764" severity="medium"> -+ <VMSinfo VKey="230518" SVKey="230518r5998" VRelease="r599805"/> -+ <title text="RHEL 8 must mount /var/log/audit with the nosuid option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040131" disa="1764" severity="medium"> -+ <VMSinfo VKey="230519" SVKey="230519r5998" VRelease="r599806"/> -+ <title text="RHEL 8 must mount /var/log/audit with the noexec option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040132" disa="1764" severity="medium"> -+ <VMSinfo VKey="230520" SVKey="230520r5998" VRelease="r599807"/> -+ <title text="RHEL 8 must mount /var/tmp with the nodev option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040133" disa="1764" severity="medium"> -+ <VMSinfo VKey="230521" SVKey="230521r5998" VRelease="r599808"/> -+ <title text="RHEL 8 must mount /var/tmp with the nosuid option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040134" disa="1764" severity="medium"> -+ <VMSinfo VKey="230522" SVKey="230522r5998" VRelease="r599809"/> -+ <title text="RHEL 8 must mount /var/tmp with the noexec option."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040135" disa="1764" severity="medium"> -+ <VMSinfo VKey="230523" SVKey="230523r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040140" disa="1958" severity="medium"> -+ <VMSinfo VKey="230524" SVKey="230524r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must block unauthorized peripherals before establishing a connection."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040150" disa="2385" severity="medium"> -+ <VMSinfo VKey="230525" SVKey="230525r5997" VRelease="r599732"/> -+ <title text="A firewall must be able to protect against or limit the effects of Denial of Service (DoS) attacks by ensuring RHEL 8 can implement rate-limiting measures on impacted network interfaces."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040160" disa="2418" severity="medium"> -+ <VMSinfo VKey="230526" SVKey="230526r5997" VRelease="r599732"/> -+ <title text="All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040161" disa="68" severity="medium"> -+ <VMSinfo VKey="230527" SVKey="230527r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must force a frequent session key renegotiation for SSH connections to the server."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040162" disa="68" severity="medium"> -+ <VMSinfo VKey="230528" SVKey="230528r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must force a frequent session key renegotiation for SSH connections by the client."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040170" disa="366" severity="high"> -+ <VMSinfo VKey="230529" SVKey="230529r5998" VRelease="r599811"/> -+ <title text="The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040171" disa="366" severity="high"> -+ <VMSinfo VKey="230530" SVKey="230530r5997" VRelease="r599732"/> -+ <title text="The x86 Ctrl-Alt-Delete key sequence in RHEL 8 must be disabled if a graphical user interface is installed."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040172" disa="366" severity="high"> -+ <VMSinfo VKey="230531" SVKey="230531r5998" VRelease="r599813"/> -+ <title text="The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040180" disa="366" severity="medium"> -+ <VMSinfo VKey="230532" SVKey="230532r5998" VRelease="r599815"/> -+ <title text="The debug-shell systemd service must be disabled on RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040190" disa="366" severity="high"> -+ <VMSinfo VKey="230533" SVKey="230533r5997" VRelease="r599732"/> -+ <title text="The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for RHEL 8 operational support."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040200" disa="366" severity="high"> -+ <VMSinfo VKey="230534" SVKey="230534r5997" VRelease="r599732"/> -+ <title text="The root account must be the only account having unrestricted access to the RHEL 8 system."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040210" disa="366" severity="medium"> -+ <VMSinfo VKey="230535" SVKey="230535r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must prevent Internet Control Message Protocol (ICMP) redirect messages from being accepted."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040220" disa="366" severity="medium"> -+ <VMSinfo VKey="230536" SVKey="230536r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040230" disa="366" severity="medium"> -+ <VMSinfo VKey="230537" SVKey="230537r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040240" disa="366" severity="medium"> -+ <VMSinfo VKey="230538" SVKey="230538r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not forward source-routed packets."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040250" disa="366" severity="medium"> -+ <VMSinfo VKey="230539" SVKey="230539r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not forward source-routed packets by default."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040260" disa="366" severity="medium"> -+ <VMSinfo VKey="230540" SVKey="230540r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not be performing packet forwarding unless the system is a router."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040261" disa="366" severity="medium"> -+ <VMSinfo VKey="230541" SVKey="230541r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not accept router advertisements on all IPv6 interfaces."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040262" disa="366" severity="medium"> -+ <VMSinfo VKey="230542" SVKey="230542r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not accept router advertisements on all IPv6 interfaces by default."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040270" disa="366" severity="medium"> -+ <VMSinfo VKey="230543" SVKey="230543r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040280" disa="366" severity="medium"> -+ <VMSinfo VKey="230544" SVKey="230544r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must ignore Internet Control Message Protocol (ICMP) redirect messages."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040281" disa="366" severity="medium"> -+ <VMSinfo VKey="230545" SVKey="230545r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable access to network bpf syscall from unprivileged processes."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040282" disa="366" severity="medium"> -+ <VMSinfo VKey="230546" SVKey="230546r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must restrict usage of ptrace to descendant processes."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040283" disa="366" severity="medium"> -+ <VMSinfo VKey="230547" SVKey="230547r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must restrict exposed kernel pointer addresses access."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040284" disa="366" severity="medium"> -+ <VMSinfo VKey="230548" SVKey="230548r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must disable the use of user namespaces."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040285" disa="366" severity="medium"> -+ <VMSinfo VKey="230549" SVKey="230549r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must use reverse path filtering on all IPv4 interfaces."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040290" disa="366" severity="medium"> -+ <VMSinfo VKey="230550" SVKey="230550r5997" VRelease="r599732"/> -+ <title text="RHEL 8 must be configured to prevent unrestricted mail relaying."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040300" disa="366" severity="low"> -+ <VMSinfo VKey="230551" SVKey="230551r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 file integrity tool must be configured to verify extended attributes."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040310" disa="366" severity="low"> -+ <VMSinfo VKey="230552" SVKey="230552r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 file integrity tool must be configured to verify Access Control Lists (ACLs)."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040320" disa="366" severity="medium"> -+ <VMSinfo VKey="230553" SVKey="230553r5997" VRelease="r599732"/> -+ <title text="The graphical display manager must not be installed on RHEL 8 unless approved."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040330" disa="366" severity="medium"> -+ <VMSinfo VKey="230554" SVKey="230554r5997" VRelease="r599732"/> -+ <title text="RHEL 8 network interfaces must not be in promiscuous mode."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040340" disa="366" severity="medium"> -+ <VMSinfo VKey="230555" SVKey="230555r5998" VRelease="r599816"/> -+ <title text="RHEL 8 remote X connections for interactive users must be disabled unless to fulfill documented and validated mission requirements."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040341" disa="366" severity="medium"> -+ <VMSinfo VKey="230556" SVKey="230556r5997" VRelease="r599732"/> -+ <title text="The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040350" disa="366" severity="medium"> -+ <VMSinfo VKey="230557" SVKey="230557r5997" VRelease="r599732"/> -+ <title text="If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040360" disa="366" severity="high"> -+ <VMSinfo VKey="230558" SVKey="230558r5997" VRelease="r599732"/> -+ <title text="A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040370" disa="366" severity="medium"> -+ <VMSinfo VKey="230559" SVKey="230559r5997" VRelease="r599732"/> -+ <title text="The gssproxy package must not be installed unless mission essential on RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040380" disa="366" severity="medium"> -+ <VMSinfo VKey="230560" SVKey="230560r5997" VRelease="r599732"/> -+ <title text="The iprutils package must not be installed unless mission essential on RHEL 8."/> -+ </overlay> -+ <overlay owner="disastig" ruleid="XXXX" ownerid="RHEL-08-040390" disa="366" severity="medium"> -+ <VMSinfo VKey="230561" SVKey="230561r5997" VRelease="r599732"/> -+ <title text="The tuned package must not be installed unless mission essential on RHEL 8."/> -+ </overlay> -+</overlays> -diff --git a/rl8/product.yml b/rl8/product.yml -new file mode 100644 -index 0000000..426ffff ---- /dev/null -+++ b/rl8/product.yml -@@ -0,0 +1,31 @@ -+product: rl8 -+full_name: Rocky Linux 8 -+type: platform -+ -+benchmark_root: "../linux_os/guide" -+ -+profiles_root: "./profiles" -+ -+pkg_manager: "yum" -+ -+init_system: "systemd" -+ -+pkg_release: "60287f36" -+pkg_version: "6d745a60" -+rl_pkg_release: "60287f36" -+rl_pkg_version: "6d745a60" -+ -+rl_major_version: "8" -+ -+oval_feed_url: "https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml" -+ -+cpes_root: "../shared/applicability" -+cpes: -+ - rl8: -+ name: "cpe:/o:rocky:rocky:8" -+ title: "Rocky Linux 8" -+ check_id: installed_OS_is_rl8 -+ -+# Mapping of CPE platform to package -+platform_package_overrides: -+ login_defs: "shadow-utils" -diff --git a/rl8/profiles/anssi_bp28_enhanced.profile b/rl8/profiles/anssi_bp28_enhanced.profile -new file mode 100644 -index 0000000..bbc1135 ---- /dev/null -+++ b/rl8/profiles/anssi_bp28_enhanced.profile -@@ -0,0 +1,16 @@ -+documentation_complete: true -+ -+title: 'ANSSI-BP-028 (enhanced)' -+ -+description: |- -+ This profile contains configurations that align to ANSSI-BP-028 at the enhanced hardening level. -+ -+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. -+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. -+ -+ A copy of the ANSSI-BP-028 can be found at the ANSSI website: -+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ -+ -+selections: -+ - anssi:all:enhanced -+ - '!selinux_state' -diff --git a/rl8/profiles/anssi_bp28_high.profile b/rl8/profiles/anssi_bp28_high.profile -new file mode 100644 -index 0000000..22efad9 ---- /dev/null -+++ b/rl8/profiles/anssi_bp28_high.profile -@@ -0,0 +1,15 @@ -+documentation_complete: true -+ -+title: 'DRAFT - ANSSI-BP-028 (high)' -+ -+description: |- -+ This profile contains configurations that align to ANSSI-BP-028 at the high hardening level. -+ -+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. -+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. -+ -+ A copy of the ANSSI-BP-028 can be found at the ANSSI website: -+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ -+ -+selections: -+ - anssi:all:high -diff --git a/rl8/profiles/anssi_bp28_intermediary.profile b/rl8/profiles/anssi_bp28_intermediary.profile -new file mode 100644 -index 0000000..a592031 ---- /dev/null -+++ b/rl8/profiles/anssi_bp28_intermediary.profile -@@ -0,0 +1,15 @@ -+documentation_complete: true -+ -+title: 'ANSSI-BP-028 (intermediary)' -+ -+description: |- -+ This profile contains configurations that align to ANSSI-BP-028 at the intermediary hardening level. -+ -+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. -+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. -+ -+ A copy of the ANSSI-BP-028 can be found at the ANSSI website: -+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ -+ -+selections: -+ - anssi:all:intermediary -diff --git a/rl8/profiles/anssi_bp28_minimal.profile b/rl8/profiles/anssi_bp28_minimal.profile -new file mode 100644 -index 0000000..cef8394 ---- /dev/null -+++ b/rl8/profiles/anssi_bp28_minimal.profile -@@ -0,0 +1,16 @@ -+documentation_complete: true -+ -+title: 'ANSSI-BP-028 (minimal)' -+ -+description: |- -+ This profile contains configurations that align to ANSSI-BP-028 at the minimal hardening level. -+ -+ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. -+ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. -+ -+ A copy of the ANSSI-BP-028 can be found at the ANSSI website: -+ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ -+ -+selections: -+ - anssi:all:minimal -+ -diff --git a/rl8/profiles/cis.profile b/rl8/profiles/cis.profile -new file mode 100644 -index 0000000..5f0d7f6 ---- /dev/null -+++ b/rl8/profiles/cis.profile -@@ -0,0 +1,1088 @@ -+documentation_complete: true -+ -+metadata: -+ version: 1.0.0 -+ SMEs: -+ - vojtapolasek -+ - yuumasato -+ -+reference: https://www.cisecurity.org/benchmark/red_hat_linux/ -+ -+title: 'CIS Rocky Linux 8 Benchmark' -+ -+description: |- -+ This profile defines a baseline that aligns to the Center for Internet Security® -+ Rocky Linux 8 Benchmark™, v1.0.0, released 09-30-2019. -+ -+ This profile includes Center for Internet Security® -+ Rocky Linux 8 CIS Benchmarks™ content. -+ -+selections: -+ # Necessary for dconf rules -+ - dconf_db_up_to_date -+ -+ ### Partitioning -+ - mount_option_home_nodev -+ -+ ## 1.1 Filesystem Configuration -+ -+ ### 1.1.1 Disable unused filesystems -+ -+ #### 1.1.1.1 Ensure mounting cramfs filesystems is disabled (Scored) -+ - kernel_module_cramfs_disabled -+ -+ #### 1.1.1.2 Ensure mounting of vFAT filesystems is limited (Not Scored) -+ -+ -+ #### 1.1.1.3 Ensure mounting of squashfs filesystems is disabled (Scored) -+ - kernel_module_squashfs_disabled -+ -+ #### 1.1.1.4 Ensure mounting of udf filesystems is disabled (Scored) -+ - kernel_module_udf_disabled -+ -+ ### 1.1.2 Ensure /tmp is configured (Scored) -+ - partition_for_tmp -+ -+ ### 1.1.3 Ensure nodev option set on /tmp partition (Scored) -+ - mount_option_tmp_nodev -+ -+ ### 1.1.4 Ensure nosuid option set on /tmp partition (Scored) -+ - mount_option_tmp_nosuid -+ -+ ### 1.1.5 Ensure noexec option set on /tmp partition (Scored) -+ - mount_option_tmp_noexec -+ -+ ### 1.1.6 Ensure separate partition exists for /var (Scored) -+ - partition_for_var -+ -+ ### 1.1.7 Ensure separate partition exists for /var/tmp (Scored) -+ - partition_for_var_tmp -+ -+ ### 1.1.8 Ensure nodev option set on /var/tmp partition (Scored) -+ - mount_option_var_tmp_nodev -+ -+ ### 1.1.9 Ensure nosuid option set on /var/tmp partition (Scored) -+ - mount_option_var_tmp_nosuid -+ -+ ### 1.1.10 Ensure noexec option set on /var/tmp partition (Scored) -+ - mount_option_var_tmp_noexec -+ -+ ### 1.1.11 Ensure separate partition exists for /var/log (Scored) -+ - partition_for_var_log -+ -+ ### 1.1.12 Ensure separate partition exists for /var/log/audit (Scored) -+ - partition_for_var_log_audit -+ -+ ### 1.1.13 Ensure separate partition exists for /home (Scored) -+ - partition_for_home -+ -+ ### 1.1.14 Ensure nodev option set on /home partition (Scored) -+ - mount_option_home_nodev -+ -+ ### 1.1.15 Ensure nodev option set on /dev/shm partition (Scored) -+ - mount_option_dev_shm_nodev -+ -+ ### 1.1.16 Ensure nosuid option set on /dev/shm partition (Scored) -+ - mount_option_dev_shm_nosuid -+ -+ ### 1.1.17 Ensure noexec option set on /dev/shm partition (Scored) -+ - mount_option_dev_shm_noexec -+ -+ ### 1.1.18 Ensure nodev option set on removable media partitions (Not Scored) -+ - mount_option_nodev_removable_partitions -+ -+ ### 1.1.19 Ensure nosuid option set on removable media partitions (Not Scored) -+ - mount_option_nosuid_removable_partitions -+ -+ ### 1.1.20 Ensure noexec option set on removable media partitions (Not Scored) -+ - mount_option_noexec_removable_partitions -+ -+ ### 1.1.21 Ensure sticky bit is set on all world-writable directories (Scored) -+ - dir_perms_world_writable_sticky_bits -+ -+ ### 1.1.22 Disable Automounting (Scored) -+ - service_autofs_disabled -+ -+ ### 1.1.23 Disable USB Storage (Scored) -+ - kernel_module_usb-storage_disabled -+ -+ ## 1.2 Configure Software Updates -+ -+ ### 1.2.1 Ensure Red Hat Subscription Manager connection is configured (Not Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5218 -+ -+ ### 1.2.2 Disable the rhnsd Daemon (Not Scored) -+ - service_rhnsd_disabled -+ -+ ### 1.2.3 Ensure GPG keys are configured (Not Scored) -+ -+ ### 1.2.4 Ensure gpgcheck is globally activated (Scored) -+ - ensure_gpgcheck_globally_activated -+ -+ ### 1.2.5 Ensure package manager repositories are configured (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5219 -+ -+ ## 1.3 Configure sudo -+ -+ ### 1.3.1 Ensure sudo is installed (Scored) -+ - package_sudo_installed -+ -+ ### 1.3.2 Ensure sudo commands use pty (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5220 -+ -+ ### 1.3.3 Ensure sudo log file exists (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5221 -+ -+ ## 1.4 Filesystem Integrity Checking -+ -+ ### 1.4.1 Ensure AIDE is installed (Scored) -+ - package_aide_installed -+ -+ ### 1.4.2 Ensure filesystem integrity is regularly checked (Scored) -+ - aide_periodic_cron_checking -+ -+ ## Secure Boot Settings -+ -+ ### 1.5.1 Ensure permissions on bootloader config are configured (Scored) -+ #### chown root:root /boot/grub2/grub.cfg -+ - file_owner_grub2_cfg -+ - file_groupowner_grub2_cfg -+ -+ #### chmod og-rwx /boot/grub2/grub.cfg -+ - file_permissions_grub2_cfg -+ -+ #### chown root:root /boot/grub2/grubenv -+ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5222 -+ -+ #### chmod og-rwx /boot/grub2/grubenv -+ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5222 -+ -+ ### 1.5.2 Ensure bootloader password is set (Scored) -+ - grub2_password -+ -+ ### 1.5.3 Ensure authentication required for single user mode (Scored) -+ #### ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue -+ - require_singleuser_auth -+ -+ #### ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency -+ - require_emergency_target_auth -+ -+ ## 1.6 Additional Process Hardening -+ -+ ### 1.6.1 Ensure core dumps are restricted (Scored) -+ #### * hard core 0 -+ - disable_users_coredumps -+ -+ #### fs.suid_dumpable = 0 -+ - sysctl_fs_suid_dumpable -+ -+ #### ProcessSizeMax=0 -+ - coredump_disable_backtraces -+ -+ #### Storage=none -+ - coredump_disable_storage -+ -+ ### 1.6.2 Ensure address space layout randomization (ASLR) is enabled -+ - sysctl_kernel_randomize_va_space -+ -+ ## 1.7 Mandatory Access Control -+ -+ ### 1.7.1 Configure SELinux -+ -+ #### 1.7.1.1 Ensure SELinux is installed (Scored) -+ - package_libselinux_installed -+ -+ #### 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration (Scored) -+ - grub2_enable_selinux -+ -+ #### 1.7.1.3 Ensure SELinux policy is configured (Scored) -+ - var_selinux_policy_name=targeted -+ - selinux_policytype -+ -+ #### 1.7.1.4 Ensure the SELinux state is enforcing (Scored) -+ - var_selinux_state=enforcing -+ - selinux_state -+ -+ #### 1.7.1.5 Ensure no unconfied services exist (Scored) -+ - selinux_confinement_of_daemons -+ -+ #### 1.7.1.6 Ensure SETroubleshoot is not installed (Scored) -+ - package_setroubleshoot_removed -+ -+ #### 1.7.1.7 Ensure the MCS Translation Service (mcstrans) is not installed (Scored) -+ - package_mcstrans_removed -+ -+ ## Warning Banners -+ -+ ### 1.8.1 Command Line Warning Baners -+ -+ #### 1.8.1.1 Ensure message of the day is configured properly (Scored) -+ - banner_etc_motd -+ -+ #### 1.8.1.2 Ensure local login warning banner is configured properly (Scored) -+ - banner_etc_issue -+ -+ #### 1.8.1.3 Ensure remote login warning banner is configured properly (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5225 -+ -+ #### 1.8.1.4 Ensure permissions on /etc/motd are configured (Scored) -+ # chmod u-x,go-wx /etc/motd -+ - file_permissions_etc_motd -+ -+ #### 1.8.1.5 Ensure permissions on /etc/issue are configured (Scored) -+ # chmod u-x,go-wx /etc/issue -+ - file_permissions_etc_issue -+ -+ #### 1.8.1.6 Ensure permissions on /etc/issue.net are configured (Scored) -+ # Previously addressed via 'rpm_verify_permissions' rule -+ -+ ### 1.8.2 Ensure GDM login banner is configured (Scored) -+ #### banner-message-enable=true -+ - dconf_gnome_banner_enabled -+ -+ #### banner-message-text='<banner message>' -+ - dconf_gnome_login_banner_text -+ -+ ## 1.9 Ensure updates, patches, and additional security software are installed (Scored) -+ - security_patches_up_to_date -+ -+ ## 1.10 Ensure system-wide crypto policy is not legacy (Scored) -+ - var_system_crypto_policy=future -+ - configure_crypto_policy -+ -+ ## 1.11 Ensure system-wide crytpo policy is FUTURE or FIPS (Scored) -+ # Previously addressed via 'configure_crypto_policy' rule -+ -+ # Services -+ -+ ## 2.1 inetd Services -+ -+ ### 2.1.1 Ensure xinetd is not installed (Scored) -+ - package_xinetd_removed -+ -+ ## 2.2 Special Purpose Services -+ -+ ### 2.2.1 Time Synchronization -+ -+ #### 2.2.1.1 Ensure time synchronization is in use (Not Scored) -+ - package_chrony_installed -+ -+ #### 2.2.1.2 Ensure chrony is configured (Scored) -+ - service_chronyd_enabled -+ - chronyd_specify_remote_server -+ - chronyd_run_as_chrony_user -+ -+ ### 2.2.2 Ensure X Window System is not installed (Scored) -+ - package_xorg-x11-server-common_removed -+ - xwindows_runlevel_target -+ -+ ### 2.2.3 Ensure rsync service is not enabled (Scored) -+ - service_rsyncd_disabled -+ -+ ### 2.2.4 Ensure Avahi Server is not enabled (Scored) -+ - service_avahi-daemon_disabled -+ -+ ### 2.2.5 Ensure SNMP Server is not enabled (Scored) -+ - service_snmpd_disabled -+ -+ ### 2.2.6 Ensure HTTP Proxy Server is not enabled (Scored) -+ - package_squid_removed -+ -+ ### 2.2.7 Ensure Samba is not enabled (Scored) -+ - service_smb_disabled -+ -+ ### 2.2.8 Ensure IMAP and POP3 server is not enabled (Scored) -+ - service_dovecot_disabled -+ -+ ### 2.2.9 Ensure HTTP server is not enabled (Scored) -+ - service_httpd_disabled -+ -+ ### 2.2.10 Ensure FTP Server is not enabled (Scored) -+ - service_vsftpd_disabled -+ -+ ### 2.2.11 Ensure DNS Server is not enabled (Scored) -+ - service_named_disabled -+ -+ ### 2.2.12 Ensure NFS is not enabled (Scored) -+ - service_nfs_disabled -+ -+ ### 2.2.13 Ensure RPC is not enabled (Scored) -+ - service_rpcbind_disabled -+ -+ ### 2.2.14 Ensure LDAP service is not enabled (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5231 -+ -+ ### 2.2.15 Ensure DHCP Server is not enabled (Scored) -+ - service_dhcpd_disabled -+ -+ ### 2.2.16 Ensure CUPS is not enabled (Scored) -+ - service_cups_disabled -+ -+ ### 2.2.17 Ensure NIS Server is not enabled (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5232 -+ -+ ### 2.2.18 Ensure mail transfer agent is configured for -+ ### local-only mode (Scored) -+ - postfix_network_listening_disabled -+ -+ ## 2.3 Service Clients -+ -+ ### 2.3.1 Ensure NIS Client is not installed (Scored) -+ - package_ypbind_removed -+ -+ ### 2.3.2 Ensure telnet client is not installed (Scored) -+ - package_telnet_removed -+ -+ ### Ensure LDAP client is not installed -+ - package_openldap-clients_removed -+ -+ # 3 Network Configuration -+ -+ ## 3.1 Network Parameters (Host Only) -+ -+ ### 3.1.1 Ensure IP forwarding is disabled (Scored) -+ #### net.ipv4.ip_forward = 0 -+ - sysctl_net_ipv4_ip_forward -+ -+ #### net.ipv6.conf.all.forwarding = 0 -+ - sysctl_net_ipv6_conf_all_forwarding -+ -+ ### 3.1.2 Ensure packet redirect sending is disabled (Scored) -+ #### net.ipv4.conf.all.send_redirects = 0 -+ - sysctl_net_ipv4_conf_all_send_redirects -+ -+ #### net.ipv4.conf.default.send_redirects = 0 -+ - sysctl_net_ipv4_conf_default_send_redirects -+ -+ ## 3.2 Network Parameters (Host and Router) -+ -+ ### 3.2.1 Ensure source routed packets are not accepted (Scored) -+ #### net.ipv4.conf.all.accept_source_route = 0 -+ - sysctl_net_ipv4_conf_all_accept_source_route -+ -+ #### net.ipv4.conf.default.accept_source_route = 0 -+ - sysctl_net_ipv4_conf_default_accept_source_route -+ -+ #### net.ipv6.conf.all.accept_source_route = 0 -+ - sysctl_net_ipv6_conf_all_accept_source_route -+ -+ #### net.ipv6.conf.default.accept_source_route = 0 -+ - sysctl_net_ipv6_conf_default_accept_source_route -+ -+ ### 3.2.2 Ensure ICMP redirects are not accepted (Scored) -+ #### net.ipv4.conf.all.accept_redirects = 0 -+ - sysctl_net_ipv4_conf_all_accept_redirects -+ -+ #### net.ipv4.conf.default.accept_redirects -+ - sysctl_net_ipv4_conf_default_accept_redirects -+ -+ #### net.ipv6.conf.all.accept_redirects = 0 -+ - sysctl_net_ipv6_conf_all_accept_redirects -+ -+ #### net.ipv6.conf.defaults.accept_redirects = 0 -+ - sysctl_net_ipv6_conf_default_accept_redirects -+ -+ ### 3.2.3 Ensure secure ICMP redirects are not accepted (Scored) -+ #### net.ipv4.conf.all.secure_redirects = 0 -+ - sysctl_net_ipv4_conf_all_secure_redirects -+ -+ #### net.ipv4.cof.default.secure_redirects = 0 -+ - sysctl_net_ipv4_conf_default_secure_redirects -+ -+ ### 3.2.4 Ensure suspicious packets are logged (Scored) -+ #### net.ipv4.conf.all.log_martians = 1 -+ - sysctl_net_ipv4_conf_all_log_martians -+ -+ #### net.ipv4.conf.default.log_martians = 1 -+ - sysctl_net_ipv4_conf_default_log_martians -+ -+ ### 3.2.5 Ensure broadcast ICMP requests are ignored (Scored) -+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts -+ -+ ### 3.2.6 Ensure bogus ICMP responses are ignored (Scored) -+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses -+ -+ ### 3.2.7 Ensure Reverse Path Filtering is enabled (Scored) -+ #### net.ipv4.conf.all.rp_filter = 1 -+ - sysctl_net_ipv4_conf_all_rp_filter -+ -+ #### net.ipv4.conf.default.rp_filter = 1 -+ - sysctl_net_ipv4_conf_default_rp_filter -+ -+ ### 3.2.8 Ensure TCP SYN Cookies is enabled (Scored) -+ - sysctl_net_ipv4_tcp_syncookies -+ -+ ### 3.2.9 Ensure IPv6 router advertisements are not accepted (Scored) -+ #### net.ipv6.conf.all.accept_ra = 0 -+ - sysctl_net_ipv6_conf_all_accept_ra -+ -+ #### net.ipv6.conf.default.accept_ra = 0 -+ - sysctl_net_ipv6_conf_default_accept_ra -+ -+ ## 3.3 Uncommon Network Protocols -+ -+ ### 3.3.1 Ensure DCCP is disabled (Scored) -+ - kernel_module_dccp_disabled -+ -+ ### Ensure SCTP is disabled (Scored) -+ - kernel_module_sctp_disabled -+ -+ ### 3.3.3 Ensure RDS is disabled (Scored) -+ - kernel_module_rds_disabled -+ -+ ### 3.3.4 Ensure TIPC is disabled (Scored) -+ - kernel_module_tipc_disabled -+ -+ ## 3.4 Firewall Configuration -+ -+ ### 3.4.1 Ensure Firewall software is installed -+ -+ #### 3.4.1.1 Ensure a Firewall package is installed (Scored) -+ ##### firewalld -+ - package_firewalld_installed -+ -+ ##### nftables -+ #NEED RULE - https://github.com/ComplianceAsCode/content/issues/5237 -+ -+ ##### iptables -+ #- package_iptables_installed -+ -+ ### 3.4.2 Configure firewalld -+ -+ #### 3.4.2.1 Ensure firewalld service is enabled and running (Scored) -+ - service_firewalld_enabled -+ -+ #### 3.4.2.2 Ensure iptables is not enabled (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5238 -+ -+ #### 3.4.2.3 Ensure nftables is not enabled (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5239 -+ -+ #### 3.4.2.4 Ensure default zone is set (Scored) -+ - set_firewalld_default_zone -+ -+ #### 3.4.2.5 Ensure network interfaces are assigned to -+ #### appropriate zone (Not Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5240 -+ -+ #### 3.4.2.6 Ensure unnecessary services and ports are not -+ #### accepted (Not Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5241 -+ -+ ### 3.4.3 Configure nftables -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5242 -+ -+ #### 3.4.3.1 Ensure iptables are flushed (Not Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5243 -+ -+ #### 3.4.3.2 Ensure a table exists (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5244 -+ -+ #### 3.4.3.3 Ensure base chains exist (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5245 -+ -+ #### 3.4.3.4 Ensure loopback traffic is configured (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5246 -+ -+ #### 3.4.3.5 Ensure outbound and established connections are -+ #### configured (Not Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5247 -+ -+ #### 3.4.3.6 Ensure default deny firewall policy (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5248 -+ -+ #### 3.4.3.7 Ensure nftables service is enabled (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5249 -+ -+ #### 3.4.3.8 Ensure nftables rules are permanent (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5250 -+ -+ ### 3.4.4 Configure iptables -+ -+ #### 3.4.4.1 Configure IPv4 iptables -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5251 -+ -+ ##### 3.4.4.1.1 Ensure default deny firewall policy (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5252 -+ -+ ##### 3.4.4.1.2 Ensure loopback traffic is configured (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5253 -+ -+ ##### 3.4.4.1.3 Ensure outbound and established connections are -+ ##### configured (Not Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5254 -+ -+ ##### 3.4.4.1.4 Ensure firewall rules exist for all open ports (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5255 -+ -+ #### 3.4.4.2 Configure IPv6 ip6tables -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5256 -+ -+ ##### 3.4.4.2.1 Ensure IPv6 default deny firewall policy (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5257 -+ -+ ##### 3.4.4.2.2 Ensure IPv6 loopback traffic is configured (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5258 -+ -+ ##### 3.4.4.2.3 Ensure IPv6 outbound and established connections are -+ ##### configured (Not Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5260 -+ -+ ## 3.5 Ensure wireless interfaces are disabled (Scored) -+ - wireless_disable_interfaces -+ -+ ## 3.6 Disable IPv6 (Not Scored) -+ - kernel_module_ipv6_option_disabled -+ -+ # Logging and Auditing -+ -+ ## 4.1 Configure System Accounting (auditd) -+ -+ ### 4.1.1 Ensure auditing is enabled -+ -+ #### 4.1.1.1 Ensure auditd is installed (Scored) -+ - package_audit_installed -+ -+ #### 4.1.1.2 Ensure auditd service is enabled (Scored) -+ - service_auditd_enabled -+ -+ #### 4.1.1.3 Ensure auditing for processes that start prior to audit -+ #### is enabled (Scored) -+ - grub2_audit_argument -+ -+ #### 4.1.1.4 Ensure audit_backlog_limit is sufficient (Scored) -+ - grub2_audit_backlog_limit_argument -+ -+ ### 4.1.2 Configure Data Retention -+ -+ #### 4.1.2.1 Ensure audit log storage size is configured (Scored) -+ - auditd_data_retention_max_log_file -+ -+ #### 4.1.2.2 Ensure audit logs are not automatically deleted (Scored) -+ - auditd_data_retention_max_log_file_action -+ -+ #### 4.1.2.3 Ensure system is disabled when audit logs are full (Scored) -+ - var_auditd_space_left_action=email -+ - auditd_data_retention_space_left_action -+ -+ ##### action_mail_acct = root -+ - var_auditd_action_mail_acct=root -+ - auditd_data_retention_action_mail_acct -+ -+ ##### admin_space_left_action = halt -+ - var_auditd_admin_space_left_action=halt -+ - auditd_data_retention_admin_space_left_action -+ -+ ### 4.1.3 Ensure changes to system administration scope -+ ### (sudoers) is collected (Scored) -+ - audit_rules_sysadmin_actions -+ -+ ### 4.1.4 Ensure login and logout events are collected (Scored) -+ - audit_rules_login_events_faillock -+ - audit_rules_login_events_lastlog -+ -+ ### 4.1.5 Ensure session initiation information is collected (Scored) -+ - audit_rules_session_events -+ -+ ### 4.1.6 Ensure events that modify date and time information -+ ### are collected (Scored) -+ #### adjtimex -+ - audit_rules_time_adjtimex -+ -+ #### settimeofday -+ - audit_rules_time_settimeofday -+ -+ #### stime -+ - audit_rules_time_stime -+ -+ #### clock_settime -+ - audit_rules_time_clock_settime -+ -+ #### -w /etc/localtime -p wa -+ - audit_rules_time_watch_localtime -+ -+ ### 4.1.7 Ensure events that modify the system's Mandatory -+ ### Access Control are collected (Scored) -+ #### -w /etc/selinux/ -p wa -+ - audit_rules_mac_modification -+ -+ #### -w /usr/share/selinux/ -p wa -+ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5264 -+ -+ ### 4.1.8 Ensure events that modify the system's network -+ ### enironment are collected (Scored) -+ - audit_rules_networkconfig_modification -+ -+ ### 4.1.9 Ensure discretionary access control permission modification -+ ### events are collected (Scored) -+ - audit_rules_dac_modification_chmod -+ - audit_rules_dac_modification_fchmod -+ - audit_rules_dac_modification_fchmodat -+ - audit_rules_dac_modification_chown -+ - audit_rules_dac_modification_fchown -+ - audit_rules_dac_modification_fchownat -+ - audit_rules_dac_modification_lchown -+ - audit_rules_dac_modification_setxattr -+ - audit_rules_dac_modification_lsetxattr -+ - audit_rules_dac_modification_fsetxattr -+ - audit_rules_dac_modification_removexattr -+ - audit_rules_dac_modification_lremovexattr -+ - audit_rules_dac_modification_fremovexattr -+ -+ ### 4.1.10 Ensure unsuccessful unauthorized file access attempts are -+ ### collected (Scored) -+ - audit_rules_unsuccessful_file_modification_creat -+ - audit_rules_unsuccessful_file_modification_open -+ - audit_rules_unsuccessful_file_modification_openat -+ - audit_rules_unsuccessful_file_modification_truncate -+ - audit_rules_unsuccessful_file_modification_ftruncate -+ # Opinionated selection -+ - audit_rules_unsuccessful_file_modification_open_by_handle_at -+ -+ ### 4.1.11 Ensure events that modify user/group information are -+ ### collected (Scored) -+ - audit_rules_usergroup_modification_passwd -+ - audit_rules_usergroup_modification_group -+ - audit_rules_usergroup_modification_gshadow -+ - audit_rules_usergroup_modification_shadow -+ - audit_rules_usergroup_modification_opasswd -+ -+ ### 4.1.12 Ensure successful file system mounts are collected (Scored) -+ - audit_rules_media_export -+ -+ ### 4.1.13 Ensure use of privileged commands is collected (Scored) -+ - audit_rules_privileged_commands -+ -+ ### 4.1.14 Ensure file deletion events by users are collected -+ ### (Scored) -+ - audit_rules_file_deletion_events_unlink -+ - audit_rules_file_deletion_events_unlinkat -+ - audit_rules_file_deletion_events_rename -+ - audit_rules_file_deletion_events_renameat -+ # Opinionated selection -+ - audit_rules_file_deletion_events_rmdir -+ -+ ### 4.1.15 Ensure kernel module loading and unloading is collected -+ ### (Scored) -+ - audit_rules_kernel_module_loading -+ -+ ### 4.1.16 Ensure system administrator actions (sudolog) are -+ ### collected (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5516 -+ -+ ### 4.1.17 Ensure the audit configuration is immutable (Scored) -+ - audit_rules_immutable -+ -+ ## 4.2 Configure Logging -+ -+ ### 4.2.1 Configure rsyslog -+ -+ #### 4.2.1.1 Ensure rsyslog is installed (Scored) -+ - package_rsyslog_installed -+ -+ #### 4.2.1.2 Ensure rsyslog Service is enabled (Scored) -+ - service_rsyslog_enabled -+ -+ #### 4.2.1.3 Ensure rsyslog default file permissions configured (Scored) -+ - rsyslog_files_permissions -+ -+ #### 4.2.1.4 Ensure logging is configured (Not Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5519 -+ -+ #### 4.2.1.5 Ensure rsyslog is configured to send logs to a remote -+ #### log host (Scored) -+ - rsyslog_remote_loghost -+ -+ #### 4.2.1.6 Ensure remote rsyslog messages are only accepted on -+ #### designated log hosts (Not Scored) -+ - rsyslog_nolisten -+ -+ ### 4.2.2 Configure journald -+ -+ #### 4.2.2.1 Ensure journald is configured to send logs to -+ #### rsyslog (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5520 -+ -+ #### 4.2.2.2 Ensure journald is configured to compress large -+ #### log files (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5521 -+ -+ -+ #### 4.2.2.3 Ensure journald is configured to write logfiles to -+ #### persistent disk (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5522 -+ -+ ### 4.2.3 Ensure permissions on all logfiles are configured (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5523 -+ -+ ## 4.3 Ensure logrotate is configured (Not Scored) -+ -+ # 5 Access, Authentication and Authorization -+ -+ ## 5.1 Configure cron -+ -+ ### 5.1.1 Ensure cron daemon is enabled (Scored) -+ - service_crond_enabled -+ -+ -+ ### 5.1.2 Ensure permissions on /etc/crontab are configured (Scored) -+ # chown root:root /etc/crontab -+ - file_owner_crontab -+ - file_groupowner_crontab -+ # chmod og-rwx /etc/crontab -+ - file_permissions_crontab -+ -+ ### 5.1.3 Ensure permissions on /etc/cron.hourly are configured (Scored) -+ # chown root:root /etc/cron.hourly -+ - file_owner_cron_hourly -+ - file_groupowner_cron_hourly -+ # chmod og-rwx /etc/cron.hourly -+ - file_permissions_cron_hourly -+ -+ ### 5.1.4 Ensure permissions on /etc/cron.daily are configured (Scored) -+ # chown root:root /etc/cron.daily -+ - file_owner_cron_daily -+ - file_groupowner_cron_daily -+ # chmod og-rwx /etc/cron.daily -+ - file_permissions_cron_daily -+ -+ ### 5.1.5 Ensure permissions on /etc/cron.weekly are configured (Scored) -+ # chown root:root /etc/cron.weekly -+ - file_owner_cron_weekly -+ - file_groupowner_cron_weekly -+ # chmod og-rwx /etc/cron.weekly -+ - file_permissions_cron_weekly -+ -+ ### 5.1.6 Ensure permissions on /etc/cron.monthly are configured (Scored) -+ # chown root:root /etc/cron.monthly -+ - file_owner_cron_monthly -+ - file_groupowner_cron_monthly -+ # chmod og-rwx /etc/cron.monthly -+ - file_permissions_cron_monthly -+ -+ ### 5.1.7 Ensure permissions on /etc/cron.d are configured (Scored) -+ # chown root:root /etc/cron.d -+ - file_owner_cron_d -+ - file_groupowner_cron_d -+ # chmod og-rwx /etc/cron.d -+ - file_permissions_cron_d -+ -+ ### 5.1.8 Ensure at/cron is restricted to authorized users (Scored) -+ -+ -+ ## 5.2 SSH Server Configuration -+ -+ ### 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured (Scored) -+ # chown root:root /etc/ssh/sshd_config -+ - file_owner_sshd_config -+ - file_groupowner_sshd_config -+ -+ # chmod og-rwx /etc/ssh/sshd_config -+ - file_permissions_sshd_config -+ -+ ### 5.2.2 Ensure SSH access is limited (Scored) -+ -+ -+ ### 5.2.3 Ensure permissions on SSH private host key files are -+ ### configured (Scored) -+ # TO DO: The rule sets to 640, but benchmark wants 600 -+ - file_permissions_sshd_private_key -+ # TO DO: check owner of private keys in /etc/ssh is root:root -+ -+ ### 5.2.4 Ensure permissions on SSH public host key files are configured -+ ### (Scored) -+ - file_permissions_sshd_pub_key -+ # TO DO: check owner of pub keys in /etc/ssh is root:root -+ -+ ### 5.2.5 Ensure SSH LogLevel is appropriate (Scored) -+ - sshd_set_loglevel_info -+ -+ ### 5.2.6 Ensure SSH X11 forward is disabled (Scored) -+ - sshd_disable_x11_forwarding -+ -+ ### 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less (Scored) -+ - sshd_max_auth_tries_value=4 -+ - sshd_set_max_auth_tries -+ -+ ### 5.2.8 Ensure SSH IgnoreRhosts is enabled (Scored) -+ - sshd_disable_rhosts -+ -+ ### 5.2.9 Ensure SSH HostbasedAuthentication is disabled (Scored) -+ - disable_host_auth -+ -+ ### 5.2.10 Ensure SSH root login is disabled (Scored) -+ - sshd_disable_root_login -+ -+ ### 5.2.11 Ensure SSH PermitEmptyPasswords is disabled (Scored) -+ - sshd_disable_empty_passwords -+ -+ ### 5.2.12 Ensure SSH PermitUserEnvironment is disabled (Scored) -+ - sshd_do_not_permit_user_env -+ -+ ### 5.2.13 Ensure SSH Idle Timeout Interval is configured (Scored) -+ # ClientAliveInterval 300 -+ - sshd_idle_timeout_value=5_minutes -+ - sshd_set_idle_timeout -+ -+ # ClientAliveCountMax 0 -+ - var_sshd_set_keepalive=0 -+ - sshd_set_keepalive -+ -+ ### 5.2.14 Ensure SSH LoginGraceTime is set to one minute -+ ### or less (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5525 -+ -+ ### 5.2.15 Ensure SSH warning banner is configured (Scored) -+ - sshd_enable_warning_banner -+ -+ ### 5.2.16 Ensure SSH PAM is enabled (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5526 -+ -+ ### 5.2.17 Ensure SSH AllowTcpForwarding is disabled (Scored) -+ - sshd_disable_tcp_forwarding -+ -+ ### 5.2.18 Ensure SSH MaxStarups is configured (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5528 -+ -+ ### 5.2.19 Ensure SSH MaxSessions is set to 4 or less (Scored) -+ - sshd_set_max_sessions -+ - var_sshd_max_sessions=4 -+ -+ ### 5.2.20 Ensure system-wide crypto policy is not over-ridden (Scored) -+ - configure_ssh_crypto_policy -+ -+ ## 5.3 Configure authselect -+ -+ -+ ### 5.3.1 Create custom authselectet profile (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5530 -+ -+ ### 5.3.2 Select authselect profile (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5531 -+ -+ ### 5.3.3 Ensure authselect includes with-faillock (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5532 -+ -+ ## 5.4 Configure PAM -+ -+ ### 5.4.1 Ensure password creation requirements are configured (Scored) -+ # NEEDS RULE: try_first_pass - https://github.com/ComplianceAsCode/content/issues/5533 -+ - accounts_password_pam_retry -+ - var_password_pam_minlen=14 -+ - accounts_password_pam_minlen -+ - var_password_pam_minclass=4 -+ - accounts_password_pam_minclass -+ -+ ### 5.4.2 Ensure lockout for failed password attempts is -+ ### configured (Scored) -+ - var_accounts_passwords_pam_faillock_unlock_time=900 -+ - var_accounts_passwords_pam_faillock_deny=5 -+ - accounts_passwords_pam_faillock_unlock_time -+ - accounts_passwords_pam_faillock_deny -+ -+ ### 5.4.3 Ensure password reuse is limited (Scored) -+ - var_password_pam_unix_remember=5 -+ - accounts_password_pam_unix_remember -+ -+ ### 5.4.4 Ensure password hashing algorithm is SHA-512 (Scored) -+ - set_password_hashing_algorithm_systemauth -+ -+ ## 5.5 User Accounts and Environment -+ -+ ### 5.5.1 Set Shadow Password Suite Parameters -+ -+ #### 5.5.1 Ensure password expiration is 365 days or less (Scored) -+ - var_accounts_maximum_age_login_defs=365 -+ - accounts_maximum_age_login_defs -+ -+ #### 5.5.1.2 Ensure minimum days between password changes is 7 -+ #### or more (Scored) -+ - var_accounts_minimum_age_login_defs=7 -+ - accounts_minimum_age_login_defs -+ -+ #### 5.5.1.3 Ensure password expiration warning days is -+ #### 7 or more (Scored) -+ - var_accounts_password_warn_age_login_defs=7 -+ - accounts_password_warn_age_login_defs -+ -+ #### 5.5.1.4 Ensure inactive password lock is 30 days or less (Scored) -+ # TODO: Rule doesn't check list of users -+ # https://github.com/ComplianceAsCode/content/issues/5536 -+ - var_account_disable_post_pw_expiration=30 -+ - account_disable_post_pw_expiration -+ -+ #### 5.5.1.5 Ensure all users last password change date is -+ #### in the past (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5537 -+ -+ ### 5.5.2 Ensure system accounts are secured (Scored) -+ - no_shelllogin_for_systemaccounts -+ -+ ### 5.5.3 Ensure default user shell timeout is 900 seconds -+ ### or less (Scored) -+ - var_accounts_tmout=15_min -+ - accounts_tmout -+ -+ ### 5.5.4 Ensure default group for the root account is -+ ### GID 0 (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5539 -+ -+ ### 5.5.5 Ensure default user mask is 027 or more restrictive (Scored) -+ - var_accounts_user_umask=027 -+ - accounts_umask_etc_bashrc -+ - accounts_umask_etc_profile -+ -+ ## 5.6 Ensure root login is restricted to system console (Not Scored) -+ - securetty_root_login_console_only -+ - no_direct_root_logins -+ -+ ## 5.7 Ensure access to the su command is restricted (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5541 -+ -+ # System Maintenance -+ -+ ## 6.1 System File Permissions -+ -+ ### 6.1.1 Audit system file permissions (Not Scored) -+ - rpm_verify_permissions -+ - rpm_verify_ownership -+ -+ ### 6.1.2 Ensure permissions on /etc/passwd are configured (Scored) -+ # chown root:root /etc/passwd -+ - file_owner_etc_passwd -+ - file_groupowner_etc_passwd -+ -+ # chmod 644 /etc/passwd -+ - file_permissions_etc_passwd -+ -+ ### 6.1.3 Ensure permissions on /etc/shadow are configured (Scored) -+ # chown root:root /etc/shadow -+ - file_owner_etc_shadow -+ - file_groupowner_etc_shadow -+ -+ # chmod o-rwx,g-wx /etc/shadow -+ - file_permissions_etc_shadow -+ -+ ### 6.1.4 Ensure permissions on /etc/group are configured (Scored) -+ # chown root:root /etc/group -+ - file_owner_etc_group -+ - file_groupowner_etc_group -+ -+ # chmod 644 /etc/group -+ - file_permissions_etc_group -+ -+ ### 6.1.5 Ensure permissions on /etc/gshadow are configured (Scored) -+ # chown root:root /etc/gshadow -+ - file_owner_etc_gshadow -+ - file_groupowner_etc_gshadow -+ -+ # chmod o-rwx,g-rw /etc/gshadow -+ - file_permissions_etc_gshadow -+ -+ ### 6.1.6 Ensure permissions on /etc/passwd- are configured (Scored) -+ # chown root:root /etc/passwd- -+ - file_owner_backup_etc_passwd -+ - file_groupowner_backup_etc_passwd -+ -+ # chmod 644 /etc/passwd- -+ - file_permissions_backup_etc_passwd -+ -+ ### 6.1.7 Ensure permissions on /etc/shadow- are configured (Scored) -+ # chown root:root /etc/shadow- -+ - file_owner_backup_etc_shadow -+ - file_groupowner_backup_etc_shadow -+ -+ # chmod 0000 /etc/shadow- -+ - file_permissions_backup_etc_shadow -+ -+ ### 6.1.8 Ensure permissions on /etc/group- are configured (Scored) -+ # chown root:root /etc/group- -+ - file_owner_backup_etc_group -+ - file_groupowner_backup_etc_group -+ -+ # chmod 644 /etc/group- -+ - file_permissions_backup_etc_group -+ -+ ### 6.1.9 Ensure permissions on /etc/gshadow- are configured (Scored) -+ # chown root:root /etc/gshadow- -+ - file_owner_backup_etc_gshadow -+ - file_groupowner_backup_etc_gshadow -+ -+ # chmod 0000 /etc/gshadow- -+ - file_permissions_backup_etc_gshadow -+ -+ ### 6.1.10 Ensure no world writable files exist (Scored) -+ - file_permissions_unauthorized_world_writable -+ -+ ### 6.1.11 Ensure no unowned files or directories exist (Scored) -+ - no_files_unowned_by_user -+ -+ ### 6.1.12 Ensure no ungrouped files or directories exist (Scored) -+ - file_permissions_ungroupowned -+ -+ ### 6.1.13 Audit SUID executables (Not Scored) -+ - file_permissions_unauthorized_suid -+ -+ ### 6.1.14 Audit SGID executables (Not Scored) -+ - file_permissions_unauthorized_sgid -+ -+ ## 6.2 User and Group Settings -+ -+ ### 6.2.2 Ensure no legacy "+" entries exist in /etc/passwd (Scored) -+ - no_legacy_plus_entries_etc_passwd -+ -+ ### 6.2.4 Ensure no legacy "+" entries exist in /etc/shadow (Scored) -+ - no_legacy_plus_entries_etc_shadow -+ -+ ### 6.2.5 Ensure no legacy "+" entries exist in /etc/group (Scored) -+ - no_legacy_plus_entries_etc_group -+ -+ ### 6.2.6 Ensure root is the only UID 0 account (Scored) -+ - accounts_no_uid_except_zero -+ -+ ### 6.2.7 Ensure users' home directories permissions are 750 -+ ### or more restrictive (Scored) -+ - file_permissions_home_dirs -+ -+ ### 6.2.8 Ensure users own their home directories (Scored) -+ # NEEDS RULE for user owner @ https://github.com/ComplianceAsCode/content/issues/5507 -+ - file_groupownership_home_directories -+ -+ ### 6.2.9 Ensure users' dot files are not group or world -+ ### writable (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5506 -+ -+ ### 6.2.10 Ensure no users have .forward files (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5505 -+ -+ ### 6.2.11 Ensure no users have .netrc files (Scored) -+ - no_netrc_files -+ -+ ### 6.2.12 Ensure users' .netrc Files are not group or -+ ### world accessible (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5504 -+ -+ ### 6.2.13 Ensure no users have .rhosts files (Scored) -+ - no_rsh_trust_files -+ -+ ### 6.2.14 Ensure all groups in /etc/passwd exist in -+ ### /etc/group (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5503 -+ -+ ### 6.2.15 Ensure no duplicate UIDs exist (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5502 -+ -+ ### 6.2.16 Ensure no duplicate GIDs exist (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5501 -+ -+ ### 6.2.17 Ensure no duplicate user names exist (Scored) -+ - account_unique_name -+ -+ ### 6.2.18 Ensure no duplicate group names exist (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5500 -+ -+ ### 6.2.19 Ensure shadow group is empty (Scored) -+ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5499 -+ -+ ### 6.2.20 Ensure all users' home directories exist (Scored) -+ - accounts_user_interactive_home_directory_exists -diff --git a/rl8/profiles/cjis.profile b/rl8/profiles/cjis.profile -new file mode 100644 -index 0000000..15db72d ---- /dev/null -+++ b/rl8/profiles/cjis.profile -@@ -0,0 +1,139 @@ -+documentation_complete: true -+ -+metadata: -+ version: 5.4 -+ SMEs: -+ - carlosmmatos -+ -+reference: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center -+ -+title: 'Criminal Justice Information Services (CJIS) Security Policy' -+ -+description: |- -+ This profile is derived from FBI's CJIS v5.4 -+ Security Policy. A copy of this policy can be found at the CJIS Security -+ Policy Resource Center: -+ -+ https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center -+ -+selections: -+ - service_auditd_enabled -+ - grub2_audit_argument -+ - auditd_data_retention_num_logs -+ - auditd_data_retention_max_log_file -+ - auditd_data_retention_max_log_file_action -+ - auditd_data_retention_space_left_action -+ - auditd_data_retention_admin_space_left_action -+ - auditd_data_retention_action_mail_acct -+ - auditd_audispd_syslog_plugin_activated -+ - audit_rules_time_adjtimex -+ - audit_rules_time_settimeofday -+ - audit_rules_time_stime -+ - audit_rules_time_clock_settime -+ - audit_rules_time_watch_localtime -+ - audit_rules_usergroup_modification -+ - audit_rules_networkconfig_modification -+ - file_permissions_var_log_audit -+ - file_ownership_var_log_audit -+ - audit_rules_mac_modification -+ - audit_rules_dac_modification_chmod -+ - audit_rules_dac_modification_chown -+ - audit_rules_dac_modification_fchmod -+ - audit_rules_dac_modification_fchmodat -+ - audit_rules_dac_modification_fchown -+ - audit_rules_dac_modification_fchownat -+ - audit_rules_dac_modification_fremovexattr -+ - audit_rules_dac_modification_fsetxattr -+ - audit_rules_dac_modification_lchown -+ - audit_rules_dac_modification_lremovexattr -+ - audit_rules_dac_modification_lsetxattr -+ - audit_rules_dac_modification_removexattr -+ - audit_rules_dac_modification_setxattr -+ - audit_rules_login_events -+ - audit_rules_session_events -+ - audit_rules_unsuccessful_file_modification -+ - audit_rules_privileged_commands -+ - audit_rules_media_export -+ - audit_rules_file_deletion_events -+ - audit_rules_sysadmin_actions -+ - audit_rules_kernel_module_loading -+ - audit_rules_immutable -+ - account_unique_name -+ - gid_passwd_group_same -+ - accounts_password_all_shadowed -+ - no_empty_passwords -+ - display_login_attempts -+ - var_accounts_password_minlen_login_defs=12 -+ - var_accounts_maximum_age_login_defs=90 -+ - var_password_pam_unix_remember=10 -+ - var_account_disable_post_pw_expiration=0 -+ - var_password_pam_minlen=12 -+ - var_accounts_minimum_age_login_defs=1 -+ - var_password_pam_difok=6 -+ - var_accounts_max_concurrent_login_sessions=3 -+ - account_disable_post_pw_expiration -+ - accounts_password_pam_minlen -+ - accounts_minimum_age_login_defs -+ - accounts_password_pam_difok -+ - accounts_max_concurrent_login_sessions -+ - set_password_hashing_algorithm_systemauth -+ - set_password_hashing_algorithm_logindefs -+ - set_password_hashing_algorithm_libuserconf -+ - file_owner_etc_shadow -+ - file_groupowner_etc_shadow -+ - file_permissions_etc_shadow -+ - file_owner_etc_group -+ - file_groupowner_etc_group -+ - file_permissions_etc_group -+ - file_owner_etc_passwd -+ - file_groupowner_etc_passwd -+ - file_permissions_etc_passwd -+ - file_owner_grub2_cfg -+ - file_groupowner_grub2_cfg -+ - var_password_pam_retry=5 -+ - var_accounts_passwords_pam_faillock_deny=5 -+ - var_accounts_passwords_pam_faillock_unlock_time=600 -+ - dconf_db_up_to_date -+ - dconf_gnome_screensaver_idle_delay -+ - dconf_gnome_screensaver_idle_activation_enabled -+ - dconf_gnome_screensaver_lock_enabled -+ - dconf_gnome_screensaver_mode_blank -+ - sshd_allow_only_protocol2 -+ - sshd_set_idle_timeout -+ - var_sshd_set_keepalive=0 -+ - sshd_set_keepalive -+ - disable_host_auth -+ - sshd_disable_root_login -+ - sshd_disable_empty_passwords -+ - sshd_enable_warning_banner -+ - sshd_do_not_permit_user_env -+ - var_system_crypto_policy=fips -+ - configure_crypto_policy -+ - configure_ssh_crypto_policy -+ - kernel_module_dccp_disabled -+ - kernel_module_sctp_disabled -+ - service_firewalld_enabled -+ - set_firewalld_default_zone -+ - firewalld_sshd_port_enabled -+ - sshd_idle_timeout_value=30_minutes -+ - inactivity_timeout_value=30_minutes -+ - sysctl_net_ipv4_conf_default_accept_source_route -+ - sysctl_net_ipv4_tcp_syncookies -+ - sysctl_net_ipv4_conf_all_send_redirects -+ - sysctl_net_ipv4_conf_default_send_redirects -+ - sysctl_net_ipv4_conf_all_accept_redirects -+ - sysctl_net_ipv4_conf_default_accept_redirects -+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts -+ - var_password_pam_ocredit=1 -+ - var_password_pam_dcredit=1 -+ - var_password_pam_ucredit=1 -+ - var_password_pam_lcredit=1 -+ - package_aide_installed -+ - aide_build_database -+ - aide_periodic_cron_checking -+ - rpm_verify_permissions -+ - rpm_verify_hashes -+ - ensure_gpgcheck_globally_activated -+ - ensure_gpgcheck_never_disabled -+ - security_patches_up_to_date -+ - kernel_module_bluetooth_disabled -diff --git a/rl8/profiles/cui.profile b/rl8/profiles/cui.profile -new file mode 100644 -index 0000000..95ff0fe ---- /dev/null -+++ b/rl8/profiles/cui.profile -@@ -0,0 +1,32 @@ -+documentation_complete: true -+ -+metadata: -+ version: TBD -+ SMEs: -+ - carlosmmatos -+ -+title: 'Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)' -+ -+description: |- -+ From NIST 800-171, Section 2.2: -+ Security requirements for protecting the confidentiality of CUI in nonfederal -+ information systems and organizations have a well-defined structure that -+ consists of: -+ -+ (i) a basic security requirements section; -+ (ii) a derived security requirements section. -+ -+ The basic security requirements are obtained from FIPS Publication 200, which -+ provides the high-level and fundamental security requirements for federal -+ information and information systems. The derived security requirements, which -+ supplement the basic security requirements, are taken from the security controls -+ in NIST Special Publication 800-53. -+ -+ This profile configures Rocky Linux 8 to the NIST Special -+ Publication 800-53 controls identified for securing Controlled Unclassified -+ Information (CUI)." -+ -+extends: ospp -+ -+selections: -+ - inactivity_timeout_value=10_minutes -diff --git a/rl8/profiles/e8.profile b/rl8/profiles/e8.profile -new file mode 100644 -index 0000000..0840104 ---- /dev/null -+++ b/rl8/profiles/e8.profile -@@ -0,0 +1,148 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - shaneboulden -+ -+reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers -+ -+title: 'Australian Cyber Security Centre (ACSC) Essential Eight' -+ -+description: |- -+ This profile contains configuration checks for Rocky Linux 8 -+ that align to the Australian Cyber Security Centre (ACSC) Essential Eight. -+ -+ A copy of the Essential Eight in Linux Environments guide can be found at the -+ ACSC website: -+ -+ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers -+ -+selections: -+ -+ ### Remove obsolete packages -+ - package_talk_removed -+ - package_talk-server_removed -+ - package_xinetd_removed -+ - service_xinetd_disabled -+ - package_ypbind_removed -+ - package_telnet_removed -+ - service_telnet_disabled -+ - package_telnet-server_removed -+ - package_rsh_removed -+ - package_rsh-server_removed -+ - service_zebra_disabled -+ - package_quagga_removed -+ - service_avahi-daemon_disabled -+ - package_squid_removed -+ - service_squid_disabled -+ -+ ### Software update -+ - ensure_gpgcheck_never_disabled -+ - ensure_gpgcheck_local_packages -+ - ensure_gpgcheck_globally_activated -+ - security_patches_up_to_date -+ - dnf-automatic_security_updates_only -+ -+ ### System security settings -+ - sysctl_kernel_randomize_va_space -+ - sysctl_kernel_exec_shield -+ - sysctl_kernel_kptr_restrict -+ - sysctl_kernel_dmesg_restrict -+ - sysctl_kernel_kexec_load_disabled -+ - sysctl_kernel_yama_ptrace_scope -+ - sysctl_kernel_unprivileged_bpf_disabled -+ - sysctl_net_core_bpf_jit_harden -+ -+ ### SELinux -+ - var_selinux_state=enforcing -+ - selinux_state -+ - var_selinux_policy_name=targeted -+ - selinux_policytype -+ -+ ### Filesystem integrity -+ - rpm_verify_hashes -+ - rpm_verify_permissions -+ - rpm_verify_ownership -+ - file_permissions_unauthorized_sgid -+ - file_permissions_unauthorized_suid -+ - file_permissions_unauthorized_world_writable -+ - dir_perms_world_writable_sticky_bits -+ - file_permissions_library_dirs -+ - file_ownership_binary_dirs -+ - file_permissions_binary_dirs -+ - file_ownership_library_dirs -+ -+ ### Passwords -+ - no_empty_passwords -+ -+ ### Partitioning -+ - mount_option_dev_shm_nodev -+ - mount_option_dev_shm_nosuid -+ - mount_option_dev_shm_noexec -+ -+ ### Network -+ - package_firewalld_installed -+ - service_firewalld_enabled -+ - network_sniffer_disabled -+ -+ ### Admin privileges -+ - accounts_no_uid_except_zero -+ - sudo_remove_nopasswd -+ - sudo_remove_no_authenticate -+ - sudo_require_authentication -+ -+ ### Audit -+ - package_rsyslog_installed -+ - service_rsyslog_enabled -+ - service_auditd_enabled -+ - var_auditd_flush=incremental_async -+ - auditd_data_retention_flush -+ - auditd_local_events -+ - auditd_write_logs -+ - auditd_log_format -+ - auditd_freq -+ - auditd_name_format -+ - audit_rules_login_events_tallylog -+ - audit_rules_login_events_faillock -+ - audit_rules_login_events_lastlog -+ - audit_rules_login_events -+ - audit_rules_time_adjtimex -+ - audit_rules_time_clock_settime -+ - audit_rules_time_watch_localtime -+ - audit_rules_time_settimeofday -+ - audit_rules_time_stime -+ - audit_rules_execution_restorecon -+ - audit_rules_execution_chcon -+ - audit_rules_execution_semanage -+ - audit_rules_execution_setsebool -+ - audit_rules_execution_setfiles -+ - audit_rules_execution_seunshare -+ - audit_rules_sysadmin_actions -+ - audit_rules_networkconfig_modification -+ - audit_rules_usergroup_modification -+ - audit_rules_dac_modification_chmod -+ - audit_rules_dac_modification_chown -+ - audit_rules_kernel_module_loading -+ -+ ### Secure access -+ - sshd_disable_root_login -+ - sshd_disable_gssapi_auth -+ - sshd_print_last_log -+ - sshd_do_not_permit_user_env -+ - sshd_disable_rhosts -+ - sshd_set_loglevel_info -+ - sshd_disable_empty_passwords -+ - sshd_disable_user_known_hosts -+ - sshd_enable_strictmodes -+ -+ # See also: https://www.cyber.gov.au/acsc/view-all-content/guidance/asd-approved-cryptographic-algorithms -+ - var_system_crypto_policy=default_nosha1 -+ - configure_crypto_policy -+ - configure_ssh_crypto_policy -+ -+ ### Application whitelisting -+ - package_fapolicyd_installed -+ - service_fapolicyd_enabled -+ -+ ### Backup -+ - package_rear_installed -diff --git a/rl8/profiles/hipaa.profile b/rl8/profiles/hipaa.profile -new file mode 100644 -index 0000000..12355d0 ---- /dev/null -+++ b/rl8/profiles/hipaa.profile -@@ -0,0 +1,164 @@ -+documentation_complete: True -+ -+metadata: -+ SMEs: -+ - jjaswanson4 -+ - carlosmmatos -+ -+reference: https://www.hhs.gov/hipaa/for-professionals/index.html -+ -+title: 'Health Insurance Portability and Accountability Act (HIPAA)' -+ -+description: |- -+ The HIPAA Security Rule establishes U.S. national standards to protect individuals’ -+ electronic personal health information that is created, received, used, or -+ maintained by a covered entity. The Security Rule requires appropriate -+ administrative, physical and technical safeguards to ensure the -+ confidentiality, integrity, and security of electronic protected health -+ information. -+ -+ This profile configures Rocky Linux 8 to the HIPAA Security -+ Rule identified for securing of electronic protected health information. -+ Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s). -+ -+selections: -+ - grub2_password -+ - grub2_uefi_password -+ - file_groupowner_grub2_cfg -+ - file_permissions_grub2_cfg -+ - file_owner_grub2_cfg -+ - grub2_disable_interactive_boot -+ - no_direct_root_logins -+ - no_empty_passwords -+ - require_singleuser_auth -+ - restrict_serial_port_logins -+ - securetty_root_login_console_only -+ - service_debug-shell_disabled -+ - disable_ctrlaltdel_reboot -+ - disable_ctrlaltdel_burstaction -+ - dconf_db_up_to_date -+ - dconf_gnome_remote_access_credential_prompt -+ - dconf_gnome_remote_access_encryption -+ - sshd_disable_empty_passwords -+ - sshd_disable_root_login -+ - libreswan_approved_tunnels -+ - no_rsh_trust_files -+ - package_rsh-server_removed -+ - package_talk_removed -+ - package_talk-server_removed -+ - package_telnet_removed -+ - package_telnet-server_removed -+ - package_xinetd_removed -+ - service_crond_enabled -+ - service_rexec_disabled -+ - service_rlogin_disabled -+ - service_telnet_disabled -+ - service_xinetd_disabled -+ - service_zebra_disabled -+ - use_kerberos_security_all_exports -+ - disable_host_auth -+ - sshd_allow_only_protocol2 -+ - sshd_disable_compression -+ - sshd_disable_gssapi_auth -+ - sshd_disable_kerb_auth -+ - sshd_do_not_permit_user_env -+ - sshd_enable_strictmodes -+ - sshd_enable_warning_banner -+ - var_sshd_set_keepalive=0 -+ - sshd_set_keepalive -+ - encrypt_partitions -+ - var_system_crypto_policy=fips -+ - configure_crypto_policy -+ - configure_ssh_crypto_policy -+ - var_selinux_policy_name=targeted -+ - var_selinux_state=enforcing -+ - grub2_enable_selinux -+ - sebool_selinuxuser_execheap -+ - sebool_selinuxuser_execmod -+ - sebool_selinuxuser_execstack -+ - selinux_confinement_of_daemons -+ - selinux_policytype -+ - selinux_state -+ - service_kdump_disabled -+ - sysctl_fs_suid_dumpable -+ - sysctl_kernel_dmesg_restrict -+ - sysctl_kernel_exec_shield -+ - sysctl_kernel_randomize_va_space -+ - rpm_verify_hashes -+ - rpm_verify_permissions -+ - ensure_gpgcheck_globally_activated -+ - ensure_gpgcheck_never_disabled -+ - ensure_gpgcheck_local_packages -+ - grub2_audit_argument -+ - service_auditd_enabled -+ - audit_rules_privileged_commands_sudo -+ - audit_rules_privileged_commands_su -+ - audit_rules_immutable -+ - kernel_module_usb-storage_disabled -+ - service_autofs_disabled -+ - auditd_audispd_syslog_plugin_activated -+ - rsyslog_remote_loghost -+ - auditd_data_retention_flush -+ - audit_rules_dac_modification_chmod -+ - audit_rules_dac_modification_chown -+ - audit_rules_dac_modification_fchmodat -+ - audit_rules_dac_modification_fchmod -+ - audit_rules_dac_modification_fchownat -+ - audit_rules_dac_modification_fchown -+ - audit_rules_dac_modification_fremovexattr -+ - audit_rules_dac_modification_fsetxattr -+ - audit_rules_dac_modification_lchown -+ - audit_rules_dac_modification_lremovexattr -+ - audit_rules_dac_modification_lsetxattr -+ - audit_rules_dac_modification_removexattr -+ - audit_rules_dac_modification_setxattr -+ - audit_rules_execution_chcon -+ - audit_rules_execution_restorecon -+ - audit_rules_execution_semanage -+ - audit_rules_execution_setsebool -+ - audit_rules_file_deletion_events_renameat -+ - audit_rules_file_deletion_events_rename -+ - audit_rules_file_deletion_events_rmdir -+ - audit_rules_file_deletion_events_unlinkat -+ - audit_rules_file_deletion_events_unlink -+ - audit_rules_kernel_module_loading_delete -+ - audit_rules_kernel_module_loading_init -+ - audit_rules_login_events_faillock -+ - audit_rules_login_events_lastlog -+ - audit_rules_login_events_tallylog -+ - audit_rules_mac_modification -+ - audit_rules_media_export -+ - audit_rules_networkconfig_modification -+ - audit_rules_privileged_commands_chage -+ - audit_rules_privileged_commands_chsh -+ - audit_rules_privileged_commands_crontab -+ - audit_rules_privileged_commands_gpasswd -+ - audit_rules_privileged_commands_newgrp -+ - audit_rules_privileged_commands_pam_timestamp_check -+ - audit_rules_privileged_commands_passwd -+ - audit_rules_privileged_commands_postdrop -+ - audit_rules_privileged_commands_postqueue -+ - audit_rules_privileged_commands_ssh_keysign -+ - audit_rules_privileged_commands_sudoedit -+ - audit_rules_privileged_commands_umount -+ - audit_rules_privileged_commands_unix_chkpwd -+ - audit_rules_privileged_commands_userhelper -+ - audit_rules_session_events -+ - audit_rules_sysadmin_actions -+ - audit_rules_system_shutdown -+ - audit_rules_time_adjtimex -+ - audit_rules_time_clock_settime -+ - audit_rules_time_settimeofday -+ - audit_rules_time_stime -+ - audit_rules_time_watch_localtime -+ - audit_rules_unsuccessful_file_modification_creat -+ - audit_rules_unsuccessful_file_modification_ftruncate -+ - audit_rules_unsuccessful_file_modification_openat -+ - audit_rules_unsuccessful_file_modification_open_by_handle_at -+ - audit_rules_unsuccessful_file_modification_open -+ - audit_rules_unsuccessful_file_modification_truncate -+ - audit_rules_usergroup_modification_group -+ - audit_rules_usergroup_modification_gshadow -+ - audit_rules_usergroup_modification_opasswd -+ - audit_rules_usergroup_modification_passwd -+ - audit_rules_usergroup_modification_shadow -diff --git a/rl8/profiles/ism_o.profile b/rl8/profiles/ism_o.profile -new file mode 100644 -index 0000000..327c0cb ---- /dev/null -+++ b/rl8/profiles/ism_o.profile -@@ -0,0 +1,134 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - shaneboulden -+ - wcushen -+ - ahamilto156 -+ -+reference: https://www.cyber.gov.au/ism -+ -+title: 'Australian Cyber Security Centre (ACSC) ISM Official' -+ -+description: |- -+ This profile contains configuration checks for Rocky Linux 8 -+ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) -+ with the applicability marking of OFFICIAL. -+ -+ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning -+ Rocky Linux security controls with the ISM, which can be used to select controls -+ specific to an organisation's security posture and risk profile. -+ -+ A copy of the ISM can be found at the ACSC website: -+ -+ https://www.cyber.gov.au/ism -+ -+extends: e8 -+ -+selections: -+ -+ ## Operating system configuration -+ ## Identifiers 1491 -+ - no_shelllogin_for_systemaccounts -+ -+ ## Local administrator accounts -+ ## Identifiers 1382 / 1410 -+ - accounts_password_all_shadowed -+ - package_sudo_installed -+ -+ ## Content filtering & Anti virus -+ ## Identifiers 0576 / 1341 / 1034 / 1417 / 1288 -+ - package_aide_installed -+ -+ ## Software firewall -+ ## Identifiers 1416 -+ - configure_firewalld_ports -+ ## Removing due to build error -+ ## - configure_firewalld_rate_limiting -+ - firewalld_sshd_port_enabled -+ - set_firewalld_default_zone -+ -+ ## Endpoint device control software -+ ## Identifiers 1418 -+ - package_usbguard_installed -+ - service_usbguard_enabled -+ -+ ## Authentication hardening -+ ## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560 -+ ## 1561 / 1546 / 0421 / 1557 / 0422 / 1558 / 1403 / 0431 -+ - sshd_max_auth_tries_value=5 -+ - disable_host_auth -+ - require_emergency_target_auth -+ - require_singleuser_auth -+ - sshd_disable_kerb_auth -+ - sshd_set_max_auth_tries -+ -+ ## Password authentication & Protecting credentials -+ ## Identifiers 0421 / 0431 / 0418 / 1402 -+ - var_password_pam_minlen=14 -+ - var_accounts_password_warn_age_login_defs=7 -+ - var_accounts_minimum_age_login_defs=1 -+ - var_accounts_maximum_age_login_defs=60 -+ - accounts_password_warn_age_login_defs -+ - accounts_maximum_age_login_defs -+ - accounts_minimum_age_login_defs -+ - accounts_passwords_pam_faillock_interval -+ - accounts_passwords_pam_faillock_unlock_time -+ - accounts_passwords_pam_faillock_deny -+ - accounts_passwords_pam_faillock_deny_root -+ - accounts_password_pam_minlen -+ -+ ## Centralised logging facility -+ ## Identifiers 1405 / 0988 -+ - rsyslog_cron_logging -+ - rsyslog_files_groupownership -+ - rsyslog_files_ownership -+ - rsyslog_files_permissions -+ - rsyslog_nolisten -+ - rsyslog_remote_loghost -+ - rsyslog_remote_tls -+ - rsyslog_remote_tls_cacert -+ - package_chrony_installed -+ - service_chronyd_enabled -+ - chronyd_or_ntpd_specify_multiple_servers -+ - chronyd_specify_remote_server -+ - service_chronyd_or_ntpd_enabled -+ -+ ## Events to be logged -+ ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957 -+ - display_login_attempts -+ - sebool_auditadm_exec_content -+ - audit_rules_privileged_commands -+ - audit_rules_session_events -+ - audit_rules_unsuccessful_file_modification -+ - audit_access_failed -+ - audit_access_success -+ -+ ## Web application & Database servers -+ ## Identifiers 1552 / 1277 -+ - openssl_use_strong_entropy -+ -+ ## Network design and configuration -+ ## Identifiers 1055 / 1311 -+ - network_nmcli_permissions -+ - service_snmpd_disabled -+ - snmpd_use_newer_protocol -+ -+ ## Wireless networks -+ ## Identifiers 1315 -+ - wireless_disable_interfaces -+ -+ ## ASD Approved Cryptographic Algorithms -+ ## Identifiers 0471 / 0472 / 0473 / 0474 / 0475 / 0476 / 0477 / -+ ## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 / 1139 / -+ ## 1372 / 1373 / 1374 / 1375 -+ - enable_fips_mode -+ - var_system_crypto_policy=fips -+ - configure_crypto_policy -+ -+ ## Secure Shell access -+ ## Identifiers 0484 / 1506 / 1449 / 0487 -+ - sshd_allow_only_protocol2 -+ - sshd_enable_warning_banner -+ - sshd_disable_x11_forwarding -+ - file_permissions_sshd_private_key -diff --git a/rl8/profiles/ospp-mls.profile b/rl8/profiles/ospp-mls.profile -new file mode 100644 -index 0000000..d1d1b8a ---- /dev/null -+++ b/rl8/profiles/ospp-mls.profile -@@ -0,0 +1,25 @@ -+documentation_complete: false -+ -+title: 'Protection Profile for General Purpose Operating Systems - MLS Mode' -+ -+description: |- -+ Placeholder to put MLS specific rules -+ -+extends: ospp -+ -+selections: -+ -+ ################################################ -+ ## MUST INSTALL PACKAGES IN MLS MODE -+ #cups -+ #foomatic -+ #ghostscript -+ #ghostscript-fonts -+ #checkpolicy -+ #mcstrans -+ #policycoreutils-newrole -+ #selinux-policy-devel -+ ##xinetd -+ #iproute -+ #iputils -+ #netlabel_tools -diff --git a/rl8/profiles/ospp.profile b/rl8/profiles/ospp.profile -new file mode 100644 -index 0000000..efb53d3 ---- /dev/null -+++ b/rl8/profiles/ospp.profile -@@ -0,0 +1,444 @@ -+documentation_complete: true -+ -+metadata: -+ version: 4.2.1 -+ SMEs: -+ - comps -+ - carlosmmatos -+ - stevegrubb -+ -+reference: https://www.niap-ccevs.org/Profile/PP.cfm -+ -+title: 'Protection Profile for General Purpose Operating Systems' -+ -+description: |- -+ This profile reflects mandatory configuration controls identified in the -+ NIAP Configuration Annex to the Protection Profile for General Purpose -+ Operating Systems (Protection Profile Version 4.2.1). -+ -+ This configuration profile is consistent with CNSSI-1253, which requires -+ U.S. National Security Systems to adhere to certain configuration -+ parameters. Accordingly, this configuration profile is suitable for -+ use in U.S. National Security Systems. -+ -+selections: -+ -+ ####################################################### -+ ### GENERAL REQUIREMENTS -+ ### Things needed to meet OSPP functional requirements. -+ ####################################################### -+ -+ ### Partitioning -+ - mount_option_home_nodev -+ - mount_option_home_nosuid -+ - mount_option_tmp_nodev -+ - mount_option_tmp_noexec -+ - mount_option_tmp_nosuid -+ - partition_for_var_tmp -+ - mount_option_var_tmp_nodev -+ - mount_option_var_tmp_noexec -+ - mount_option_var_tmp_nosuid -+ - mount_option_dev_shm_nodev -+ - mount_option_dev_shm_noexec -+ - mount_option_dev_shm_nosuid -+ - mount_option_nodev_nonroot_local_partitions -+ - mount_option_boot_nodev -+ - mount_option_boot_nosuid -+ - partition_for_home -+ - partition_for_var -+ - mount_option_var_nodev -+ - partition_for_var_log -+ - mount_option_var_log_nodev -+ - mount_option_var_log_nosuid -+ - mount_option_var_log_noexec -+ - partition_for_var_log_audit -+ - mount_option_var_log_audit_nodev -+ - mount_option_var_log_audit_nosuid -+ - mount_option_var_log_audit_noexec -+ -+ ### Services -+ # sshd -+ - sshd_disable_root_login -+ - sshd_enable_strictmodes -+ - disable_host_auth -+ - sshd_disable_empty_passwords -+ - sshd_disable_kerb_auth -+ - sshd_disable_gssapi_auth -+ - var_sshd_set_keepalive=0 -+ - sshd_set_keepalive -+ - sshd_enable_warning_banner -+ - sshd_rekey_limit -+ - var_rekey_limit_size=1G -+ - var_rekey_limit_time=1hour -+ - sshd_use_strong_rng -+ - openssl_use_strong_entropy -+ -+ # Time Server -+ - chronyd_client_only -+ - chronyd_no_chronyc_network -+ -+ ### Network Settings -+ - sysctl_net_ipv6_conf_all_accept_ra -+ - sysctl_net_ipv6_conf_default_accept_ra -+ - sysctl_net_ipv4_conf_all_accept_redirects -+ - sysctl_net_ipv4_conf_default_accept_redirects -+ - sysctl_net_ipv6_conf_all_accept_redirects -+ - sysctl_net_ipv6_conf_default_accept_redirects -+ - sysctl_net_ipv4_conf_all_accept_source_route -+ - sysctl_net_ipv4_conf_default_accept_source_route -+ - sysctl_net_ipv6_conf_all_accept_source_route -+ - sysctl_net_ipv6_conf_default_accept_source_route -+ - sysctl_net_ipv4_conf_all_secure_redirects -+ - sysctl_net_ipv4_conf_default_secure_redirects -+ - sysctl_net_ipv4_conf_all_send_redirects -+ - sysctl_net_ipv4_conf_default_send_redirects -+ - sysctl_net_ipv4_conf_all_log_martians -+ - sysctl_net_ipv4_conf_default_log_martians -+ - sysctl_net_ipv4_conf_all_rp_filter -+ - sysctl_net_ipv4_conf_default_rp_filter -+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses -+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts -+ - sysctl_net_ipv4_ip_forward -+ - sysctl_net_ipv4_tcp_syncookies -+ -+ ### systemd -+ - disable_ctrlaltdel_reboot -+ - disable_ctrlaltdel_burstaction -+ - service_debug-shell_disabled -+ -+ ### umask -+ - var_accounts_user_umask=027 -+ - accounts_umask_etc_profile -+ - accounts_umask_etc_bashrc -+ - accounts_umask_etc_csh_cshrc -+ -+ ### Software update -+ - ensure_gpgcheck_globally_activated -+ - ensure_gpgcheck_local_packages -+ - ensure_gpgcheck_never_disabled -+ -+ ### Passwords -+ - var_password_pam_difok=4 -+ - accounts_password_pam_difok -+ - var_password_pam_maxrepeat=3 -+ - accounts_password_pam_maxrepeat -+ - var_password_pam_maxclassrepeat=4 -+ - accounts_password_pam_maxclassrepeat -+ -+ ### Kernel Config -+ ## Boot prompt -+ - grub2_audit_argument -+ - grub2_audit_backlog_limit_argument -+ - grub2_slub_debug_argument -+ - grub2_page_poison_argument -+ - grub2_vsyscall_argument -+ - grub2_vsyscall_argument.role=unscored -+ - grub2_vsyscall_argument.severity=info -+ - grub2_pti_argument -+ - grub2_kernel_trust_cpu_rng -+ -+ ## Security Settings -+ - sysctl_kernel_kptr_restrict -+ - sysctl_kernel_dmesg_restrict -+ - sysctl_kernel_kexec_load_disabled -+ - sysctl_kernel_yama_ptrace_scope -+ - sysctl_kernel_perf_event_paranoid -+ - sysctl_user_max_user_namespaces -+ - sysctl_user_max_user_namespaces.role=unscored -+ - sysctl_user_max_user_namespaces.severity=info -+ - sysctl_kernel_unprivileged_bpf_disabled -+ - sysctl_net_core_bpf_jit_harden -+ - service_kdump_disabled -+ -+ ## File System Settings -+ - sysctl_fs_protected_hardlinks -+ - sysctl_fs_protected_symlinks -+ -+ ### Audit -+ - service_auditd_enabled -+ - var_auditd_flush=incremental_async -+ - auditd_data_retention_flush -+ - auditd_local_events -+ - auditd_write_logs -+ - auditd_log_format -+ - auditd_freq -+ - auditd_name_format -+ -+ ### Module Blacklist -+ - kernel_module_cramfs_disabled -+ - kernel_module_bluetooth_disabled -+ - kernel_module_sctp_disabled -+ - kernel_module_firewire-core_disabled -+ - kernel_module_atm_disabled -+ - kernel_module_can_disabled -+ - kernel_module_tipc_disabled -+ -+ ### rpcbind -+ -+ ### Install Required Packages -+ - package_aide_installed -+ - package_dnf-automatic_installed -+ - package_subscription-manager_installed -+ - package_dnf-plugin-subscription-manager_installed -+ - package_firewalld_installed -+ - package_openscap-scanner_installed -+ - package_policycoreutils_installed -+ - package_sudo_installed -+ - package_usbguard_installed -+ - package_scap-security-guide_installed -+ - package_audit_installed -+ - package_crypto-policies_installed -+ - package_openssh-server_installed -+ - package_openssh-clients_installed -+ - package_policycoreutils-python-utils_installed -+ - package_rsyslog_installed -+ - package_rsyslog-gnutls_installed -+ - package_audispd-plugins_installed -+ - package_chrony_installed -+ - package_gnutls-utils_installed -+ -+ ### Remove Prohibited Packages -+ - package_sendmail_removed -+ - package_iprutils_removed -+ - package_gssproxy_removed -+ - package_nfs-utils_removed -+ - package_krb5-workstation_removed -+ - package_abrt-addon-kerneloops_removed -+ - package_abrt-addon-python_removed -+ - package_abrt-addon-ccpp_removed -+ - package_abrt-plugin-rhtsupport_removed -+ - package_abrt-plugin-logger_removed -+ - package_abrt-plugin-sosreport_removed -+ - package_abrt-cli_removed -+ - package_abrt_removed -+ -+ ### Login -+ - disable_users_coredumps -+ - sysctl_kernel_core_pattern -+ - coredump_disable_storage -+ - coredump_disable_backtraces -+ - service_systemd-coredump_disabled -+ - var_accounts_max_concurrent_login_sessions=10 -+ - accounts_max_concurrent_login_sessions -+ - securetty_root_login_console_only -+ - var_password_pam_unix_remember=5 -+ - accounts_password_pam_unix_remember -+ - use_pam_wheel_for_su -+ -+ ### SELinux Configuration -+ - var_selinux_state=enforcing -+ - selinux_state -+ - var_selinux_policy_name=targeted -+ - selinux_policytype -+ -+ ### Application Whitelisting (RHEL 8) -+ - package_fapolicyd_installed -+ - service_fapolicyd_enabled -+ -+ ### Configure USBGuard -+ - service_usbguard_enabled -+ - configure_usbguard_auditbackend -+ - usbguard_allow_hid_and_hub -+ -+ -+ ### Enable / Configure FIPS -+ - enable_fips_mode -+ - var_system_crypto_policy=fips_ospp -+ - configure_crypto_policy -+ - configure_ssh_crypto_policy -+ - configure_bind_crypto_policy -+ - configure_openssl_crypto_policy -+ - configure_libreswan_crypto_policy -+ - configure_kerberos_crypto_policy -+ - enable_dracut_fips_module -+ -+ ####################################################### -+ ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE -+ ### FOR GENERAL PURPOSE OPERATING SYSTEMS -+ ### ANNEX RELEASE 1 -+ ### FOR PROTECTION PROFILE VERSIONS 4.2 -+ ### -+ ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/ -+ ####################################################### -+ -+ ## Configure Minimum Password Length to 12 Characters -+ ## IA-5 (1)(a) / FMT_MOF_EXT.1 -+ - var_accounts_password_minlen_login_defs=12 -+ - accounts_password_minlen_login_defs -+ - var_password_pam_minlen=12 -+ - accounts_password_pam_minlen -+ -+ ## Require at Least 1 Special Character in Password -+ ## IA-5(1)(a) / FMT_MOF_EXT.1 -+ - var_password_pam_ocredit=1 -+ - accounts_password_pam_ocredit -+ -+ ## Require at Least 1 Numeric Character in Password -+ ## IA-5(1)(a) / FMT_MOF_EXT.1 -+ - var_password_pam_dcredit=1 -+ - accounts_password_pam_dcredit -+ -+ ## Require at Least 1 Uppercase Character in Password -+ ## IA-5(1)(a) / FMT_MOF_EXT.1 -+ - var_password_pam_ucredit=1 -+ - accounts_password_pam_ucredit -+ -+ ## Require at Least 1 Lowercase Character in Password -+ ## IA-5(1)(a) / FMT_MOF_EXT.1 -+ - var_password_pam_lcredit=1 -+ - accounts_password_pam_lcredit -+ -+ ## Enable Screen Lock -+ ## FMT_MOF_EXT.1 -+ - package_tmux_installed -+ - configure_bashrc_exec_tmux -+ - no_tmux_in_shells -+ - configure_tmux_lock_command -+ - configure_tmux_lock_after_time -+ -+ ## Set Screen Lock Timeout Period to 30 Minutes or Less -+ ## AC-11(a) / FMT_MOF_EXT.1 -+ ## We deliberately set sshd timeout to 1 minute before tmux lock timeout -+ - sshd_idle_timeout_value=14_minutes -+ - sshd_set_idle_timeout -+ -+ ## Disable Unauthenticated Login (such as Guest Accounts) -+ ## FIA_UAU.1 -+ - require_singleuser_auth -+ - grub2_disable_interactive_boot -+ - grub2_uefi_password -+ - no_empty_passwords -+ -+ ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes -+ ## AC-7 / FIA_AFL.1 -+ - var_accounts_passwords_pam_faillock_deny=3 -+ - accounts_passwords_pam_faillock_deny -+ - var_accounts_passwords_pam_faillock_fail_interval=900 -+ - accounts_passwords_pam_faillock_interval -+ - var_accounts_passwords_pam_faillock_unlock_time=never -+ - accounts_passwords_pam_faillock_unlock_time -+ -+ ## Enable Host-Based Firewall -+ ## SC-7(12) / FMT_MOF_EXT.1 -+ - service_firewalld_enabled -+ -+ ## Configure Name/Addres of Remote Management Server -+ ## From Which to Receive Config Settings -+ ## CM-3(3) / FMT_MOF_EXT.1 -+ -+ ## Configure the System to Offload Audit Records to a Log -+ ## Server -+ ## AU-4(1) / FAU_GEN.1.1.c -+ # temporarily dropped -+ -+ ## Set Logon Warning Banner -+ ## AC-8(a) / FMT_MOF_EXT.1 -+ -+ ## Audit All Logons (Success/Failure) and Logoffs (Success) -+ ## CNSSI 1253 Value or DoD-Specific Values: -+ ## (1) Logons (Success/Failure) -+ ## (2) Logoffs (Success) -+ ## AU-2(a) / FAU_GEN.1.1.c -+ -+ ## Audit File and Object Events (Unsuccessful) -+ ## CNSSI 1253 Value or DoD-specific Values: -+ ## (1) Create (Success/Failure) -+ ## (2) Access (Success/Failure) -+ ## (3) Delete (Sucess/Failure) -+ ## (4) Modify (Success/Failure) -+ ## (5) Permission Modification (Sucess/Failure) -+ ## (6) Ownership Modification (Success/Failure) -+ ## AU-2(a) / FAU_GEN.1.1.c -+ ## -+ ## -+ ## (1) Create (Success/Failure) -+ ## (open with O_CREAT) -+ ## (2) Access (Success/Failure) -+ ## (3) Delete (Success/Failure) -+ ## (4) Modify (Success/Failure) -+ ## (5) Permission Modification (Success/Failure) -+ ## (6) Ownership Modification (Success/Failure) -+ -+ ## Audit User and Group Management Events (Success/Failure) -+ ## CNSSI 1253 Value or DoD-specific Values: -+ ## (1) User add, delete, modify, disable, enable (Success/Failure) -+ ## (2) Group/Role add, delete, modify (Success/Failure) -+ ## AU-2(a) / FAU_GEN.1.1.c -+ ## -+ ## Generic User and Group Management Events (Success/Failure) -+ ## Selection of setuid programs that relate to -+ ## user accounts. -+ ## -+ ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure) -+ ## -+ ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure) -+ ## -+ ## Audit Privilege or Role Escalation Events (Success/Failure) -+ ## CNSSI 1253 Value or DoD-specific Values: -+ ## - Privilege/Role escalation (Success/Failure) -+ ## AU-2(a) / FAU_GEN.1.1.c -+ ## Audit All Audit and Log Data Accesses (Success/Failure) -+ ## CNSSI 1253 Value or DoD-specific Values: -+ ## - Audit and log data access (Success/Failure) -+ ## AU-2(a) / FAU_GEN.1.1.c -+ ## Audit Cryptographic Verification of Software (Success/Failure) -+ ## CNSSI 1253 Value or DoD-specific Values: -+ ## - Applications (e.g. Firefox, Internet Explorer, MS Office Suite, -+ ## etc) initialization (Success/Failure) -+ ## AU-2(a) / FAU_GEN.1.1.c -+ ## Audit Kernel Module Loading and Unloading Events (Success/Failure) -+ ## AU-2(a) / FAU_GEN.1.1.c -+ - audit_basic_configuration -+ - audit_immutable_login_uids -+ - audit_create_failed -+ - audit_create_success -+ - audit_modify_failed -+ - audit_modify_success -+ - audit_access_failed -+ - audit_access_success -+ - audit_delete_failed -+ - audit_delete_success -+ - audit_perm_change_failed -+ - audit_perm_change_success -+ - audit_owner_change_failed -+ - audit_owner_change_success -+ - audit_ospp_general -+ - audit_module_load -+ -+ ## Enable Automatic Software Updates -+ ## SI-2 / FMT_MOF_EXT.1 -+ # Configure dnf-automatic to Install Only Security Updates -+ - dnf-automatic_security_updates_only -+ -+ # Configure dnf-automatic to Install Available Updates Automatically -+ - dnf-automatic_apply_updates -+ -+ # Enable dnf-automatic Timer -+ - timer_dnf-automatic_enabled -+ -+ # Configure TLS for remote logging -+ - rsyslog_remote_tls -+ - rsyslog_remote_tls_cacert -+ -+ # Prevent Kerberos use by system daemons -+ - kerberos_disable_no_keytab -+ -+ # set ssh client rekey limit -+ - ssh_client_rekey_limit -+ - var_ssh_client_rekey_limit_size=1G -+ - var_ssh_client_rekey_limit_time=1hour -+ -+# configure ssh client to use strong entropy -+ - ssh_client_use_strong_rng_sh -+ - ssh_client_use_strong_rng_csh -+ -+ # zIPl specific rules -+ - zipl_bls_entries_only -+ - zipl_bootmap_is_up_to_date -+ - zipl_audit_argument -+ - zipl_audit_backlog_limit_argument -+ - zipl_slub_debug_argument -+ - zipl_page_poison_argument -+ - zipl_vsyscall_argument -+ - zipl_vsyscall_argument.role=unscored -+ - zipl_vsyscall_argument.severity=info -diff --git a/rl8/profiles/pci-dss.profile b/rl8/profiles/pci-dss.profile -new file mode 100644 -index 0000000..dec3f3f ---- /dev/null -+++ b/rl8/profiles/pci-dss.profile -@@ -0,0 +1,147 @@ -+documentation_complete: true -+ -+metadata: -+ SMEs: -+ - carlosmmatos -+ -+reference: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf -+ -+title: 'PCI-DSS v3.2.1 Control Baseline for Rocky Linux 8' -+ -+description: |- -+ Ensures PCI-DSS v3.2.1 security configuration settings are applied. -+ -+selections: -+ - var_password_pam_unix_remember=4 -+ - var_account_disable_post_pw_expiration=90 -+ - var_accounts_passwords_pam_faillock_deny=6 -+ - var_accounts_passwords_pam_faillock_unlock_time=1800 -+ - sshd_idle_timeout_value=15_minutes -+ - var_password_pam_minlen=7 -+ - var_password_pam_minclass=2 -+ - var_accounts_maximum_age_login_defs=90 -+ - var_auditd_num_logs=5 -+ - service_auditd_enabled -+ - grub2_audit_argument -+ - auditd_data_retention_num_logs -+ - auditd_data_retention_max_log_file -+ - auditd_data_retention_max_log_file_action -+ - auditd_data_retention_space_left_action -+ - auditd_data_retention_admin_space_left_action -+ - auditd_data_retention_action_mail_acct -+ - package_audispd-plugins_installed -+ - auditd_audispd_syslog_plugin_activated -+ - audit_rules_time_adjtimex -+ - audit_rules_time_settimeofday -+ - audit_rules_time_stime -+ - audit_rules_time_clock_settime -+ - audit_rules_time_watch_localtime -+ - audit_rules_usergroup_modification_group -+ - audit_rules_usergroup_modification_gshadow -+ - audit_rules_usergroup_modification_opasswd -+ - audit_rules_usergroup_modification_passwd -+ - audit_rules_usergroup_modification_shadow -+ - audit_rules_networkconfig_modification -+ - file_permissions_var_log_audit -+ - file_ownership_var_log_audit -+ - audit_rules_mac_modification -+ - audit_rules_dac_modification_chmod -+ - audit_rules_dac_modification_chown -+ - audit_rules_dac_modification_fchmod -+ - audit_rules_dac_modification_fchmodat -+ - audit_rules_dac_modification_fchown -+ - audit_rules_dac_modification_fchownat -+ - audit_rules_dac_modification_fremovexattr -+ - audit_rules_dac_modification_fsetxattr -+ - audit_rules_dac_modification_lchown -+ - audit_rules_dac_modification_lremovexattr -+ - audit_rules_dac_modification_lsetxattr -+ - audit_rules_dac_modification_removexattr -+ - audit_rules_dac_modification_setxattr -+ - audit_rules_login_events -+ - audit_rules_session_events -+ - audit_rules_unsuccessful_file_modification_creat -+ - audit_rules_unsuccessful_file_modification_ftruncate -+ - audit_rules_unsuccessful_file_modification_open -+ - audit_rules_unsuccessful_file_modification_open_by_handle_at -+ - audit_rules_unsuccessful_file_modification_openat -+ - audit_rules_unsuccessful_file_modification_truncate -+ - audit_rules_privileged_commands -+ - audit_rules_media_export -+ - audit_rules_file_deletion_events_rename -+ - audit_rules_file_deletion_events_renameat -+ - audit_rules_file_deletion_events_rmdir -+ - audit_rules_file_deletion_events_unlink -+ - audit_rules_file_deletion_events_unlinkat -+ - audit_rules_sysadmin_actions -+ - audit_rules_kernel_module_loading_delete -+ - audit_rules_kernel_module_loading_finit -+ - audit_rules_kernel_module_loading_init -+ - audit_rules_immutable -+ - var_multiple_time_servers=rhel -+ - service_chronyd_or_ntpd_enabled -+ - chronyd_or_ntpd_specify_remote_server -+ - chronyd_or_ntpd_specify_multiple_servers -+ - rpm_verify_permissions -+ - rpm_verify_hashes -+ - install_hids -+ - rsyslog_files_permissions -+ - rsyslog_files_ownership -+ - rsyslog_files_groupownership -+ - ensure_logrotate_activated -+ - package_aide_installed -+ - aide_build_database -+ - aide_periodic_cron_checking -+ - account_unique_name -+ - gid_passwd_group_same -+ - accounts_password_all_shadowed -+ - no_empty_passwords -+ - display_login_attempts -+ - account_disable_post_pw_expiration -+ - accounts_passwords_pam_faillock_deny -+ - accounts_passwords_pam_faillock_unlock_time -+ - dconf_db_up_to_date -+ - dconf_gnome_screensaver_idle_delay -+ - dconf_gnome_screensaver_idle_activation_enabled -+ - dconf_gnome_screensaver_lock_enabled -+ - dconf_gnome_screensaver_mode_blank -+ - sshd_set_idle_timeout -+ - var_sshd_set_keepalive=0 -+ - sshd_set_keepalive -+ - accounts_password_pam_minlen -+ - accounts_password_pam_dcredit -+ - accounts_password_pam_ucredit -+ - accounts_password_pam_lcredit -+ - accounts_password_pam_unix_remember -+ - accounts_maximum_age_login_defs -+ - ensure_gpgcheck_globally_activated -+ - ensure_gpgcheck_never_disabled -+ - security_patches_up_to_date -+ - package_opensc_installed -+ - var_smartcard_drivers=cac -+ - configure_opensc_card_drivers -+ - force_opensc_card_drivers -+ - package_pcsc-lite_installed -+ - service_pcscd_enabled -+ - sssd_enable_smartcards -+ - set_password_hashing_algorithm_systemauth -+ - set_password_hashing_algorithm_logindefs -+ - set_password_hashing_algorithm_libuserconf -+ - file_owner_etc_shadow -+ - file_groupowner_etc_shadow -+ - file_permissions_etc_shadow -+ - file_owner_etc_group -+ - file_groupowner_etc_group -+ - file_permissions_etc_group -+ - file_owner_etc_passwd -+ - file_groupowner_etc_passwd -+ - file_permissions_etc_passwd -+ - file_owner_grub2_cfg -+ - file_groupowner_grub2_cfg -+ - package_libreswan_installed -+ - configure_crypto_policy -+ - configure_bind_crypto_policy -+ - configure_openssl_crypto_policy -+ - configure_libreswan_crypto_policy -+ - configure_ssh_crypto_policy -+ - configure_kerberos_crypto_policy -diff --git a/rl8/profiles/rhelh-vpp.profile b/rl8/profiles/rhelh-vpp.profile -new file mode 100644 -index 0000000..2baee6d ---- /dev/null -+++ b/rl8/profiles/rhelh-vpp.profile -@@ -0,0 +1,35 @@ -+documentation_complete: true -+ -+title: 'VPP - Protection Profile for Virtualization v. 1.0 for Rocky Linux Hypervisor (RLH)' -+ -+description: |- -+ This compliance profile reflects the core set of security -+ related configuration settings for deployment of Rocky -+ Linux Hypervisor (RLH) 7.x into U.S. Defense, Intelligence, and Civilian agencies. -+ Development partners and sponsors include the U.S. National Institute -+ of Standards and Technology (NIST), U.S. Department of Defense, -+ the National Security Agency, and Red Hat. -+ -+ This baseline implements configuration requirements from the following -+ sources: -+ -+ - Committee on National Security Systems Instruction No. 1253 (CNSSI 1253) -+ - NIST 800-53 control selections for MODERATE impact systems (NIST 800-53) -+ - U.S. Government Configuration Baseline (USGCB) -+ - NIAP Protection Profile for Virtualization v1.0 (VPP v1.0) -+ -+ For any differing configuration requirements, e.g. password lengths, the stricter -+ security setting was chosen. Security Requirement Traceability Guides (RTMs) and -+ sample System Security Configuration Guides are provided via the -+ scap-security-guide-docs package. -+ -+ This profile reflects U.S. Government consensus content and is developed through -+ the ComplianceAsCode project, championed by the National -+ Security Agency. Except for differences in formatting to accommodate -+ publishing processes, this profile mirrors ComplianceAsCode -+ content as minor divergences, such as bugfixes, work through the -+ consensus and release processes. -+ -+extends: ospp -+ -+selections: [] -diff --git a/rl8/profiles/rht-ccp.profile b/rl8/profiles/rht-ccp.profile -new file mode 100644 -index 0000000..25b3755 ---- /dev/null -+++ b/rl8/profiles/rht-ccp.profile -@@ -0,0 +1,100 @@ -+documentation_complete: true -+ -+title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' -+ -+description: |- -+ This profile contains the minimum security relevant -+ configuration settings recommended by Red Hat, Inc for -+ Rocky Linux 8 instances deployed by Red Hat Certified -+ Cloud Providers. -+ -+selections: -+ - var_selinux_state=enforcing -+ - var_selinux_policy_name=targeted -+ - file_owner_logfiles_value=root -+ - file_groupowner_logfiles_value=root -+ - sshd_idle_timeout_value=5_minutes -+ - var_accounts_password_minlen_login_defs=6 -+ - var_accounts_minimum_age_login_defs=7 -+ - var_accounts_passwords_pam_faillock_deny=5 -+ - var_accounts_password_warn_age_login_defs=7 -+ - var_password_pam_retry=3 -+ - var_password_pam_dcredit=1 -+ - var_password_pam_ucredit=2 -+ - var_password_pam_ocredit=2 -+ - var_password_pam_lcredit=2 -+ - var_password_pam_difok=3 -+ - var_password_pam_unix_remember=5 -+ - var_accounts_user_umask=077 -+ - login_banner_text=usgcb_default -+ - partition_for_tmp -+ - partition_for_var -+ - partition_for_var_log -+ - partition_for_var_log_audit -+ - selinux_state -+ - selinux_policytype -+ - security_patches_up_to_date -+ - ensure_gpgcheck_globally_activated -+ - ensure_gpgcheck_never_disabled -+ - package_aide_installed -+ - accounts_password_pam_unix_remember -+ - no_shelllogin_for_systemaccounts -+ - no_empty_passwords -+ - accounts_password_all_shadowed -+ - accounts_no_uid_except_zero -+ - accounts_password_minlen_login_defs -+ - accounts_minimum_age_login_defs -+ - accounts_password_warn_age_login_defs -+ - accounts_password_pam_retry -+ - accounts_password_pam_dcredit -+ - accounts_password_pam_ucredit -+ - accounts_password_pam_ocredit -+ - accounts_password_pam_lcredit -+ - accounts_password_pam_difok -+ - accounts_passwords_pam_faillock_deny -+ - set_password_hashing_algorithm_systemauth -+ - set_password_hashing_algorithm_logindefs -+ - set_password_hashing_algorithm_libuserconf -+ - require_singleuser_auth -+ - file_owner_etc_shadow -+ - file_groupowner_etc_shadow -+ - file_permissions_etc_shadow -+ - file_owner_etc_gshadow -+ - file_groupowner_etc_gshadow -+ - file_permissions_etc_gshadow -+ - file_owner_etc_passwd -+ - file_groupowner_etc_passwd -+ - file_permissions_etc_passwd -+ - file_owner_etc_group -+ - file_groupowner_etc_group -+ - file_permissions_etc_group -+ - file_permissions_library_dirs -+ - file_ownership_library_dirs -+ - file_permissions_binary_dirs -+ - file_ownership_binary_dirs -+ - file_permissions_var_log_audit -+ - file_owner_grub2_cfg -+ - file_groupowner_grub2_cfg -+ - file_permissions_grub2_cfg -+ - grub2_password -+ - kernel_module_dccp_disabled -+ - kernel_module_sctp_disabled -+ - service_firewalld_enabled -+ - set_firewalld_default_zone -+ - firewalld_sshd_port_enabled -+ - service_abrtd_disabled -+ - service_telnet_disabled -+ - package_telnet-server_removed -+ - package_telnet_removed -+ - sshd_allow_only_protocol2 -+ - sshd_set_idle_timeout -+ - var_sshd_set_keepalive=0 -+ - sshd_set_keepalive -+ - disable_host_auth -+ - sshd_disable_root_login -+ - sshd_disable_empty_passwords -+ - sshd_enable_warning_banner -+ - sshd_do_not_permit_user_env -+ - var_system_crypto_policy=fips -+ - configure_crypto_policy -+ - configure_ssh_crypto_policy -diff --git a/rl8/profiles/standard.profile b/rl8/profiles/standard.profile -new file mode 100644 -index 0000000..f291c85 ---- /dev/null -+++ b/rl8/profiles/standard.profile -@@ -0,0 +1,66 @@ -+documentation_complete: true -+ -+title: 'Standard System Security Profile for Rocky Linux 8' -+ -+description: |- -+ This profile contains rules to ensure standard security baseline -+ of a Rocky Linux 8 system. Regardless of your system's workload -+ all of these checks should pass. -+ -+selections: -+ - ensure_gpgcheck_globally_activated -+ - rpm_verify_permissions -+ - rpm_verify_hashes -+ - security_patches_up_to_date -+ - no_empty_passwords -+ - file_permissions_unauthorized_sgid -+ - file_permissions_unauthorized_suid -+ - file_permissions_unauthorized_world_writable -+ - accounts_root_path_dirs_no_write -+ - dir_perms_world_writable_sticky_bits -+ - mount_option_dev_shm_nodev -+ - mount_option_dev_shm_nosuid -+ - partition_for_var_log -+ - partition_for_var_log_audit -+ - package_rsyslog_installed -+ - service_rsyslog_enabled -+ - audit_rules_time_adjtimex -+ - audit_rules_time_settimeofday -+ - audit_rules_time_stime -+ - audit_rules_time_clock_settime -+ - audit_rules_time_watch_localtime -+ - audit_rules_usergroup_modification -+ - audit_rules_networkconfig_modification -+ - audit_rules_mac_modification -+ - audit_rules_dac_modification_chmod -+ - audit_rules_dac_modification_chown -+ - audit_rules_dac_modification_fchmod -+ - audit_rules_dac_modification_fchmodat -+ - audit_rules_dac_modification_fchown -+ - audit_rules_dac_modification_fchownat -+ - audit_rules_dac_modification_fremovexattr -+ - audit_rules_dac_modification_fsetxattr -+ - audit_rules_dac_modification_lchown -+ - audit_rules_dac_modification_lremovexattr -+ - audit_rules_dac_modification_lsetxattr -+ - audit_rules_dac_modification_removexattr -+ - audit_rules_dac_modification_setxattr -+ - audit_rules_unsuccessful_file_modification -+ - audit_rules_privileged_commands -+ - audit_rules_media_export -+ - audit_rules_file_deletion_events -+ - audit_rules_sysadmin_actions -+ - audit_rules_kernel_module_loading -+ - service_abrtd_disabled -+ - service_atd_disabled -+ - service_autofs_disabled -+ - service_ntpdate_disabled -+ - service_oddjobd_disabled -+ - service_qpidd_disabled -+ - service_rdisc_disabled -+ - configure_crypto_policy -+ - configure_bind_crypto_policy -+ - configure_openssl_crypto_policy -+ - configure_libreswan_crypto_policy -+ - configure_ssh_crypto_policy -+ - configure_kerberos_crypto_policy -diff --git a/rl8/profiles/stig.profile b/rl8/profiles/stig.profile -new file mode 100644 -index 0000000..767da69 ---- /dev/null -+++ b/rl8/profiles/stig.profile -@@ -0,0 +1,1064 @@ -+documentation_complete: true -+ -+metadata: -+ version: V1R1 -+ SMEs: -+ - carlosmmatos -+ -+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux -+ -+title: 'DISA STIG for Rocky Linux 8' -+ -+description: |- -+ This profile contains configuration checks that align to the -+ DISA STIG for Rocky Linux 8 V1R1. -+ -+ In addition to being applicable to Rocky Linux 8, DISA recognizes this -+ configuration baseline as applicable to the operating system tier of -+ technologies that are based on Rocky Linux 8, such as: -+ -+ - Rocky Linux Server -+ - Rocky Linux Workstation and Desktop -+ - Rocky Linux for HPC -+ - Rocky Linux Containers with a Rocky Linux 8 image -+ -+selections: -+ ### Variables -+ - var_rekey_limit_size=1G -+ - var_rekey_limit_time=1hour -+ - var_accounts_user_umask=077 -+ - var_password_pam_difok=8 -+ - var_password_pam_maxrepeat=3 -+ - var_sshd_disable_compression=no -+ - var_password_hashing_algorithm=SHA512 -+ - var_password_pam_maxclassrepeat=4 -+ - var_password_pam_minclass=4 -+ - var_accounts_minimum_age_login_defs=1 -+ - var_accounts_max_concurrent_login_sessions=10 -+ - var_password_pam_unix_remember=5 -+ - var_selinux_state=enforcing -+ - var_selinux_policy_name=targeted -+ - var_accounts_password_minlen_login_defs=15 -+ - var_password_pam_unix_rounds=5000 -+ - var_password_pam_minlen=15 -+ - var_password_pam_ocredit=1 -+ - var_password_pam_dcredit=1 -+ - var_password_pam_ucredit=1 -+ - var_password_pam_lcredit=1 -+ - var_password_pam_retry=3 -+ - var_password_pam_minlen=15 -+ - var_sshd_set_keepalive=0 -+ - sshd_idle_timeout_value=10_minutes -+ - var_accounts_passwords_pam_faillock_deny=3 -+ - var_accounts_passwords_pam_faillock_fail_interval=900 -+ - var_accounts_passwords_pam_faillock_unlock_time=never -+ - var_ssh_client_rekey_limit_size=1G -+ - var_ssh_client_rekey_limit_time=1hour -+ - var_accounts_fail_delay=4 -+ - var_account_disable_post_pw_expiration=35 -+ - var_auditd_action_mail_acct=root -+ - var_time_service_set_maxpoll=18_hours -+ - var_accounts_maximum_age_login_defs=60 -+ - var_auditd_space_left=250MB -+ - var_auditd_space_left_action=email -+ - var_auditd_disk_error_action=halt -+ - var_auditd_max_log_file_action=syslog -+ - var_auditd_disk_full_action=halt -+ -+ ### Enable / Configure FIPS -+ - enable_fips_mode -+ - var_system_crypto_policy=fips -+ - configure_crypto_policy -+ - configure_bind_crypto_policy -+ - configure_libreswan_crypto_policy -+ - configure_kerberos_crypto_policy -+ - enable_dracut_fips_module -+ -+ ### Rules: -+ # RHEL-08-010070 -+ - installed_OS_is_vendor_supported -+ -+ # RHEL-08-010010 -+ - security_patches_up_to_date -+ -+ # RHEL-08-010020 -+ - sysctl_crypto_fips_enabled -+ -+ # RHEL-08-010030 -+ - encrypt_partitions -+ -+ # RHEL-08-010040 -+ - sshd_enable_warning_banner -+ -+ # RHEL-08-010050 -+ - dconf_gnome_banner_enabled -+ - dconf_gnome_login_banner_text -+ -+ # RHEL-08-010060 -+ - banner_etc_issue -+ -+ # RHEL-08-010070 -+ -+ # RHEL-08-010090 -+ -+ # RHEL-08-010100 -+ -+ # RHEL-08-010110 -+ - set_password_hashing_algorithm_logindefs -+ -+ # RHEL-08-010120 -+ -+ # RHEL-08-010130 -+ - accounts_password_pam_unix_rounds_system_auth -+ - accounts_password_pam_unix_rounds_password_auth -+ -+ # RHEL-08-010140 -+ - grub2_uefi_password -+ - grub2_uefi_admin_username -+ -+ # RHEL-08-010150 -+ - grub2_password -+ - grub2_admin_username -+ -+ # RHEL-08-010151 -+ - require_singleuser_auth -+ - require_emergency_target_auth -+ -+ # RHEL-08-010152 -+ # To be released in V1R3 -+ # - require_emergency_target_auth -+ -+ # RHEL-08-010160 -+ - set_password_hashing_algorithm_systemauth -+ -+ # RHEL-08-010161 -+ - kerberos_disable_no_keytab -+ -+ # RHEL-08-010162 -+ - package_krb5-workstation_removed -+ -+ # RHEL-08-010170 -+ - selinux_state -+ -+ # RHEL-08-010171 -+ - package_policycoreutils_installed -+ -+ # RHEL-08-010180 -+ -+ # RHEL-08-010190 -+ - dir_perms_world_writable_sticky_bits -+ -+ # RHEL-08-010200 -+ - sshd_set_idle_timeout -+ - sshd_set_keepalive -+ -+ # RHEL-08-010210 -+ # - file_permissions_var_log_messages -+ -+ # RHEL-08-010220 -+ # - file_owner_var_log_messages -+ -+ # RHEL-08-010230 -+ # - file_groupowner_var_log_messages -+ -+ # RHEL-08-010240 -+ # - file_permissions_var_log -+ -+ # RHEL-08-010250 -+ # - file_owner_var_log -+ -+ # RHEL-08-010260 -+ # - file_groupowner_var_log -+ -+ # RHEL-08-010290 && RHEL-08-010291 -+ ### NOTE: This will get split out in future STIG releases, as well as we will break -+ ### these rules up to be more flexible in meeting the requirements. -+ - configure_ssh_crypto_policy -+ -+ # RHEL-08-010292 -+ - sshd_use_strong_rng -+ -+ # RHEL-08-010293 -+ - configure_openssl_crypto_policy -+ -+ # RHEL-08-010294 -+ -+ # RHEL-08-010295 -+ -+ # RHEL-08-010300 -+ - file_permissions_binary_dirs -+ -+ # RHEL-08-010310 -+ - file_ownership_binary_dirs -+ -+ # RHEL-08-010320 -+ -+ # RHEL-08-010330 -+ - file_permissions_library_dirs -+ -+ # RHEL-08-010340 -+ - file_ownership_library_dirs -+ -+ # RHEL-08-010350 -+ -+ # RHEL-08-010360 -+ - package_aide_installed -+ - aide_scan_notification -+ -+ # RHEL-08-010370 -+ - ensure_gpgcheck_globally_activated -+ -+ # RHEL-08-010371 -+ - ensure_gpgcheck_local_packages -+ -+ # RHEL-08-010372 -+ - sysctl_kernel_kexec_load_disabled -+ -+ # RHEL-08-010373 -+ - sysctl_fs_protected_symlinks -+ -+ # RHEL-08-010374 -+ - sysctl_fs_protected_hardlinks -+ -+ # RHEL-08-010375 -+ - sysctl_kernel_dmesg_restrict -+ -+ # RHEL-08-010376 -+ - sysctl_kernel_perf_event_paranoid -+ -+ # RHEL-08-010380 -+ - sudo_remove_nopasswd -+ -+ # RHEL-08-010381 -+ - sudo_remove_no_authenticate -+ -+ # RHEL-08-010383 -+ # - sudoers_validate_passwd -+ -+ # RHEL-08-010390 -+ - install_smartcard_packages -+ -+ # RHEL-08-010400 -+ -+ # RHEL-08-010410 -+ - package_opensc_installed -+ -+ # RHEL-08-010420 -+ -+ # RHEL-08-010421 -+ - grub2_page_poison_argument -+ -+ # RHEL-08-010422 -+ - grub2_vsyscall_argument -+ -+ # RHEL-08-010423 -+ - grub2_slub_debug_argument -+ -+ # RHEL-08-010430 -+ - sysctl_kernel_randomize_va_space -+ -+ # RHEL-08-010440 -+ - clean_components_post_updating -+ -+ # RHEL-08-010450 -+ - selinux_policytype -+ -+ # RHEL-08-010460 -+ - no_host_based_files -+ -+ # RHEL-08-010470 -+ - no_user_host_based_files -+ -+ # RHEL-08-010471 -+ - service_rngd_enabled -+ - package_rng-tools_installed -+ -+ # RHEL-08-010480 -+ - file_permissions_sshd_pub_key -+ -+ # RHEL-08-010490 -+ - file_permissions_sshd_private_key -+ -+ # RHEL-08-010500 -+ - sshd_enable_strictmodes -+ -+ # RHEL-08-010510 -+ - sshd_disable_compression -+ -+ # RHEL-08-010520 -+ - sshd_disable_user_known_hosts -+ -+ # RHEL-08-010521 -+ - sshd_disable_kerb_auth -+ - sshd_disable_gssapi_auth -+ -+ # RHEL-08-010540 -+ - partition_for_var -+ -+ # RHEL-08-010541 -+ - partition_for_var_log -+ -+ # RHEL-08-010542 -+ - partition_for_var_log_audit -+ -+ # RHEL-08-010543 -+ - partition_for_tmp -+ -+ # RHEL-08-010544 -+ ### NOTE: Will probably show up in V1R3 - Q3 of 21' -+ - partition_for_var_tmp -+ -+ # RHEL-08-010550 -+ - sshd_disable_root_login -+ -+ # RHEL-08-010560 -+ - service_auditd_enabled -+ -+ # RHEL-08-010561 -+ - service_rsyslog_enabled -+ -+ # RHEL-08-010570 -+ - mount_option_home_nosuid -+ -+ # RHEL-08-010571 -+ - mount_option_boot_nosuid -+ -+ # RHEL-08-010580 -+ - mount_option_nodev_nonroot_local_partitions -+ -+ # RHEL-08-010590 -+ -+ # RHEL-08-010600 -+ - mount_option_nodev_removable_partitions -+ -+ # RHEL-08-010610 -+ - mount_option_noexec_removable_partitions -+ -+ # RHEL-08-010620 -+ - mount_option_nosuid_removable_partitions -+ -+ # RHEL-08-010630 -+ - mount_option_noexec_remote_filesystems -+ -+ # RHEL-08-010640 -+ - mount_option_nodev_remote_filesystems -+ -+ # RHEL-08-010650 -+ - mount_option_nosuid_remote_filesystems -+ -+ # RHEL-08-010660 -+ - accounts_user_dot_no_world_writable_programs -+ -+ # RHEL-08-010670 -+ - service_kdump_disabled -+ -+ # RHEL-08-010671 -+ - sysctl_kernel_core_pattern -+ -+ # RHEL-08-010672 -+ - service_systemd-coredump_disabled -+ -+ # RHEL-08-010673 -+ - disable_users_coredumps -+ -+ # RHEL-08-010674 -+ - coredump_disable_storage -+ -+ # RHEL-08-010675 -+ - coredump_disable_backtraces -+ -+ # RHEL-08-010680 -+ - network_configure_name_resolution -+ -+ # RHEL-08-010690 -+ - accounts_user_home_paths_only -+ -+ # RHEL-08-010700 -+ - dir_perms_world_writable_root_owned -+ -+ # RHEL-08-010710 -+ -+ # RHEL-08-010720 -+ - accounts_user_interactive_home_directory_defined -+ -+ # RHEL-08-010730 -+ - file_permissions_home_directories -+ -+ # RHEL-08-010740 -+ - file_groupownership_home_directories -+ -+ # RHEL-08-010750 -+ - accounts_user_interactive_home_directory_exists -+ -+ # RHEL-08-010760 -+ - accounts_have_homedir_login_defs -+ -+ # RHEL-08-010770 -+ - file_permission_user_init_files -+ -+ # RHEL-08-010780 -+ - no_files_unowned_by_user -+ -+ # RHEL-08-010790 -+ - file_permissions_ungroupowned -+ -+ # RHEL-08-010800 -+ - partition_for_home -+ -+ # RHEL-08-010820 -+ - gnome_gdm_disable_automatic_login -+ -+ # RHEL-08-010830 -+ - sshd_do_not_permit_user_env -+ -+ # RHEL-08-020000 -+ - account_temp_expire_date -+ -+ # RHEL-08-020010 -+ - accounts_passwords_pam_faillock_deny -+ -+ # RHEL-08-020011 -+ -+ # RHEL-08-020012 -+ - accounts_passwords_pam_faillock_interval -+ -+ # RHEL-08-020013 -+ -+ # RHEL-08-020014 -+ - accounts_passwords_pam_faillock_unlock_time -+ -+ # RHEL-08-020015 -+ -+ # RHEL-08-020016 -+ -+ # RHEL-08-020017 -+ -+ # RHEL-08-020018 -+ -+ # RHEL-08-020019 -+ -+ # RHEL-08-020020 -+ -+ # RHEL-08-020021 -+ -+ # RHEL-08-020022 -+ - accounts_passwords_pam_faillock_deny_root -+ -+ # RHEL-08-020023 -+ -+ # RHEL-08-020024 -+ - accounts_max_concurrent_login_sessions -+ -+ # RHEL-08-020030 -+ - dconf_gnome_screensaver_lock_enabled -+ -+ # RHEL-08-020040 -+ - package_tmux_installed -+ - configure_tmux_lock_command -+ -+ # RHEL-08-020041 -+ - configure_bashrc_exec_tmux -+ -+ # RHEL-08-020042 -+ - no_tmux_in_shells -+ -+ # RHEL-08-020050 -+ # - dconf_gnome_lock_screen_on_smartcard_removal -+ -+ # RHEL-08-020060 -+ - dconf_gnome_screensaver_idle_delay -+ -+ # RHEL-08-020070 -+ - configure_tmux_lock_after_time -+ -+ # RHEL-08-020080 -+ -+ # RHEL-08-020090 -+ -+ # RHEL-08-020100 -+ - accounts_password_pam_retry -+ -+ # RHEL-08-020110 -+ - accounts_password_pam_ucredit -+ -+ # RHEL-08-020120 -+ - accounts_password_pam_lcredit -+ -+ # RHEL-08-020130 -+ - accounts_password_pam_dcredit -+ -+ # RHEL-08-020140 -+ - accounts_password_pam_maxclassrepeat -+ -+ # RHEL-08-020150 -+ - accounts_password_pam_maxrepeat -+ -+ # RHEL-08-020160 -+ - accounts_password_pam_minclass -+ -+ # RHEL-08-020170 -+ - accounts_password_pam_difok -+ -+ # RHEL-08-020180 -+ - accounts_password_set_min_life_existing -+ -+ # RHEL-08-020190 -+ - accounts_minimum_age_login_defs -+ -+ # RHEL-08-020200 -+ - accounts_maximum_age_login_defs -+ -+ # RHEL-08-020210 -+ - accounts_password_set_max_life_existing -+ -+ # RHEL-08-020220 -+ - accounts_password_pam_unix_remember -+ -+ # RHEL-08-020230 -+ - accounts_password_pam_minlen -+ -+ # RHEL-08-020231 -+ - accounts_password_minlen_login_defs -+ -+ # RHEL-08-020240 -+ -+ # RHEL-08-020250 -+ - sssd_enable_smartcards -+ -+ # RHEL-08-020260 -+ - account_disable_post_pw_expiration -+ -+ # RHEL-08-020270 -+ -+ # RHEL-08-020280 -+ - accounts_password_pam_ocredit -+ -+ # RHEL-08-020290 -+ - sssd_offline_cred_expiration -+ -+ # RHEL-08-020300 -+ -+ # RHEL-08-020310 -+ - accounts_logon_fail_delay -+ -+ # RHEL-08-020320 -+ # - accounts_authorized_local_users -+ -+ # RHEL-08-020330 -+ - no_empty_passwords -+ - sshd_disable_empty_passwords -+ -+ # RHEL-08-020340 -+ - display_login_attempts -+ -+ # RHEL-08-020350 -+ - sshd_print_last_log -+ -+ # RHEL-08-020351 -+ - accounts_umask_etc_login_defs -+ -+ # RHEL-08-020352 -+ - accounts_umask_interactive_users -+ -+ # RHEL-08-020353 -+ - accounts_umask_etc_bashrc -+ -+ # RHEL-08-030000 -+ -+ # RHEL-08-030010 -+ - rsyslog_cron_logging -+ -+ # RHEL-08-030020 -+ - auditd_data_retention_action_mail_acct -+ -+ # RHEL-08-030030 -+ - postfix_client_configure_mail_alias -+ -+ # RHEL-08-030040 -+ - auditd_data_disk_error_action -+ -+ # RHEL-08-030050 -+ - auditd_data_retention_max_log_file_action -+ -+ # RHEL-08-030060 -+ - auditd_data_disk_full_action -+ -+ # RHEL-08-030061 -+ - auditd_local_events -+ -+ # RHEL-08-030062 -+ - auditd_name_format -+ -+ # RHEL-08-030063 -+ - auditd_log_format -+ -+ # RHEL-08-030070 -+ - file_permissions_var_log_audit -+ -+ # RHEL-08-030080, RHEL-08-030090, RHEL-08-030100, RHEL-08-030110 -+ ### NOTE: These might get broken up, but currently the following -+ ### rule accounts for these STIG ID's -+ - file_ownership_var_log_audit -+ -+ # RHEL-08-030120 -+ - directory_permissions_var_log_audit -+ -+ # *** NOTE *** # -+ # Audit rules are currently under review as to how best to approach -+ # them. We are working with DISA and our internal audit experts to -+ # provide a final solution soon. -+ # ************ # -+ -+ # RHEL-08-030121 -+ # - audit_rules_immutable -+ -+ # RHEL-08-030122 -+ # - audit_immutable_login_uids -+ -+ # RHEL-08-030130 -+ # - audit_rules_usergroup_modification_shadow -+ -+ # RHEL-08-030140 -+ # - audit_rules_usergroup_modification_opasswd -+ -+ # RHEL-08-030150 -+ # - audit_rules_usergroup_modification_passwd -+ -+ # RHEL-08-030160 -+ # - audit_rules_usergroup_modification_gshadow -+ -+ # RHEL-08-030170 -+ # - audit_rules_usergroup_modification_group -+ -+ # RHEL-08-030171, RHEL-08-030172 -+ # - audit_rules_sysadmin_actions -+ -+ # RHEL-08-030180 -+ - package_audit_installed -+ - service_auditd_enabled -+ -+ # RHEL-08-030190 -+ # - audit_rules_privileged_commands_sudo -+ -+ # RHEL-08-030200, RHEL-08-030210, RHEL-08-030220, RHEL-08-030230, RHEL-08-030240 -+ # - audit_perm_change_failed -+ # - audit_perm_change_success -+ -+ # RHEL-08-030250 -+ # - audit_rules_privileged_commands_chage -+ -+ # RHEL-08-030260 -+ # - audit_rules_execution_chcon -+ -+ # RHEL-08-030270 -+ # - audit_perm_change_failed -+ # - audit_perm_change_success -+ -+ # RHEL-08-030280 -+ -+ # RHEL-08-030290, RHEL-08-030300, RHEL-08-030301 -+ # - audit_ospp_general -+ -+ # RHEL-08-030302 -+ # - audit_rules_media_export -+ -+ # RHEL-08-030310 -+ -+ # RHEL-08-030311 -+ # - audit_rules_privileged_commands_postdrop -+ -+ # RHEL-08-030312 -+ # - audit_rules_privileged_commands_postqueue -+ -+ # RHEL-08-030313 -+ # - audit_rules_execution_semanage -+ -+ # RHEL-08-030314 -+ # - audit_rules_execution_setfiles -+ -+ # RHEL-08-030315 -+ # - audit_ospp_general -+ -+ # RHEL-08-030316 -+ # - audit_rules_execution_setsebool -+ -+ # RHEL-08-030317 -+ # - audit_ospp_general -+ -+ # RHEL-08-030320 -+ # - audit_rules_privileged_commands_ssh_keysign -+ -+ # RHEL-08-030330 -+ -+ # RHEL-08-030340 -+ # - audit_rules_privileged_commands_pam_timestamp_check -+ -+ # RHEL-08-030350 -+ # - audit_ospp_general -+ -+ # RHEL-08-030360 -+ # - audit_module_load -+ -+ # RHEL-08-030361, RHEL-08-030362 -+ # - audit_delete_failed -+ # - audit_delete_success -+ -+ # RHEL-08-030363 -+ -+ # RHEL-08-030364, RHEL-08-030365 -+ # - audit_delete_failed -+ # - audit_delete_success -+ -+ # RHEL-08-030370 -+ # - audit_ospp_general -+ -+ # RHEL-08-030380, RHEL-08-030390 -+ # - audit_module_load -+ -+ # RHEL-08-030400 -+ # - audit_ospp_general -+ -+ # RHEL-08-030410 -+ # - audit_rules_privileged_commands_chsh -+ -+ # RHEL-08-030420 -+ # - audit_modify_failed -+ # - audit_modify_success -+ -+ # RHEL-08-030430, RHEL-08-030440, RHEL-08-030450 -+ # - audit_create_failed -+ # - audit_create_success -+ # - audit_modify_failed -+ # - audit_modify_success -+ # - audit_access_failed -+ # - audit_access_success -+ -+ # RHEL-08-030460 -+ # - audit_modify_failed -+ # - audit_modify_success -+ -+ # RHEL-08-030470 -+ # - audit_create_failed -+ # - audit_create_success -+ -+ # RHEL-08-030480 -+ # - audit_owner_change_failed -+ # - audit_owner_change_success -+ -+ # RHEL-08-030490 -+ # - audit_perm_change_failed -+ # - audit_perm_change_success -+ -+ # RHEL-08-030500, RHEL-08-030510, RHEL-08-030520 -+ # - audit_owner_change_failed -+ # - audit_owner_change_success -+ -+ # RHEL-08-030530, RHEL-08-030540 -+ # - audit_perm_change_failed -+ # - audit_perm_change_success -+ -+ # RHEL-08-030550 -+ # - audit_rules_privileged_commands_sudo -+ -+ # RHEL-08-030560 -+ -+ # RHEL-08-030570 -+ -+ # RHEL-08-030580 -+ -+ # RHEL-08-030590 -+ # - audit_rules_login_events_faillock -+ -+ # RHEL-08-030600 -+ # - audit_rules_login_events_lastlog -+ -+ # RHEL-08-030601 -+ - grub2_audit_argument -+ -+ # RHEL-08-030602 -+ - grub2_audit_backlog_limit_argument -+ -+ # RHEL-08-030603 -+ - configure_usbguard_auditbackend -+ -+ # RHEL-08-030610 -+ -+ # RHEL-08-030620 -+ -+ # RHEL-08-030630 -+ -+ # RHEL-08-030640 -+ -+ # RHEL-08-030650 -+ -+ # RHEL-08-030660 -+ -+ # RHEL-08-030670 -+ - package_rsyslog_installed -+ -+ # RHEL-08-030680 -+ - package_rsyslog-gnutls_installed -+ -+ # RHEL-08-030690 -+ - rsyslog_remote_loghost -+ -+ # RHEL-08-030700 -+ -+ # RHEL-08-030710 -+ -+ # RHEL-08-030720 -+ -+ # RHEL-08-030730 -+ # this rule expects configuration in MB instead percentage as how STIG demands -+ # - auditd_data_retention_space_left -+ - auditd_data_retention_space_left_action -+ -+ # RHEL-08-030740 -+ # remediation fails because default configuration file contains pool instead of server keyword -+ - chronyd_or_ntpd_set_maxpoll -+ -+ # RHEL-08-030741 -+ - chronyd_client_only -+ -+ # RHEL-08-030742 -+ - chronyd_no_chronyc_network -+ -+ # RHEL-08-040000 -+ - package_telnet-server_removed -+ -+ # RHEL-08-040001 -+ - package_abrt_removed -+ - package_abrt-addon-ccpp_removed -+ - package_abrt-addon-kerneloops_removed -+ - package_abrt-addon-python_removed -+ - package_abrt-cli_removed -+ - package_abrt-plugin-logger_removed -+ - package_abrt-plugin-rhtsupport_removed -+ - package_abrt-plugin-sosreport_removed -+ -+ # RHEL-08-040002 -+ - package_sendmail_removed -+ -+ # RHEL-08-040003 -+ ### NOTE: Will be removed in V1R2, merged into RHEL-08-040370 -+ -+ # RHEL-08-040004 -+ - grub2_pti_argument -+ -+ # RHEL-08-040010 -+ - package_rsh-server_removed -+ -+ # RHEL-08-040020 -+ -+ # RHEL-08-040021 -+ - kernel_module_atm_disabled -+ -+ # RHEL-08-040022 -+ - kernel_module_can_disabled -+ -+ # RHEL-08-040023 -+ - kernel_module_sctp_disabled -+ -+ # RHEL-08-040024 -+ - kernel_module_tipc_disabled -+ -+ # RHEL-08-040025 -+ - kernel_module_cramfs_disabled -+ -+ # RHEL-08-040026 -+ - kernel_module_firewire-core_disabled -+ -+ # RHEL-08-040030 -+ - configure_firewalld_ports -+ -+ # RHEL-08-040060 -+ ### NOTE: Will be removed in V1R2 -+ -+ # RHEL-08-040070 -+ - service_autofs_disabled -+ -+ # RHEL-08-040080 -+ - kernel_module_usb-storage_disabled -+ -+ # RHEL-08-040090 -+ -+ # RHEL-08-040100 -+ - service_firewalld_enabled -+ - package_firewalld_installed -+ -+ # RHEL-08-040110 -+ - wireless_disable_interfaces -+ -+ # RHEL-08-040111 -+ - kernel_module_bluetooth_disabled -+ -+ # RHEL-08-040120 -+ - mount_option_dev_shm_nodev -+ -+ # RHEL-08-040121 -+ - mount_option_dev_shm_nosuid -+ -+ # RHEL-08-040122 -+ - mount_option_dev_shm_noexec -+ -+ # RHEL-08-040123 -+ - mount_option_tmp_nodev -+ -+ # RHEL-08-040124 -+ - mount_option_tmp_nosuid -+ -+ # RHEL-08-040125 -+ - mount_option_tmp_noexec -+ -+ # RHEL-08-040126 -+ - mount_option_var_log_nodev -+ -+ # RHEL-08-040127 -+ - mount_option_var_log_nosuid -+ -+ # RHEL-08-040128 -+ - mount_option_var_log_noexec -+ -+ # RHEL-08-040129 -+ - mount_option_var_log_audit_nodev -+ -+ # RHEL-08-040130 -+ - mount_option_var_log_audit_nosuid -+ -+ # RHEL-08-040131 -+ - mount_option_var_log_audit_noexec -+ -+ # RHEL-08-040132 -+ - mount_option_var_tmp_nodev -+ -+ # RHEL-08-040133 -+ - mount_option_var_tmp_nosuid -+ -+ # RHEL-08-040134 -+ - mount_option_var_tmp_noexec -+ -+ # RHEL-08-040135 -+ - package_fapolicyd_installed -+ - service_fapolicyd_enabled -+ -+ # RHEL-08-040140 -+ - package_usbguard_installed -+ - service_usbguard_enabled -+ -+ # RHEL-08-040150 -+ -+ # RHEL-08-040160 -+ - package_openssh-server_installed -+ - service_sshd_enabled -+ -+ # RHEL-08-040161 -+ - sshd_rekey_limit -+ -+ # RHEL-08-040162 -+ - ssh_client_rekey_limit -+ -+ # RHEL-08-040170 -+ - disable_ctrlaltdel_reboot -+ -+ # RHEL-08-040171 -+ - dconf_gnome_disable_ctrlaltdel_reboot -+ -+ # RHEL-08-040172 -+ - disable_ctrlaltdel_burstaction -+ -+ # RHEL-08-040180 -+ - service_debug-shell_disabled -+ -+ # RHEL-08-040190 -+ - package_tftp-server_removed -+ -+ # RHEL-08-040200 -+ - accounts_no_uid_except_zero -+ -+ # RHEL-08-040210 -+ - sysctl_net_ipv4_conf_default_accept_redirects -+ - sysctl_net_ipv6_conf_default_accept_redirects -+ -+ # RHEL-08-040220 -+ - sysctl_net_ipv4_conf_all_send_redirects -+ -+ # RHEL-08-040230 -+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts -+ -+ # RHEL-08-040240 -+ - sysctl_net_ipv4_conf_all_accept_source_route -+ - sysctl_net_ipv6_conf_all_accept_source_route -+ -+ # RHEL-08-040250 -+ - sysctl_net_ipv4_conf_default_accept_source_route -+ - sysctl_net_ipv6_conf_default_accept_source_route -+ -+ # RHEL-08-040260 -+ - sysctl_net_ipv4_ip_forward -+ -+ # RHEL-08-040261 -+ - sysctl_net_ipv6_conf_all_accept_ra -+ -+ # RHEL-08-040262 -+ - sysctl_net_ipv6_conf_default_accept_ra -+ -+ # RHEL-08-040270 -+ - sysctl_net_ipv4_conf_default_send_redirects -+ -+ # RHEL-08-040280 -+ - sysctl_net_ipv4_conf_all_accept_redirects -+ - sysctl_net_ipv6_conf_all_accept_redirects -+ -+ # RHEL-08-040281 -+ - sysctl_kernel_unprivileged_bpf_disabled -+ -+ # RHEL-08-040282 -+ - sysctl_kernel_yama_ptrace_scope -+ -+ # RHEL-08-040283 -+ - sysctl_kernel_kptr_restrict -+ -+ # RHEL-08-040284 -+ - sysctl_user_max_user_namespaces -+ -+ # RHEL-08-040285 -+ - sysctl_net_ipv4_conf_all_rp_filter -+ -+ # RHEL-08-040290 -+ # /etc/postfix/main.cf does not exist on default installation resulting in error during remediation -+ # there needs to be a new platform check to identify when postfix is installed or not -+ # - postfix_prevent_unrestricted_relay -+ -+ # RHEL-08-040300 -+ - aide_verify_ext_attributes -+ -+ # RHEL-08-040310 -+ - aide_verify_acls -+ -+ # RHEL-08-040320 -+ # - xwindows_remove_packages -+ -+ # RHEL-08-040330 -+ - network_sniffer_disabled -+ -+ # RHEL-08-040340 -+ - sshd_disable_x11_forwarding -+ -+ # RHEL-08-040341 -+ - sshd_x11_use_localhost -+ -+ # RHEL-08-040350 -+ - tftpd_uses_secure_mode -+ -+ # RHEL-08-040360 -+ - package_vsftpd_removed -+ -+ # RHEL-08-040370 -+ - package_gssproxy_removed -+ -+ # RHEL-08-040380 -+ - package_iprutils_removed -+ -+ # RHEL-08-040390 -+ - package_tuned_removed -+ -diff --git a/rl8/transforms/constants.xslt b/rl8/transforms/constants.xslt -new file mode 100644 -index 0000000..5219728 ---- /dev/null -+++ b/rl8/transforms/constants.xslt -@@ -0,0 +1,21 @@ -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> -+ -+<xsl:include href="../../shared/transforms/shared_constants.xslt"/> -+ -+<xsl:variable name="product_long_name">Rocky Linux 8</xsl:variable> -+<xsl:variable name="product_short_name">Rocky 8</xsl:variable> -+<xsl:variable name="product_stig_id_name">RL_8_STIG</xsl:variable> -+<xsl:variable name="prod_type">rl8</xsl:variable> -+ -+<xsl:variable name="cisuri">https://www.cisecurity.org/benchmark/rl_linux/</xsl:variable> -+<xsl:variable name="product_guide_id_name">RL-8</xsl:variable> -+<xsl:variable name="disa-stigs-uri" select="$disa-stigs-os-unix-linux-uri"/> -+<xsl:variable name="disa-srguri" select="$disa-ossrguri"/> -+ -+<!-- Define URI for custom CCE identifier which can be used for mapping to corporate policy --> -+<!--xsl:variable name="custom-cce-uri">https://www.example.org</xsl:variable--> -+ -+<!-- Define URI for custom policy reference which can be used for linking to corporate policy --> -+<!--xsl:variable name="custom-ref-uri">https://www.example.org</xsl:variable--> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/shorthand2xccdf.xslt b/rl8/transforms/shorthand2xccdf.xslt -new file mode 100644 -index 0000000..e017cf6 ---- /dev/null -+++ b/rl8/transforms/shorthand2xccdf.xslt -@@ -0,0 +1,8 @@ -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> -+ -+<xsl:import href="../../shared/transforms/shared_shorthand2xccdf.xslt"/> -+ -+<xsl:include href="constants.xslt"/> -+<xsl:param name="ssg_version">unknown</xsl:param> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/table-add-srgitems.xslt b/rl8/transforms/table-add-srgitems.xslt -new file mode 100644 -index 0000000..e741fb8 ---- /dev/null -+++ b/rl8/transforms/table-add-srgitems.xslt -@@ -0,0 +1,7 @@ -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:cci="https://public.cyber.mil/stigs/cci"> -+ -+<xsl:include href="../../shared/transforms/shared_table-add-srgitems.xslt"/> -+<xsl:variable name="srgtable" select="document('../output/table-rhel8-srgmap-flat.xhtml')/html/body/table" /> -+<xsl:variable name="cci_list" select="document('../../shared/references/disa-cci-list.xml')/cci:cci_list" /> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/table-sortbyref.xslt b/rl8/transforms/table-sortbyref.xslt -new file mode 100644 -index 0000000..bd97ee1 ---- /dev/null -+++ b/rl8/transforms/table-sortbyref.xslt -@@ -0,0 +1,6 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:import href="../../shared/transforms/shared_table-sortbyref.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/table-srgmap.xslt b/rl8/transforms/table-srgmap.xslt -new file mode 100644 -index 0000000..23c2f60 ---- /dev/null -+++ b/rl8/transforms/table-srgmap.xslt -@@ -0,0 +1,11 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:include href="../../shared/transforms/shared_table-srgmap.xslt"/> -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+<xsl:variable name="items" select="document($map-to-items)//*[cdf:reference]" /> -+<xsl:variable name="title" select="document($map-to-items)/cdf:Benchmark/cdf:title" /> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/table-style.xslt b/rl8/transforms/table-style.xslt -new file mode 100644 -index 0000000..218d0f7 ---- /dev/null -+++ b/rl8/transforms/table-style.xslt -@@ -0,0 +1,5 @@ -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> -+ -+<xsl:import href="../../shared/transforms/shared_table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf-apply-overlay-stig.xslt b/rl8/transforms/xccdf-apply-overlay-stig.xslt -new file mode 100644 -index 0000000..38b354a ---- /dev/null -+++ b/rl8/transforms/xccdf-apply-overlay-stig.xslt -@@ -0,0 +1,8 @@ -+<?xml version="1.0"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf"> -+ -+<xsl:include href="../../shared/transforms/shared_xccdf-apply-overlay-stig.xslt"/> -+<xsl:include href="constants.xslt"/> -+<xsl:variable name="overlays" select="document($overlay)/xccdf:overlays" /> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2stigformat.xslt b/rl8/transforms/xccdf2stigformat.xslt -new file mode 100644 -index 0000000..5421604 ---- /dev/null -+++ b/rl8/transforms/xccdf2stigformat.xslt -@@ -0,0 +1,7 @@ -+<?xml version="1.0"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:dc="http://purl.org/dc/elements/1.1/" exclude-result-prefixes="cdf"> -+ -+<xsl:include href="../../shared/transforms/shared_xccdf2stigformat.xslt"/> -+<xsl:include href="constants.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2table-byref.xslt b/rl8/transforms/xccdf2table-byref.xslt -new file mode 100644 -index 0000000..88a53f5 ---- /dev/null -+++ b/rl8/transforms/xccdf2table-byref.xslt -@@ -0,0 +1,9 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:import href="../../shared/transforms/shared_xccdf2table-byref.xslt"/> -+ -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2table-cce.xslt b/rl8/transforms/xccdf2table-cce.xslt -new file mode 100644 -index 0000000..1ffb222 ---- /dev/null -+++ b/rl8/transforms/xccdf2table-cce.xslt -@@ -0,0 +1,9 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:cce="http://cce.mitre.org" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:import href="../../shared/transforms/shared_xccdf2table-cce.xslt"/> -+ -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2table-profileanssirefs.xslt b/rl8/transforms/xccdf2table-profileanssirefs.xslt -new file mode 100644 -index 0000000..b790974 ---- /dev/null -+++ b/rl8/transforms/xccdf2table-profileanssirefs.xslt -@@ -0,0 +1,8 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:import href="../../shared/transforms/shared_xccdf2table-profileanssirefs.xslt"/> -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2table-profileccirefs.xslt b/rl8/transforms/xccdf2table-profileccirefs.xslt -new file mode 100644 -index 0000000..5a104d9 ---- /dev/null -+++ b/rl8/transforms/xccdf2table-profileccirefs.xslt -@@ -0,0 +1,9 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:cci="https://public.cyber.mil/stigs/cci" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:ovalns="http://oval.mitre.org/XMLSchema/oval-definitions-5"> -+ -+<xsl:import href="../../shared/transforms/shared_xccdf2table-profileccirefs.xslt"/> -+ -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2table-profilecisrefs.xslt b/rl8/transforms/xccdf2table-profilecisrefs.xslt -new file mode 100644 -index 0000000..92cbdf9 ---- /dev/null -+++ b/rl8/transforms/xccdf2table-profilecisrefs.xslt -@@ -0,0 +1,9 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:import href="../../shared/transforms/shared_xccdf2table-profilecisrefs.xslt"/> -+ -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2table-profilenistrefs-cui.xslt b/rl8/transforms/xccdf2table-profilenistrefs-cui.xslt -new file mode 100644 -index 0000000..7596f8b ---- /dev/null -+++ b/rl8/transforms/xccdf2table-profilenistrefs-cui.xslt -@@ -0,0 +1,8 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:import href="../../shared/transforms/shared_xccdf2table-profilenistrefs-cui.xslt"/> -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2table-profilenistrefs.xslt b/rl8/transforms/xccdf2table-profilenistrefs.xslt -new file mode 100644 -index 0000000..8e97c33 ---- /dev/null -+++ b/rl8/transforms/xccdf2table-profilenistrefs.xslt -@@ -0,0 +1,8 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:import href="../../shared/transforms/shared_xccdf2table-profilenistrefs.xslt"/> -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/rl8/transforms/xccdf2table-stig.xslt b/rl8/transforms/xccdf2table-stig.xslt -new file mode 100644 -index 0000000..2fb56fa ---- /dev/null -+++ b/rl8/transforms/xccdf2table-stig.xslt -@@ -0,0 +1,9 @@ -+<?xml version="1.0" encoding="utf-8" standalone="yes"?> -+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml"> -+ -+<xsl:import href="../../shared/transforms/shared_xccdf2table-stig.xslt"/> -+ -+<xsl:include href="constants.xslt"/> -+<xsl:include href="table-style.xslt"/> -+ -+</xsl:stylesheet> -diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml -index 7e2f41c..a5feffb 100644 ---- a/shared/checks/oval/install_mcafee_hbss.xml -+++ b/shared/checks/oval/install_mcafee_hbss.xml -@@ -9,11 +9,12 @@ - <platform>multi_platform_opensuse</platform> - <platform>multi_platform_ol</platform> - <platform>multi_platform_rhcos</platform> -- <platform>multi_platform_rhel</platform> -+ <platform>multi_platform_rhel,multi_platform_rl</platform> - <platform>multi_platform_rhv</platform> - <platform>multi_platform_sle</platform> - <platform>multi_platform_ubuntu</platform> - <platform>multi_platform_wrlinux</platform> -+ <platform>multi_platform_rl</platform> - </affected> - <description>McAfee Host-Based Intrusion Detection Software (HBSS) software - should be installed.</description> -diff --git a/shared/checks/oval/installed_OS_is_rl8.xml b/shared/checks/oval/installed_OS_is_rl8.xml -new file mode 100644 -index 0000000..a0b9c6e ---- /dev/null -+++ b/shared/checks/oval/installed_OS_is_rl8.xml -@@ -0,0 +1,47 @@ -+<def-group> -+ <definition class="inventory" -+ id="installed_OS_is_rl8" version="1"> -+ <metadata> -+ <title>Rocky Linux 8 -+ -+ multi_platform_all -+ -+ -+ The operating system installed on the system is -+ Rocky Linux 8 -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ /etc/os-release -+ ^ID="(\w+)"$ -+ 1 -+ -+ -+ rl -+ -+ -+ -+ -+ -+ -+ -+ /etc/os-release -+ ^VERSION_ID="(\d)"$ -+ 1 -+ -+ -+ 8 -+ -+ -diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml -index 1874500..e9904e7 100644 ---- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml -+++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml -@@ -8,11 +8,12 @@ - multi_platform_opensuse - multi_platform_ol - multi_platform_rhcos -- multi_platform_rhel -+ multi_platform_rhel,multi_platform_rl - multi_platform_rhv - multi_platform_sle - multi_platform_ubuntu - multi_platform_wrlinux -+ multi_platform_rl - - Disables IPv6 for all network interfaces. - -diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml.orig b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml.orig -new file mode 100644 -index 0000000..b99349b ---- /dev/null -+++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml.orig -@@ -0,0 +1,27 @@ -+ -+ -+ -+ Kernel Runtime Parameter IPv6 Check -+ -+ multi_platform_debian -+ multi_platform_fedora -+ multi_platform_opensuse -+ multi_platform_ol -+ multi_platform_rhcos -+ multi_platform_rhel,multi_platform_rl -+ multi_platform_rhv -+ multi_platform_sle -+ multi_platform_ubuntu -+ multi_platform_wrlinux -+ -+ Disables IPv6 for all network interfaces. -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/shared/references/disa-stig-rhel7-v3r1-xccdf-manual.xml b/shared/references/disa-stig-rhel7-v3r1-xccdf-manual.xml -index 560e081..5762d24 100644 ---- a/shared/references/disa-stig-rhel7-v3r1-xccdf-manual.xml -+++ b/shared/references/disa-stig-rhel7-v3r1-xccdf-manual.xml -@@ -5034,4 +5034,4 @@ drwxr-xr-x. 17 root root 4096 Aug 9 13:09 .. - Audit logs must be mode 0600 or less permissive. - If any are more permissive, this is a finding. - --The owner and group owner of all audit log files must both be "root". If any other owner or group owner is listed, this is a finding. -\ No newline at end of file -+The owner and group owner of all audit log files must both be "root". If any other owner or group owner is listed, this is a finding. -diff --git a/shared/references/disa-stig-rhel8-v1r1-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r1-xccdf-manual.xml -index 62d3372..fa78f37 100644 ---- a/shared/references/disa-stig-rhel8-v1r1-xccdf-manual.xml -+++ b/shared/references/disa-stig-rhel8-v1r1-xccdf-manual.xml -@@ -1639,7 +1639,7 @@ Main PID: 1130 (code=exited, status=0/SUCCESS) - - If the "kdump" service is active, ask the System Administrator if the use of the service is required and documented with the Information System Security Officer (ISSO). - --If the service is active and is not documented, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-010671RHEL 8 must disable the kernel.core_pattern.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000366Configure RHEL 8 to disable storing core dumps by adding the following line to a file in the "/etc/sysctl.d" directory: -+If the service is active and is not documented, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-010671RL 8 must disable the kernel.core_pattern.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Rocky Linux 8,multi_platform_rlDISADPMS TargetRocky Linux 8,multi_platform_rl2921CCI-000366Configure RL 8 to disable storing core dumps by adding the following line to a file in the "/etc/sysctl.d" directory: - - kernel.core_pattern = |/bin/false - -@@ -6410,7 +6410,7 @@ $ sudo sysctl net.ipv4.conf.all.accept_redirects net.ipv6.conf.all.accept_redire - net.ipv4.conf.all.accept_redirects = 0 - net.ipv6.conf.all.accept_redirects = 0 - --If both of the returned lines do not have a value of "0", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040281RHEL 8 must disable access to network bpf syscall from unprivileged processes.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000366Configure RHEL 8 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory: -+If both of the returned lines do not have a value of "0", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040281RL 8 must disable access to network bpf syscall from unprivileged processes.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Rocky Linux 8,multi_platform_rlDISADPMS TargetRocky Linux 8,multi_platform_rl2921CCI-000366Configure RL 8 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory: - - kernel.unprivileged_bpf_disabled = 1 - -@@ -6422,7 +6422,7 @@ $ sudo sysctl kernel.unprivileged_bpf_disabled - - kernel.unprivileged_bpf_disabled = 1 - --If the returned line does not have a value of "1", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040282RHEL 8 must restrict usage of ptrace to descendant processes.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000366Configure RHEL 8 to restrict usage of ptrace to descendant processes by adding the following line to a file in the "/etc/sysctl.d" directory: -+If the returned line does not have a value of "1", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040282RL 8 must restrict usage of ptrace to descendant processes.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Rocky Linux 8,multi_platform_rlDISADPMS TargetRocky Linux 8,multi_platform_rl2921CCI-000366Configure RL 8 to restrict usage of ptrace to descendant processes by adding the following line to a file in the "/etc/sysctl.d" directory: - - kernel.yama.ptrace_scope = 1 - -@@ -6434,7 +6434,7 @@ $ sudo sysctl kernel.yama.ptrace_scope - - kernel.yama.ptrace_scope = 1 - --If the returned line does not have a value of "1", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040283RHEL 8 must restrict exposed kernel pointer addresses access.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000366Configure RHEL 8 to restrict exposed kernel pointer addresses access by adding the following line to a file in the "/etc/sysctl.d" directory: -+If the returned line does not have a value of "1", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040283RL 8 must restrict exposed kernel pointer addresses access.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Rocky Linux 8,multi_platform_rlDISADPMS TargetRocky Linux 8,multi_platform_rl2921CCI-000366Configure RL 8 to restrict exposed kernel pointer addresses access by adding the following line to a file in the "/etc/sysctl.d" directory: - - kernel.kptr_restrict = 1 - -@@ -6654,4 +6654,4 @@ $ sudo yum list installed tuned - - tuned.noarch 2.12.0-3.el8 @anaconda - --If the tuned package is installed and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding. -\ No newline at end of file -+If the tuned package is installed and is not documented with the Information System Security Officer (ISSO) as an operational requirement, this is a finding. -diff --git a/shared/references/disa-stig-sle12-v2r1-xccdf-manual.xml b/shared/references/disa-stig-sle12-v2r1-xccdf-manual.xml -index e379e9c..4ff5251 100644 ---- a/shared/references/disa-stig-sle12-v2r1-xccdf-manual.xml -+++ b/shared/references/disa-stig-sle12-v2r1-xccdf-manual.xml -@@ -4039,4 +4039,4 @@ The virus scanning software should be configured to perform scans dynamically on - If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target SUSE Linux Enterprise Server 12DISADPMS TargetSUSE Linux Enterprise Server 124033SV-111689V-102727CCI-001668Install an antivirus solution on the system.Verify an anti-virus solution is installed on the system. The anti-virus solution may be bundled with an approved host-based security solution. - - If there is no anti-virus solution installed on the system, this is a finding. -- -\ No newline at end of file -+ -diff --git a/shared/templates/accounts_password/ansible.template b/shared/templates/accounts_password/ansible.template -index f8478db..cf02ba5 100644 ---- a/shared/templates/accounts_password/ansible.template -+++ b/shared/templates/accounts_password/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/shared/templates/accounts_password/bash.template b/shared/templates/accounts_password/bash.template -index 64d1be6..4a0a75a 100644 ---- a/shared/templates/accounts_password/bash.template -+++ b/shared/templates/accounts_password/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template -index 70101ca..174576a 100644 ---- a/shared/templates/audit_rules_dac_modification/ansible.template -+++ b/shared/templates/audit_rules_dac_modification/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template -index f0d3b69..ad0a809 100644 ---- a/shared/templates/audit_rules_dac_modification/bash.template -+++ b/shared/templates/audit_rules_dac_modification/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/shared/templates/audit_rules_file_deletion_events/ansible.template b/shared/templates/audit_rules_file_deletion_events/ansible.template -index f07ca6a..78ed8fb 100644 ---- a/shared/templates/audit_rules_file_deletion_events/ansible.template -+++ b/shared/templates/audit_rules_file_deletion_events/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_file_deletion_events/bash.template b/shared/templates/audit_rules_file_deletion_events/bash.template -index c387624..39e5ed2 100644 ---- a/shared/templates/audit_rules_file_deletion_events/bash.template -+++ b/shared/templates/audit_rules_file_deletion_events/bash.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template -index 4b32771..058f1fc 100644 ---- a/shared/templates/audit_rules_login_events/ansible.template -+++ b/shared/templates/audit_rules_login_events/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template -index 065e8bb..48540f6 100644 ---- a/shared/templates/audit_rules_login_events/bash.template -+++ b/shared/templates/audit_rules_login_events/bash.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/shared/templates/audit_rules_path_syscall/ansible.template b/shared/templates/audit_rules_path_syscall/ansible.template -index d519609..d9f74a2 100644 ---- a/shared/templates/audit_rules_path_syscall/ansible.template -+++ b/shared/templates/audit_rules_path_syscall/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_path_syscall/bash.template b/shared/templates/audit_rules_path_syscall/bash.template -index c3d31aa..e51654e 100644 ---- a/shared/templates/audit_rules_path_syscall/bash.template -+++ b/shared/templates/audit_rules_path_syscall/bash.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template -index 1c5a8b6..77d6052 100644 ---- a/shared/templates/audit_rules_privileged_commands/ansible.template -+++ b/shared/templates/audit_rules_privileged_commands/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_privileged_commands/bash.template b/shared/templates/audit_rules_privileged_commands/bash.template -index 42e1267..987d093 100644 ---- a/shared/templates/audit_rules_privileged_commands/bash.template -+++ b/shared/templates/audit_rules_privileged_commands/bash.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template -index 8e8e003..581b681 100644 ---- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template -+++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template -index e89ac07..57f4b3d 100644 ---- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template -+++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions -diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template -index ea9738e..698a755 100644 ---- a/shared/templates/audit_rules_usergroup_modification/ansible.template -+++ b/shared/templates/audit_rules_usergroup_modification/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle - # reboot = true - # strategy = restrict - # complexity = low -diff --git a/shared/templates/audit_rules_usergroup_modification/bash.template b/shared/templates/audit_rules_usergroup_modification/bash.template -index 2152417..f27cdf0 100644 ---- a/shared/templates/audit_rules_usergroup_modification/bash.template -+++ b/shared/templates/audit_rules_usergroup_modification/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # Include source function library. - . /usr/share/scap-security-guide/remediation_functions - -diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template -index 6f01abc..d01410d 100644 ---- a/shared/templates/grub2_bootloader_argument/ansible.template -+++ b/shared/templates/grub2_bootloader_argument/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = true - # strategy = restrict - # complexity = medium -diff --git a/shared/templates/grub2_bootloader_argument/bash.template b/shared/templates/grub2_bootloader_argument/bash.template -index b7478d3..2354fa3 100644 ---- a/shared/templates/grub2_bootloader_argument/bash.template -+++ b/shared/templates/grub2_bootloader_argument/bash.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - - {{% if product in ["rhel7", "ol7"] %}} - # Correct the form of default kernel command line in GRUB -diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template -index c4a83ad..5431587 100644 ---- a/shared/templates/kernel_module_disabled/ansible.template -+++ b/shared/templates/kernel_module_disabled/ansible.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template -index f70a992..323928b 100644 ---- a/shared/templates/kernel_module_disabled/bash.template -+++ b/shared/templates/kernel_module_disabled/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/mount/anaconda.template b/shared/templates/mount/anaconda.template -index 5093c92..b1c11ef 100644 ---- a/shared/templates/mount/anaconda.template -+++ b/shared/templates/mount/anaconda.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template -index 0a54865..0c875ae 100644 ---- a/shared/templates/mount_option/anaconda.template -+++ b/shared/templates/mount_option/anaconda.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/mount_option_removable_partitions/anaconda.template b/shared/templates/mount_option_removable_partitions/anaconda.template -index b4510ae..89acb43 100644 ---- a/shared/templates/mount_option_removable_partitions/anaconda.template -+++ b/shared/templates/mount_option_removable_partitions/anaconda.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = Rocky Linux 7,Rocky Linux 8,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/package_installed/anaconda.template b/shared/templates/package_installed/anaconda.template -index 0ac55f5..7a844bb 100644 ---- a/shared/templates/package_installed/anaconda.template -+++ b/shared/templates/package_installed/anaconda.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template -index 473feef..50a75d3 100644 ---- a/shared/templates/package_installed/bash.template -+++ b/shared/templates/package_installed/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template -index 489f9bb..6498b37 100644 ---- a/shared/templates/package_removed/anaconda.template -+++ b/shared/templates/package_removed/anaconda.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = disable - # complexity = low -diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template -index 38d7c7c..4bf8021 100644 ---- a/shared/templates/sebool/ansible.template -+++ b/shared/templates/sebool/ansible.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template -index e9aab9d..0a95374 100644 ---- a/shared/templates/sebool/bash.template -+++ b/shared/templates/sebool/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/service_disabled/bash.template b/shared/templates/service_disabled/bash.template -index b9bf1b5..6948260 100644 ---- a/shared/templates/service_disabled/bash.template -+++ b/shared/templates/service_disabled/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle - # reboot = false - # strategy = disable - # complexity = low -diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template -index 1ab4565..434cd42 100644 ---- a/shared/templates/service_disabled/kubernetes.template -+++ b/shared/templates/service_disabled/kubernetes.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template -index 5a6b09f..192e307 100644 ---- a/shared/templates/service_enabled/bash.template -+++ b/shared/templates/service_enabled/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle - # reboot = false - # strategy = enable - # complexity = low -diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template -index a762794..4e8f4d8 100644 ---- a/shared/templates/sysctl/bash.template -+++ b/shared/templates/sysctl/bash.template -@@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_rl,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu - # reboot = true - # strategy = disable - # complexity = low -diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template -index 7e73d39..2f7d33d 100644 ---- a/shared/templates/zipl_bls_entries_option/ansible.template -+++ b/shared/templates/zipl_bls_entries_option/ansible.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 8 -+# platform = Rocky Linux 8,multi_platform_rl - # reboot = true - # strategy = configure - # complexity = medium -diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template -index d0faeb8..955c7f7 100644 ---- a/shared/templates/zipl_bls_entries_option/bash.template -+++ b/shared/templates/zipl_bls_entries_option/bash.template -@@ -1,4 +1,4 @@ --# platform = Red Hat Enterprise Linux 8 -+# platform = Rocky Linux 8,multi_platform_rl - - # Correct BLS option using grubby, which is a thin wrapper around BLS operations - grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}" -diff --git a/shared/transforms/pcidss/PCI_DSS.json b/shared/transforms/pcidss/PCI_DSS.json -index dae1973..754c893 100644 ---- a/shared/transforms/pcidss/PCI_DSS.json -+++ b/shared/transforms/pcidss/PCI_DSS.json -@@ -1 +1 @@ --[["2.", "Do not use vendor-supplied defaults for system passwords and other", [["2.1", "Always change vendor-supplied", [["2.1.1", "For wireless environments", [["2.1.1.a", "Interview responsible personnel and examine", []], ["2.1.1.b", "Interview personnel and examine policies and", []], ["2.1.1.c", "Examine vendor documentation and login to", []], ["2.1.1.d", "Examine vendor documentation and observe", []], ["2.1.1.e", "Examine vendor documentation and observe", []]]], ["2.1.a", "Choose a sample of system components, and attempt", []], ["2.1.b", "For the sample of system components, verify that all", []], ["2.1.c", "Interview personnel and examine supporting", []]]], ["2.2", "Develop configuration standards for", [["2.2.1", "Implement only one primary", [["2.2.1.a", "Select a sample of system components and", []], ["2.2.1.b", "If virtualization technologies are used, inspect the", []]]], ["2.2.2", "Enable only necessary services,", [["2.2.2.a", "Select a sample of system components and", []], ["2.2.2.b", "Identify any enabled insecure services, daemons,", []]]], ["2.2.3", "Implement additional security", [["2.2.3.a", "Inspect configuration settings to verify that security", []]]], ["2.2.4", "Configure system security", [["2.2.4.a", "Interview system administrators and/or security", []], ["2.2.4.b", "Examine the system configuration standards to", []], ["2.2.4.c", "Select a sample of system components and", []]]], ["2.2.5", "Remove all unnecessary", [["2.2.5.a", "Select a sample of system components and", []], ["2.2.5.b", ". Examine the documentation and security", []], ["2.2.5.c", ". Examine the documentation and security", []]]], ["2.2.a", "", []], ["2.2.b", "Examine policies and interview personnel to", []], ["2.2.c", "Examine policies and interview personnel to", []], ["2.2.d", "Verify that system configuration standards include the", []]]], ["2.3", "Encrypt all non-console", [["2.3.a", "Observe an administrator log on to each system and", []], ["2.3.b", "Review services and parameter files on systems to", []], ["2.3.c", "Observe an administrator log on to each system to", []], ["2.3.d", "Examine vendor documentation and interview", []]]], ["2.4", "Maintain an inventory of system", [["2.4.a", "Examine system inventory to verify that a list of", []], ["2.4.b", "Interview personnel to verify the documented inventory", []]]], ["2.5", "Ensure that security policies and", []], ["2.6", "Shared hosting providers must", []]]], ["3.", "Protect stored cardholder data", [["3.1", "Keep cardholder data storage to a", [["3.1.a", "Examine the data retention and disposal policies,", []], ["3.1.b", "Interview personnel to verify that:", []], ["3.1.c", "For a sample of system components that store cardholder", []]]], ["3.2", "Do not store sensitive authentication", [["3.2.1", "Do not store the full contents of", []], ["3.2.2", "Do not store the card verification", []], ["3.2.3", "Do not store the personal", []], ["3.2.a", "For issuers and/or companies that support issuing", []], ["3.2.b", "For issuers and/or companies that support issuing", []], ["3.2.c", "For all other entities, if sensitive authentication data is", []], ["3.2.d", "For all other entities, if sensitive authentication data is", []]]], ["3.3", "Mask PAN when displayed (the first", [["3.3.a", "Examine written policies and procedures for masking the", []], ["3.3.b", "Examine system configurations to verify that full PAN is", []], ["3.3.c", "Examine displays of PAN (for example, on screen, on", []]]], ["3.4", "Render PAN unreadable anywhere it", [["3.4.1", "If disk encryption is used (rather", [["3.4.1.a", "If disk encryption is used, inspect the configuration", []], ["3.4.1.b", "Observe processes and interview personnel to verify", []], ["3.4.1.c", "Examine the configurations and observe the", []]]], ["3.4.a", "Examine documentation about the system used to protect", []], ["3.4.b", "Examine several tables or files from a sample of data", []], ["3.4.c", "Examine a sample of removable media (for example,", []], ["3.4.d", "Examine a sample of audit logs to confirm that the PAN is", []], ["3.4.e", "If", []]]], ["3.5", "Document and implement", [["3.5.1", "Restrict access to cryptographic", []], ["3.5.2", "Store secret and private keys", [["3.5.2.a", "Examine documented procedures to verify that", []], ["3.5.2.b", "Examine system configurations and key storage", []], ["3.5.2.c", "Wherever key-encrypting keys are used, examine", []]]], ["3.5.3", "Store cryptographic keys in the", []]]], ["3.6", "Fully document and implement all", [["3.6.1", "Generation of strong", [["3.6.1.a", "Verify that key-management procedures specify how", []], ["3.6.1.b", "Observe the method for generating keys to verify that", []]]], ["3.6.2", "Secure cryptographic key", [["3.6.2.a", "Verify that key-management procedures specify how", []], ["3.6.2.b", "Observe the method for distributing keys to verify that", []]]], ["3.6.3", "Secure cryptographic key storage", [["3.6.3.a", "Verify that key-management procedures specify how", []], ["3.6.3.b", "Observe the method for storing keys to verify that", []]]], ["3.6.4", "Cryptographic key changes for", [["3.6.4.a", "Verify that key-management procedures include a", []], ["3.6.4.b", "Interview personnel to verify that keys are changed at", []]]], ["3.6.5", "Retirement or replacement (for", [["3.6.5.a", "Verify that key-management procedures specify", []], ["3.6.5.b", "Interview personnel to verify the following processes", []]]], ["3.6.6", "If manual clear-text cryptographic", [["3.6.6.a", "Verify that manual clear-text key-management", []]]], ["3.6.7", "Prevention of unauthorized", [["3.6.7.a", "Verify that key-management procedures specify", []], ["3.6.7.b", "Interview personnel and/or observe processes to", []]]], ["3.6.8", "Requirement for cryptographic", [["3.6.8.a", "Verify that key-management procedures specify", []], ["3.6.8.b", "Observe documentation or other evidence showing", []]]], ["3.6.b", "Examine the key-management procedures and processes", []]]], ["3.7", "Ensure that security policies and", []]]], ["4.", "Encrypt transmission of cardholder data across open, public networks", [["4.1", "Use strong cryptography and security", [["4.1.1", "Ensure wireless networks transmitting", []], ["4.1.a", "Identify all locations where cardholder data is", []], ["4.1.b", "Review documented policies and procedures to verify", []], ["4.1.c", "Select and observe a sample of inbound and outbound", []], ["4.1.d", "Examine keys and certificates to verify that only", []], ["4.1.e", "Examine system configurations to verify that the", []], ["4.1.f", "Examine system configurations to verify that the proper", []], ["4.1.g", "For TLS implementations, examine system", []]]], ["4.2", "Never send unprotected PANs by end-", [["4.2.a", "If end-user messaging technologies are used to send", []], ["4.2.b", "Review written policies to verify the existence of a", []]]], ["4.3", "Ensure that security policies and", []]]], ["5.", "Protect all systems against malware and regularly update anti-virus", [["5.1", "Deploy anti-virus software on all", [["5.1.1", "Ensure that anti-virus programs", []], ["5.1.2", "For systems considered to be not", []]]], ["5.2", "Ensure that all anti-virus mechanisms", [["5.2.a", "Examine policies and procedures to verify that anti-virus", []], ["5.2.b", "Examine anti-virus configurations, including the master", []], ["5.2.c", "Examine a sample of system components, including all", []], ["5.2.d", "Examine anti-virus configurations, including the master", []]]], ["5.3", "Ensure that anti-virus mechanisms", [["5.3.a", "Examine anti-virus configurations, including the master", []], ["5.3.b", "Examine anti-virus configurations, including the master", []], ["5.3.c", "Interview responsible personnel and observe processes to", []]]], ["5.4", "Ensure that security policies and", []]]], ["6.", "Develop and maintain secure systems and applications", [["6.1", "Establish a process to identify security", [["6.1.a", "Examine policies and procedures to verify that", []], ["6.1.b", "Interview responsible personnel and observe", []]]], ["6.2", "Ensure that all system components and", [["6.2.a", "Examine policies and procedures related to security-", []], ["6.2.b", "For a sample of system components and related", []]]], ["6.3", "Develop internal and external software", [["6.3.1", "Remove development, test and/or", []], ["6.3.2", "Review custom code prior to release", [["6.3.2.a", "Examine written software-development procedures", []], ["6.3.2.b", "Select a sample of recent custom application", []]]], ["6.3.a", "Examine written software-development processes to", []], ["6.3.b", "Examine written software-development processes to", []], ["6.3.c", "Examine written software-development processes to", []], ["6.3.d", "Interview software developers to verify that written", []]]], ["6.4", "Follow change control processes and", [["6.4.1", "Separate development/test", [["6.4.1.a", "Examine network documentation and network", []], ["6.4.1.b", "Examine access controls settings to verify that", []]]], ["6.4.2", "Separation of duties between", []], ["6.4.3", "Production data (live PANs) are not", [["6.4.3.a", "Observe testing processes and interview", []], ["6.4.3.b", "Examine a sample of test data to verify production", []]]], ["6.4.4", "Removal of test data and accounts", [["6.4.4.a", "Observe testing processes and interview", []], ["6.4.4.b", "Examine a sample of data and accounts from", []]]], ["6.4.5", "Change control procedures for the", [["6.4.5.a", "Examine documented change control procedures", []], ["6.4.5.b", "For a sample of system components, interview", []]]]]], ["6.5", "Address common coding vulnerabilities in", [["6.5.1", "Injection flaws, particularly SQL", []], ["6.5.10", "Broken authentication and session", []], ["6.5.2", "Buffer overflows", []], ["6.5.3", "Insecure cryptographic storage", []], ["6.5.4", "Insecure communications", []], ["6.5.5", "Improper error handling", []], ["6.5.6", "Examine software-development policies and", []], ["6.5.7", "Cross-site scripting (XSS)", []], ["6.5.8", "Improper access control (such as", []], ["6.5.9", "Cross-site request forgery (CSRF)", []], ["6.5.a", "Examine software-development policies and", []], ["6.5.b", "Interview a sample of developers to verify that they are", []], ["6.5.c", "Examine records of training to verify that software", []]]], ["6.6", "For public-facing web applications,", []], ["6.7", "Ensure that security policies and", []]]], ["7.", "Restrict access to cardholder data by business need to know", [["7.1", "Limit access to system", [["7.1.1", "Define access needs for", []], ["7.1.2", "Restrict access to privileged", [["7.1.2.a", "Interview personnel responsible for assigning access to", []], ["7.1.2.b", "Select a sample of user IDs with privileged access and", []]]], ["7.1.3", "Assign access based on", []], ["7.1.4", "Require documented", []]]], ["7.2", "Establish an access control", [["7.2.1", "Coverage of all system", []], ["7.2.2", "Assignment of privileges to", []], ["7.2.3", "", []]]], ["7.3", "Ensure that security policies and", []]]], ["8.", "Identify and authenticate access to system components", [["8.1", "Define and implement policies and", [["8.1.1", "Assign all users a unique ID", []], ["8.1.2", "Control addition, deletion, and", []], ["8.1.3", "Immediately revoke access for", [["8.1.3.a", "Select a sample of users terminated in the past six", []], ["8.1.3.b", "Verify all physical authentication methods", []]]], ["8.1.4", "Remove/disable inactive user", []], ["8.1.5", "Manage IDs used by vendors to", [["8.1.5.a", "Interview personnel and observe processes for", []], ["8.1.5.b", "Interview personnel and observe processes to verify", []]]], ["8.1.6", "Limit repeated access attempts", [["8.1.6.a", "For a sample of system components, inspect system", []], ["8.1.6.b", "", []]]], ["8.1.7", "Set the lockout duration to a", []], ["8.1.8", "If a session has been idle for", []], ["8.1.a", "Review procedures and confirm they define processes for", []], ["8.1.b", "Verify that procedures are implemented for user", []]]], ["8.2", "In addition to assigning a unique ID,", [["8.2.1", "Using strong cryptography,", [["8.2.1.a", "Examine vendor documentation and system", []], ["8.2.1.b", "For a sample of system components, examine", []], ["8.2.1.c", "For a sample of system components, examine data", []], ["8.2.1.d", "", []]]], ["8.2.2", "Verify user identity before", []], ["8.2.3", "Passwords/phrases must meet", [["8.2.3.a", "For a sample of system components, inspect system", []], ["8.2.3.b", "", []]]], ["8.2.4", "Change user", [["8.2.4.a", "For a sample of system components, inspect system", []], ["8.2.4.b", "", []]]], ["8.2.5", "Do not allow an individual to", [["8.2.5.a", "For a sample of system components, obtain and", []], ["8.2.5.b", "", []]]], ["8.2.6", "Set passwords/phrases for first-", []]]], ["8.3", "Incorporate two-factor authentication", [["8.3.a", "Examine system configurations for remote access servers", []], ["8.3.b", "Observe a sample of personnel (for example, users and", []]]], ["8.4", "Document and communicate", [["8.4.a", "Examine", []], ["8.4.b", "Review authentication policies and procedures that are", []], ["8.4.c", "Interview a sample of users to verify that they are familiar", []]]], ["8.5", "Do not use group, shared, or generic", [["8.5.1", "", []], ["8.5.a", "For a sample of system components, examine user ID lists", []], ["8.5.b", "Examine authentication policies and procedures to verify", []], ["8.5.c", "Interview system administrators to verify that group and", []]]], ["8.6", "Where other authentication", [["8.6.a", "Examine authentication policies and procedures to verify", []], ["8.6.b", "Interview security personnel to verify authentication", []], ["8.6.c", "Examine system configuration settings and/or physical", []]]], ["8.7", "All access to any database", [["8.7.a", "Review database and application configuration settings", []], ["8.7.b", "Examine database and application configuration settings to", []], ["8.7.c", "Examine database access control settings and database", []], ["8.7.d", "Examine database access control settings, database", []]]], ["8.8", "Ensure that security policies and", []]]], ["10.", "Track and monitor all access to network resources and cardholder data", [["10.1", "Implement audit trails to link all", []], ["10.2", "Implement automated audit trails for", [["10.2.1", "All individual user accesses to", []], ["10.2.2", "All actions taken by any", []], ["10.2.3", "Access to all audit trails", []], ["10.2.4", "Invalid logical access attempts", []], ["10.2.5", "Use of and changes to", [["10.2.5.a", "Verify use of identification and authentication", []], ["10.2.5.b", "Verify all elevation of privileges is logged.", []], ["10.2.5.c", "Verify all changes, additions, or deletions to any account", []]]], ["10.2.6", "Initialization, stopping, or", []], ["10.2.7", "Creation and deletion of system-", []]]], ["10.3", "Record at least the following audit", [["10.3.1", "User identification", []], ["10.3.2", "Type of event", []], ["10.3.3", "Date and time", []], ["10.3.4", "Success or failure indication", []], ["10.3.5", "Origination of event", []], ["10.3.6", "Identity or name of affected", []]]], ["10.4", "Using time-synchronization", [["10.4.1", "Critical systems have the", [["10.4.1.a", "Examine the process for acquiring, distributing and", []], ["10.4.1.b", "Observe the time-related system-parameter settings for", []]]], ["10.4.2", "Time data is protected.", [["10.4.2.a", "Examine system configurations and time-", []], ["10.4.2.b", "Examine system configurations, time synchronization", []]]], ["10.4.3", "Time settings are received from", []]]], ["10.5", "Secure audit trails so they cannot", [["10.5.1", "Limit viewing of audit trails to", []], ["10.5.2", "Protect audit trail files from", []], ["10.5.3", "Promptly back up audit trail files", []], ["10.5.4", "Write logs for external-facing", []], ["10.5.5", "Use file-integrity monitoring or", []]]], ["10.6", "Review logs and security events for", [["10.6.1", "Review the following at least", [["10.6.1.a", "Examine security policies and procedures to verify that", []], ["10.6.1.b", "Observe processes and interview personnel to verify", []]]], ["10.6.2", "Review logs of all other system", [["10.6.2.a", "Examine security policies and procedures to verify that", []], ["10.6.2.b", "", []]]], ["10.6.3", "Follow up exceptions and", [["10.6.3.a", "Examine security policies and procedures to verify that", []], ["10.6.3.b", "Observe processes and interview personnel to verify", []]]]]], ["10.7", "Retain audit trail history for at least", [["10.7.a", "Examine security policies and procedures to verify that they", []], ["10.7.b", "Interview personnel and examine audit logs to verify that", []], ["10.7.c", "Interview personnel and observe processes to verify that at", []]]], ["10.8", "Ensure that security policies and", []]]], ["11.", "Regularly test security systems and processes", [["11.1", "Implement processes to test for the", [["11.1.1", "Maintain an inventory of", []], ["11.1.2", "Implement incident response", [["11.1.2.a", "", []], ["11.1.2.b", "Interview responsible personnel and/or inspect", []]]], ["11.1.a", "Examine policies and procedures to verify processes", []], ["11.1.b", "Verify that the methodology is adequate to detect and", []], ["11.1.c", "If wireless scanning is utilized, examine output from", []], ["11.1.d", "If automated monitoring is utilized (for example,", []]]], ["11.2", "Run internal and external network", [["11.2.1", "Perform quarterly internal", [["11.2.1.a", "Review the scan reports and verify that four", []], ["11.2.1.b", "Review the scan reports and verify that the scan", []]]], ["11.2.2", "Perform quarterly external", [["11.2.2.c", "Review the scan reports to verify that the scans", []]]], ["11.2.3", "Perform internal and external", [["11.2.3.a", "Inspect and correlate change control", []], ["11.2.3.b", "Review scan reports and verify that the scan", []], ["11.2.3.c", "Validate that the scan was performed by a qualified", []]]]]], ["11.3", "Implement a methodology for", [["11.3.1", "Perform", [["11.3.1.a", "Examine the scope of work and results from the", []], ["11.3.1.b", "Verify that the test was performed by a qualified", []]]], ["11.3.2", "Perform", [["11.3.2.a", "Examine the scope of work and results from the", []], ["11.3.2.b", "Verify that the test was performed by a qualified", []]]], ["11.3.3", "Exploitable vulnerabilities found", []], ["11.3.4", "If segmentation is used to isolate", [["11.3.4.a", "Examine segmentation controls and review", []], ["11.3.4.b", "Examine the results from the most recent", []]]]]], ["11.4", "Use intrusion-detection and/or", [["11.4.a", "Examine system configurations and network diagrams", []], ["11.4.b", "Examine system configurations and interview", []], ["11.4.c", "Examine IDS/IPS configurations and vendor", []]]], ["11.5", "Deploy a change-detection", [["11.5.1", "Implement a process to respond to", []], ["11.5.a", "Verify the use of a change-detection mechanism within", []], ["11.5.b", "Verify the mechanism is configured to alert personnel", []]]], ["11.6", "Ensure that security policies and", []]]]] -\ No newline at end of file -+[["2.", "Do not use vendor-supplied defaults for system passwords and other", [["2.1", "Always change vendor-supplied", [["2.1.1", "For wireless environments", [["2.1.1.a", "Interview responsible personnel and examine", []], ["2.1.1.b", "Interview personnel and examine policies and", []], ["2.1.1.c", "Examine vendor documentation and login to", []], ["2.1.1.d", "Examine vendor documentation and observe", []], ["2.1.1.e", "Examine vendor documentation and observe", []]]], ["2.1.a", "Choose a sample of system components, and attempt", []], ["2.1.b", "For the sample of system components, verify that all", []], ["2.1.c", "Interview personnel and examine supporting", []]]], ["2.2", "Develop configuration standards for", [["2.2.1", "Implement only one primary", [["2.2.1.a", "Select a sample of system components and", []], ["2.2.1.b", "If virtualization technologies are used, inspect the", []]]], ["2.2.2", "Enable only necessary services,", [["2.2.2.a", "Select a sample of system components and", []], ["2.2.2.b", "Identify any enabled insecure services, daemons,", []]]], ["2.2.3", "Implement additional security", [["2.2.3.a", "Inspect configuration settings to verify that security", []]]], ["2.2.4", "Configure system security", [["2.2.4.a", "Interview system administrators and/or security", []], ["2.2.4.b", "Examine the system configuration standards to", []], ["2.2.4.c", "Select a sample of system components and", []]]], ["2.2.5", "Remove all unnecessary", [["2.2.5.a", "Select a sample of system components and", []], ["2.2.5.b", ". Examine the documentation and security", []], ["2.2.5.c", ". Examine the documentation and security", []]]], ["2.2.a", "", []], ["2.2.b", "Examine policies and interview personnel to", []], ["2.2.c", "Examine policies and interview personnel to", []], ["2.2.d", "Verify that system configuration standards include the", []]]], ["2.3", "Encrypt all non-console", [["2.3.a", "Observe an administrator log on to each system and", []], ["2.3.b", "Review services and parameter files on systems to", []], ["2.3.c", "Observe an administrator log on to each system to", []], ["2.3.d", "Examine vendor documentation and interview", []]]], ["2.4", "Maintain an inventory of system", [["2.4.a", "Examine system inventory to verify that a list of", []], ["2.4.b", "Interview personnel to verify the documented inventory", []]]], ["2.5", "Ensure that security policies and", []], ["2.6", "Shared hosting providers must", []]]], ["3.", "Protect stored cardholder data", [["3.1", "Keep cardholder data storage to a", [["3.1.a", "Examine the data retention and disposal policies,", []], ["3.1.b", "Interview personnel to verify that:", []], ["3.1.c", "For a sample of system components that store cardholder", []]]], ["3.2", "Do not store sensitive authentication", [["3.2.1", "Do not store the full contents of", []], ["3.2.2", "Do not store the card verification", []], ["3.2.3", "Do not store the personal", []], ["3.2.a", "For issuers and/or companies that support issuing", []], ["3.2.b", "For issuers and/or companies that support issuing", []], ["3.2.c", "For all other entities, if sensitive authentication data is", []], ["3.2.d", "For all other entities, if sensitive authentication data is", []]]], ["3.3", "Mask PAN when displayed (the first", [["3.3.a", "Examine written policies and procedures for masking the", []], ["3.3.b", "Examine system configurations to verify that full PAN is", []], ["3.3.c", "Examine displays of PAN (for example, on screen, on", []]]], ["3.4", "Render PAN unreadable anywhere it", [["3.4.1", "If disk encryption is used (rather", [["3.4.1.a", "If disk encryption is used, inspect the configuration", []], ["3.4.1.b", "Observe processes and interview personnel to verify", []], ["3.4.1.c", "Examine the configurations and observe the", []]]], ["3.4.a", "Examine documentation about the system used to protect", []], ["3.4.b", "Examine several tables or files from a sample of data", []], ["3.4.c", "Examine a sample of removable media (for example,", []], ["3.4.d", "Examine a sample of audit logs to confirm that the PAN is", []], ["3.4.e", "If", []]]], ["3.5", "Document and implement", [["3.5.1", "Restrict access to cryptographic", []], ["3.5.2", "Store secret and private keys", [["3.5.2.a", "Examine documented procedures to verify that", []], ["3.5.2.b", "Examine system configurations and key storage", []], ["3.5.2.c", "Wherever key-encrypting keys are used, examine", []]]], ["3.5.3", "Store cryptographic keys in the", []]]], ["3.6", "Fully document and implement all", [["3.6.1", "Generation of strong", [["3.6.1.a", "Verify that key-management procedures specify how", []], ["3.6.1.b", "Observe the method for generating keys to verify that", []]]], ["3.6.2", "Secure cryptographic key", [["3.6.2.a", "Verify that key-management procedures specify how", []], ["3.6.2.b", "Observe the method for distributing keys to verify that", []]]], ["3.6.3", "Secure cryptographic key storage", [["3.6.3.a", "Verify that key-management procedures specify how", []], ["3.6.3.b", "Observe the method for storing keys to verify that", []]]], ["3.6.4", "Cryptographic key changes for", [["3.6.4.a", "Verify that key-management procedures include a", []], ["3.6.4.b", "Interview personnel to verify that keys are changed at", []]]], ["3.6.5", "Retirement or replacement (for", [["3.6.5.a", "Verify that key-management procedures specify", []], ["3.6.5.b", "Interview personnel to verify the following processes", []]]], ["3.6.6", "If manual clear-text cryptographic", [["3.6.6.a", "Verify that manual clear-text key-management", []]]], ["3.6.7", "Prevention of unauthorized", [["3.6.7.a", "Verify that key-management procedures specify", []], ["3.6.7.b", "Interview personnel and/or observe processes to", []]]], ["3.6.8", "Requirement for cryptographic", [["3.6.8.a", "Verify that key-management procedures specify", []], ["3.6.8.b", "Observe documentation or other evidence showing", []]]], ["3.6.b", "Examine the key-management procedures and processes", []]]], ["3.7", "Ensure that security policies and", []]]], ["4.", "Encrypt transmission of cardholder data across open, public networks", [["4.1", "Use strong cryptography and security", [["4.1.1", "Ensure wireless networks transmitting", []], ["4.1.a", "Identify all locations where cardholder data is", []], ["4.1.b", "Review documented policies and procedures to verify", []], ["4.1.c", "Select and observe a sample of inbound and outbound", []], ["4.1.d", "Examine keys and certificates to verify that only", []], ["4.1.e", "Examine system configurations to verify that the", []], ["4.1.f", "Examine system configurations to verify that the proper", []], ["4.1.g", "For TLS implementations, examine system", []]]], ["4.2", "Never send unprotected PANs by end-", [["4.2.a", "If end-user messaging technologies are used to send", []], ["4.2.b", "Review written policies to verify the existence of a", []]]], ["4.3", "Ensure that security policies and", []]]], ["5.", "Protect all systems against malware and regularly update anti-virus", [["5.1", "Deploy anti-virus software on all", [["5.1.1", "Ensure that anti-virus programs", []], ["5.1.2", "For systems considered to be not", []]]], ["5.2", "Ensure that all anti-virus mechanisms", [["5.2.a", "Examine policies and procedures to verify that anti-virus", []], ["5.2.b", "Examine anti-virus configurations, including the master", []], ["5.2.c", "Examine a sample of system components, including all", []], ["5.2.d", "Examine anti-virus configurations, including the master", []]]], ["5.3", "Ensure that anti-virus mechanisms", [["5.3.a", "Examine anti-virus configurations, including the master", []], ["5.3.b", "Examine anti-virus configurations, including the master", []], ["5.3.c", "Interview responsible personnel and observe processes to", []]]], ["5.4", "Ensure that security policies and", []]]], ["6.", "Develop and maintain secure systems and applications", [["6.1", "Establish a process to identify security", [["6.1.a", "Examine policies and procedures to verify that", []], ["6.1.b", "Interview responsible personnel and observe", []]]], ["6.2", "Ensure that all system components and", [["6.2.a", "Examine policies and procedures related to security-", []], ["6.2.b", "For a sample of system components and related", []]]], ["6.3", "Develop internal and external software", [["6.3.1", "Remove development, test and/or", []], ["6.3.2", "Review custom code prior to release", [["6.3.2.a", "Examine written software-development procedures", []], ["6.3.2.b", "Select a sample of recent custom application", []]]], ["6.3.a", "Examine written software-development processes to", []], ["6.3.b", "Examine written software-development processes to", []], ["6.3.c", "Examine written software-development processes to", []], ["6.3.d", "Interview software developers to verify that written", []]]], ["6.4", "Follow change control processes and", [["6.4.1", "Separate development/test", [["6.4.1.a", "Examine network documentation and network", []], ["6.4.1.b", "Examine access controls settings to verify that", []]]], ["6.4.2", "Separation of duties between", []], ["6.4.3", "Production data (live PANs) are not", [["6.4.3.a", "Observe testing processes and interview", []], ["6.4.3.b", "Examine a sample of test data to verify production", []]]], ["6.4.4", "Removal of test data and accounts", [["6.4.4.a", "Observe testing processes and interview", []], ["6.4.4.b", "Examine a sample of data and accounts from", []]]], ["6.4.5", "Change control procedures for the", [["6.4.5.a", "Examine documented change control procedures", []], ["6.4.5.b", "For a sample of system components, interview", []]]]]], ["6.5", "Address common coding vulnerabilities in", [["6.5.1", "Injection flaws, particularly SQL", []], ["6.5.10", "Broken authentication and session", []], ["6.5.2", "Buffer overflows", []], ["6.5.3", "Insecure cryptographic storage", []], ["6.5.4", "Insecure communications", []], ["6.5.5", "Improper error handling", []], ["6.5.6", "Examine software-development policies and", []], ["6.5.7", "Cross-site scripting (XSS)", []], ["6.5.8", "Improper access control (such as", []], ["6.5.9", "Cross-site request forgery (CSRF)", []], ["6.5.a", "Examine software-development policies and", []], ["6.5.b", "Interview a sample of developers to verify that they are", []], ["6.5.c", "Examine records of training to verify that software", []]]], ["6.6", "For public-facing web applications,", []], ["6.7", "Ensure that security policies and", []]]], ["7.", "Restrict access to cardholder data by business need to know", [["7.1", "Limit access to system", [["7.1.1", "Define access needs for", []], ["7.1.2", "Restrict access to privileged", [["7.1.2.a", "Interview personnel responsible for assigning access to", []], ["7.1.2.b", "Select a sample of user IDs with privileged access and", []]]], ["7.1.3", "Assign access based on", []], ["7.1.4", "Require documented", []]]], ["7.2", "Establish an access control", [["7.2.1", "Coverage of all system", []], ["7.2.2", "Assignment of privileges to", []], ["7.2.3", "", []]]], ["7.3", "Ensure that security policies and", []]]], ["8.", "Identify and authenticate access to system components", [["8.1", "Define and implement policies and", [["8.1.1", "Assign all users a unique ID", []], ["8.1.2", "Control addition, deletion, and", []], ["8.1.3", "Immediately revoke access for", [["8.1.3.a", "Select a sample of users terminated in the past six", []], ["8.1.3.b", "Verify all physical authentication methods", []]]], ["8.1.4", "Remove/disable inactive user", []], ["8.1.5", "Manage IDs used by vendors to", [["8.1.5.a", "Interview personnel and observe processes for", []], ["8.1.5.b", "Interview personnel and observe processes to verify", []]]], ["8.1.6", "Limit repeated access attempts", [["8.1.6.a", "For a sample of system components, inspect system", []], ["8.1.6.b", "", []]]], ["8.1.7", "Set the lockout duration to a", []], ["8.1.8", "If a session has been idle for", []], ["8.1.a", "Review procedures and confirm they define processes for", []], ["8.1.b", "Verify that procedures are implemented for user", []]]], ["8.2", "In addition to assigning a unique ID,", [["8.2.1", "Using strong cryptography,", [["8.2.1.a", "Examine vendor documentation and system", []], ["8.2.1.b", "For a sample of system components, examine", []], ["8.2.1.c", "For a sample of system components, examine data", []], ["8.2.1.d", "", []]]], ["8.2.2", "Verify user identity before", []], ["8.2.3", "Passwords/phrases must meet", [["8.2.3.a", "For a sample of system components, inspect system", []], ["8.2.3.b", "", []]]], ["8.2.4", "Change user", [["8.2.4.a", "For a sample of system components, inspect system", []], ["8.2.4.b", "", []]]], ["8.2.5", "Do not allow an individual to", [["8.2.5.a", "For a sample of system components, obtain and", []], ["8.2.5.b", "", []]]], ["8.2.6", "Set passwords/phrases for first-", []]]], ["8.3", "Incorporate two-factor authentication", [["8.3.a", "Examine system configurations for remote access servers", []], ["8.3.b", "Observe a sample of personnel (for example, users and", []]]], ["8.4", "Document and communicate", [["8.4.a", "Examine", []], ["8.4.b", "Review authentication policies and procedures that are", []], ["8.4.c", "Interview a sample of users to verify that they are familiar", []]]], ["8.5", "Do not use group, shared, or generic", [["8.5.1", "", []], ["8.5.a", "For a sample of system components, examine user ID lists", []], ["8.5.b", "Examine authentication policies and procedures to verify", []], ["8.5.c", "Interview system administrators to verify that group and", []]]], ["8.6", "Where other authentication", [["8.6.a", "Examine authentication policies and procedures to verify", []], ["8.6.b", "Interview security personnel to verify authentication", []], ["8.6.c", "Examine system configuration settings and/or physical", []]]], ["8.7", "All access to any database", [["8.7.a", "Review database and application configuration settings", []], ["8.7.b", "Examine database and application configuration settings to", []], ["8.7.c", "Examine database access control settings and database", []], ["8.7.d", "Examine database access control settings, database", []]]], ["8.8", "Ensure that security policies and", []]]], ["10.", "Track and monitor all access to network resources and cardholder data", [["10.1", "Implement audit trails to link all", []], ["10.2", "Implement automated audit trails for", [["10.2.1", "All individual user accesses to", []], ["10.2.2", "All actions taken by any", []], ["10.2.3", "Access to all audit trails", []], ["10.2.4", "Invalid logical access attempts", []], ["10.2.5", "Use of and changes to", [["10.2.5.a", "Verify use of identification and authentication", []], ["10.2.5.b", "Verify all elevation of privileges is logged.", []], ["10.2.5.c", "Verify all changes, additions, or deletions to any account", []]]], ["10.2.6", "Initialization, stopping, or", []], ["10.2.7", "Creation and deletion of system-", []]]], ["10.3", "Record at least the following audit", [["10.3.1", "User identification", []], ["10.3.2", "Type of event", []], ["10.3.3", "Date and time", []], ["10.3.4", "Success or failure indication", []], ["10.3.5", "Origination of event", []], ["10.3.6", "Identity or name of affected", []]]], ["10.4", "Using time-synchronization", [["10.4.1", "Critical systems have the", [["10.4.1.a", "Examine the process for acquiring, distributing and", []], ["10.4.1.b", "Observe the time-related system-parameter settings for", []]]], ["10.4.2", "Time data is protected.", [["10.4.2.a", "Examine system configurations and time-", []], ["10.4.2.b", "Examine system configurations, time synchronization", []]]], ["10.4.3", "Time settings are received from", []]]], ["10.5", "Secure audit trails so they cannot", [["10.5.1", "Limit viewing of audit trails to", []], ["10.5.2", "Protect audit trail files from", []], ["10.5.3", "Promptly back up audit trail files", []], ["10.5.4", "Write logs for external-facing", []], ["10.5.5", "Use file-integrity monitoring or", []]]], ["10.6", "Review logs and security events for", [["10.6.1", "Review the following at least", [["10.6.1.a", "Examine security policies and procedures to verify that", []], ["10.6.1.b", "Observe processes and interview personnel to verify", []]]], ["10.6.2", "Review logs of all other system", [["10.6.2.a", "Examine security policies and procedures to verify that", []], ["10.6.2.b", "", []]]], ["10.6.3", "Follow up exceptions and", [["10.6.3.a", "Examine security policies and procedures to verify that", []], ["10.6.3.b", "Observe processes and interview personnel to verify", []]]]]], ["10.7", "Retain audit trail history for at least", [["10.7.a", "Examine security policies and procedures to verify that they", []], ["10.7.b", "Interview personnel and examine audit logs to verify that", []], ["10.7.c", "Interview personnel and observe processes to verify that at", []]]], ["10.8", "Ensure that security policies and", []]]], ["11.", "Regularly test security systems and processes", [["11.1", "Implement processes to test for the", [["11.1.1", "Maintain an inventory of", []], ["11.1.2", "Implement incident response", [["11.1.2.a", "", []], ["11.1.2.b", "Interview responsible personnel and/or inspect", []]]], ["11.1.a", "Examine policies and procedures to verify processes", []], ["11.1.b", "Verify that the methodology is adequate to detect and", []], ["11.1.c", "If wireless scanning is utilized, examine output from", []], ["11.1.d", "If automated monitoring is utilized (for example,", []]]], ["11.2", "Run internal and external network", [["11.2.1", "Perform quarterly internal", [["11.2.1.a", "Review the scan reports and verify that four", []], ["11.2.1.b", "Review the scan reports and verify that the scan", []]]], ["11.2.2", "Perform quarterly external", [["11.2.2.c", "Review the scan reports to verify that the scans", []]]], ["11.2.3", "Perform internal and external", [["11.2.3.a", "Inspect and correlate change control", []], ["11.2.3.b", "Review scan reports and verify that the scan", []], ["11.2.3.c", "Validate that the scan was performed by a qualified", []]]]]], ["11.3", "Implement a methodology for", [["11.3.1", "Perform", [["11.3.1.a", "Examine the scope of work and results from the", []], ["11.3.1.b", "Verify that the test was performed by a qualified", []]]], ["11.3.2", "Perform", [["11.3.2.a", "Examine the scope of work and results from the", []], ["11.3.2.b", "Verify that the test was performed by a qualified", []]]], ["11.3.3", "Exploitable vulnerabilities found", []], ["11.3.4", "If segmentation is used to isolate", [["11.3.4.a", "Examine segmentation controls and review", []], ["11.3.4.b", "Examine the results from the most recent", []]]]]], ["11.4", "Use intrusion-detection and/or", [["11.4.a", "Examine system configurations and network diagrams", []], ["11.4.b", "Examine system configurations and interview", []], ["11.4.c", "Examine IDS/IPS configurations and vendor", []]]], ["11.5", "Deploy a change-detection", [["11.5.1", "Implement a process to respond to", []], ["11.5.a", "Verify the use of a change-detection mechanism within", []], ["11.5.b", "Verify the mechanism is configured to alert personnel", []]]], ["11.6", "Ensure that security policies and", []]]]] -diff --git a/shared/transforms/srg-overlay.xslt b/shared/transforms/srg-overlay.xslt -index 59ec890..7e00bf6 100644 ---- a/shared/transforms/srg-overlay.xslt -+++ b/shared/transforms/srg-overlay.xslt -@@ -104,4 +104,4 @@ - - - -- -\ No newline at end of file -+ -diff --git a/ssg/constants.py b/ssg/constants.py -index 589c955..8cd2472 100644 ---- a/ssg/constants.py -+++ b/ssg/constants.py -@@ -23,7 +23,8 @@ product_directories = [ - 'sle12', 'sle15', - 'ubuntu1604', 'ubuntu1804', 'ubuntu2004', - 'vsel', -- 'wrlinux8', 'wrlinux1019' -+ 'wrlinux8', 'wrlinux1019', -+ 'rl8' - ] - - JINJA_MACROS_BASE_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname( -@@ -167,6 +168,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = { - "Ubuntu 20.04": "ubuntu2004", - "WRLinux 8": "wrlinux8", - "WRLinux 1019": "wrlinux1019", -+ "Rocky Linux 8": "rl8", - } - - -@@ -181,7 +183,7 @@ REF_PREFIX_MAP = { - } - - MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu", -- "wrlinux", "opensuse", "sle", "ol", "ocp", "rhcos", "example"] -+ "wrlinux", "opensuse", "sle", "ol", "ocp", "rhcos", "rl", "example"] - - MULTI_PLATFORM_MAPPING = { - "multi_platform_debian": ["debian9", "debian10"], -@@ -197,6 +199,7 @@ MULTI_PLATFORM_MAPPING = { - "multi_platform_sle": ["sle12", "sle15"], - "multi_platform_ubuntu": ["ubuntu1604", "ubuntu1804", "ubuntu2004"], - "multi_platform_wrlinux": ["wrlinux8", "wrlinux1019"], -+ "multi_platform_wrlinux": ["rl8"], - } - - RHEL_CENTOS_CPE_MAPPING = { -@@ -362,6 +365,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = { - 'ol': 'Oracle Linux', - 'ocp': 'Red Hat OpenShift Container Platform', - 'rhcos': 'Red Hat Enterprise Linux CoreOS', -+ 'rl': 'Rocky Linux', - } - - -diff --git a/ssg/constants.py.orig b/ssg/constants.py.orig -new file mode 100644 -index 0000000..589c955 ---- /dev/null -+++ b/ssg/constants.py.orig -@@ -0,0 +1,369 @@ -+from __future__ import absolute_import -+from __future__ import print_function -+ -+import datetime -+import os.path -+ -+product_directories = [ -+ 'chromium', -+ 'debian9', 'debian10', -+ 'example', -+ 'fedora', -+ 'firefox', -+ 'fuse6', -+ 'jre', -+ 'macos1015', -+ 'ocp4', -+ 'rhcos4', -+ 'ol7', 'ol8', -+ 'opensuse', -+ 'rhel7', 'rhel8', -+ 'rhosp10', 'rhosp13', -+ 'rhv4', -+ 'sle12', 'sle15', -+ 'ubuntu1604', 'ubuntu1804', 'ubuntu2004', -+ 'vsel', -+ 'wrlinux8', 'wrlinux1019' -+] -+ -+JINJA_MACROS_BASE_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname( -+ __file__)), "shared", "macros.jinja") -+JINJA_MACROS_HIGHLEVEL_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname( -+ __file__)), "shared", "macros-highlevel.jinja") -+JINJA_MACROS_ANSIBLE_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname( -+ __file__)), "shared", "macros-ansible.jinja") -+JINJA_MACROS_IGNITION_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname( -+ __file__)), "shared", "macros-ignition.jinja") -+JINJA_MACROS_KUBERNETES_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname( -+ __file__)), "shared", "macros-kubernetes.jinja") -+JINJA_MACROS_OVAL_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname( -+ __file__)), "shared", "macros-oval.jinja") -+JINJA_MACROS_BASH_DEFINITIONS = os.path.join(os.path.dirname(os.path.dirname( -+ __file__)), "shared", "macros-bash.jinja") -+ -+xml_version = """""" -+ -+datastream_namespace = "http://scap.nist.gov/schema/scap/source/1.2" -+ocil_namespace = "http://scap.nist.gov/schema/ocil/2.0" -+oval_footer = "" -+oval_namespace = "http://oval.mitre.org/XMLSchema/oval-definitions-5" -+xlink_namespace = "http://www.w3.org/1999/xlink" -+cat_namespace = "urn:oasis:names:tc:entity:xmlns:xml:catalog" -+ocil_cs = "http://scap.nist.gov/schema/ocil/2" -+xccdf_header = xml_version + "" -+xccdf_footer = "" -+bash_system = "urn:xccdf:fix:script:sh" -+ansible_system = "urn:xccdf:fix:script:ansible" -+ignition_system = "urn:xccdf:fix:script:ignition" -+kubernetes_system = "urn:xccdf:fix:script:kubernetes" -+puppet_system = "urn:xccdf:fix:script:puppet" -+anaconda_system = "urn:redhat:anaconda:pre" -+cce_uri = "https://nvd.nist.gov/cce/index.cfm" -+stig_ns = "https://public.cyber.mil/stigs/srg-stig-tools/" -+stig_refs = 'https://public.cyber.mil/stigs/' -+disa_cciuri = "https://public.cyber.mil/stigs/cci/" -+ssg_version_uri = \ -+ "https://github.com/OpenSCAP/scap-security-guide/releases/latest" -+OSCAP_VENDOR = "org.ssgproject" -+OSCAP_DS_STRING = "xccdf_%s.content_benchmark_" % OSCAP_VENDOR -+OSCAP_PROFILE = "xccdf_%s.content_profile_" % OSCAP_VENDOR -+OSCAP_GROUP = "xccdf_%s.content_group_" % OSCAP_VENDOR -+OSCAP_RULE = "xccdf_%s.content_rule_" % OSCAP_VENDOR -+OSCAP_GROUP_PCIDSS = "xccdf_%s.content_group_pcidss-req" % OSCAP_VENDOR -+OSCAP_GROUP_VAL = "xccdf_%s.content_group_values" % OSCAP_VENDOR -+OSCAP_GROUP_NON_PCI = "xccdf_%s.content_group_non-pci-dss" % OSCAP_VENDOR -+OSCAP_PATH = "oscap" -+OSCAP_PROFILE_ALL_ID = "(all)" -+XCCDF11_NS = "http://checklists.nist.gov/xccdf/1.1" -+XCCDF12_NS = "http://checklists.nist.gov/xccdf/1.2" -+min_ansible_version = "2.5" -+ansible_version_requirement_pre_task_name = \ -+ "Verify Ansible meets SCAP-Security-Guide version requirements." -+standard_profiles = ['standard', 'pci-dss', 'desktop', 'server'] -+ -+ -+OVAL_SUB_NS = dict( -+ ind="independent", -+ unix="unix", -+ linux="linux", -+) -+ -+ -+PREFIX_TO_NS = { -+ "oval-def": oval_namespace, -+ "oval": "http://oval.mitre.org/XMLSchema/oval-common-5", -+ "ds": datastream_namespace, -+ "ocil": ocil_namespace, -+ "xccdf-1.1": XCCDF11_NS, -+ "xccdf-1.2": XCCDF12_NS, -+ "xlink": xlink_namespace, -+ "cpe-dict": "http://cpe.mitre.org/dictionary/2.0", -+ "cat": cat_namespace, -+} -+ -+ -+for prefix, url_part in OVAL_SUB_NS.items(): -+ assert prefix not in PREFIX_TO_NS, \ -+ "Conflict between a namespace and OVAL sub-namespace '{prefix}'".format(prefix=prefix) -+ PREFIX_TO_NS[prefix] = "{oval_ns}#{suffix}".format(oval_ns=PREFIX_TO_NS["oval-def"], suffix=url_part) -+ -+ -+oval_header = ( -+ """ -+""" -+ .format(oval_namespace)) -+ -+timestamp = datetime.datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S") -+ -+PKG_MANAGER_TO_SYSTEM = { -+ "yum": "rpm", -+ "zypper": "rpm", -+ "dnf": "rpm", -+ "apt_get": "dpkg", -+} -+ -+PKG_MANAGER_TO_CONFIG_FILE = { -+ "yum": "/etc/yum.conf", -+ "dnf": "/etc/dnf/dnf.conf", -+ "zypper": "/etc/zypp/zypper.conf", -+} -+ -+FULL_NAME_TO_PRODUCT_MAPPING = { -+ "Chromium": "chromium", -+ "Debian 9": "debian9", -+ "Debian 10": "debian10", -+ "Example": "example", -+ "Fedora": "fedora", -+ "Firefox": "firefox", -+ "JBoss Fuse 6": "fuse6", -+ "Java Runtime Environment": "jre", -+ "Apple macOS 10.15": "macos1015", -+ "Red Hat OpenShift Container Platform 4": "ocp4", -+ "McAfee VirusScan Enterprise for Linux": "vsel", -+ "Red Hat Enterprise Linux CoreOS 4": "rhcos4", -+ "Oracle Linux 7": "ol7", -+ "Oracle Linux 8": "ol8", -+ "openSUSE": "opensuse", -+ "Red Hat Enterprise Linux 7": "rhel7", -+ "Red Hat Enterprise Linux 8": "rhel8", -+ "Red Hat OpenStack Platform 10": "rhosp10", -+ "Red Hat OpenStack Platform 13": "rhosp13", -+ "Red Hat Virtualization 4": "rhv4", -+ "SUSE Linux Enterprise 12": "sle12", -+ "SUSE Linux Enterprise 15": "sle15", -+ "Ubuntu 16.04": "ubuntu1604", -+ "Ubuntu 18.04": "ubuntu1804", -+ "Ubuntu 20.04": "ubuntu2004", -+ "WRLinux 8": "wrlinux8", -+ "WRLinux 1019": "wrlinux1019", -+} -+ -+ -+# see xccdf-addremediations.xslt <- shared_constants.xslt <- shared_shorthand2xccdf.xslt -+# if you want to know how the map was constructed -+REF_PREFIX_MAP = { -+ "nist": "NIST-800-53", -+ "cui": "NIST-800-171", -+ "pcidss": "PCI-DSS", -+ "cjis": "CJIS", -+ "stigid": "DISA-STIG", -+} -+ -+MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu", -+ "wrlinux", "opensuse", "sle", "ol", "ocp", "rhcos", "example"] -+ -+MULTI_PLATFORM_MAPPING = { -+ "multi_platform_debian": ["debian9", "debian10"], -+ "multi_platform_example": ["example"], -+ "multi_platform_fedora": ["fedora"], -+ "multi_platform_opensuse": ["opensuse"], -+ "multi_platform_ol": ["ol7", "ol8"], -+ "multi_platform_ocp": ["ocp4"], -+ "multi_platform_rhcos": ["rhcos4"], -+ "multi_platform_rhel": ["rhel7", "rhel8"], -+ "multi_platform_rhosp": ["rhosp10", "rhosp13"], -+ "multi_platform_rhv": ["rhv4"], -+ "multi_platform_sle": ["sle12", "sle15"], -+ "multi_platform_ubuntu": ["ubuntu1604", "ubuntu1804", "ubuntu2004"], -+ "multi_platform_wrlinux": ["wrlinux8", "wrlinux1019"], -+} -+ -+RHEL_CENTOS_CPE_MAPPING = { -+ "cpe:/o:redhat:enterprise_linux:6": "cpe:/o:centos:centos:6", -+ "cpe:/o:redhat:enterprise_linux:7": "cpe:/o:centos:centos:7", -+ "cpe:/o:redhat:enterprise_linux:8": "cpe:/o:centos:centos:8", -+} -+ -+RHEL_SL_CPE_MAPPING = { -+ "cpe:/o:redhat:enterprise_linux:6": "cpe:/o:scientificlinux:scientificlinux:6", -+ "cpe:/o:redhat:enterprise_linux:7": "cpe:/o:scientificlinux:scientificlinux:7", -+} -+ -+CENTOS_NOTICE = \ -+ "
\n" \ -+ "

This benchmark is a direct port of a SCAP Security Guide " \ -+ "benchmark developed for Rocky Linux. It has been " \ -+ "modified through an automated process to remove specific dependencies " \ -+ "on Rocky Linux and to function with CentOS. " \ -+ "The result is a generally useful SCAP Security Guide benchmark " \ -+ "with the following caveats:

\n" \ -+ "
    \n" \ -+ "
  • CentOS is not an exact copy of " \ -+ "Rocky Linux. There may be configuration differences " \ -+ "that produce false positives and/or false negatives. If this occurs " \ -+ "please file a bug report.
    • \n" \ -+ "\n" \ -+ "
  • CentOS has its own build system, compiler options, patchsets, " \ -+ "and is a community supported, non-commercial operating system. " \ -+ "CentOS does not inherit " \ -+ "certifications or evaluations from Rocky Linux. As " \ -+ "such, some configuration rules (such as those requiring " \ -+ "FIPS 140-2 encryption) will continue to fail on CentOS.
    • \n" \ -+ "
\n" \ -+ "\n" \ -+ "

Members of the CentOS community are invited to participate in " \ -+ "OpenSCAP and " \ -+ "" \ -+ "SCAP Security Guide development. Bug reports and patches " \ -+ "can be sent to GitHub: " \ -+ "" \ -+ "https://github.com/OpenSCAP/scap-security-guide. " \ -+ "The mailing list is at " \ -+ "" \ -+ "https://fedorahosted.org/mailman/listinfo/scap-security-guide" \ -+ ".

" \ -+ "
" -+ -+SL_NOTICE = \ -+ "
\n" \ -+ "

This benchmark is a direct port of a SCAP Security Guide " \ -+ "benchmark developed for Rocky Linux. It has been " \ -+ "modified through an automated process to remove specific dependencies " \ -+ "on Rocky Linux and to function with Scientifc Linux. " \ -+ "The result is a generally useful SCAP Security Guide benchmark " \ -+ "with the following caveats:

\n" \ -+ "
    \n" \ -+ "
  • Scientifc Linux is not an exact copy of " \ -+ "Rocky Linux. Scientific Linux is a Linux distribution " \ -+ "produced by Fermi National Accelerator Laboratory. It is a free and " \ -+ "open source operating system based on Rocky Linux and aims " \ -+ "to be \"as close to the commercial enterprise distribution as we can get it.\" " \ -+ "There may be configuration differences that produce false positives and/or " \ -+ "false negatives. If this occurs please file a bug report.
    • \n" \ -+ "\n" \ -+ "
  • Scientifc Linux is derived from the free and open source software " \ -+ "made available by Red Hat, but it is not produced, maintained or supported by Red Hat. " \ -+ "Scientifc Linux has its own build system, compiler options, patchsets, " \ -+ "and is a community supported, non-commercial operating system. " \ -+ "Scientifc Linux does not inherit " \ -+ "certifications or evaluations from Rocky Linux. As " \ -+ "such, some configuration rules (such as those requiring " \ -+ "FIPS 140-2 encryption) will continue to fail on Scientifc Linux.
    • \n" \ -+ "
\n" \ -+ "\n" \ -+ "

Members of the Scientifc Linux community are invited to participate in " \ -+ "OpenSCAP and " \ -+ "" \ -+ "SCAP Security Guide development. Bug reports and patches " \ -+ "can be sent to GitHub: " \ -+ "" \ -+ "https://github.com/OpenSCAP/scap-security-guide. " \ -+ "The mailing list is at " \ -+ "" \ -+ "https://fedorahosted.org/mailman/listinfo/scap-security-guide" \ -+ ".

" \ -+ "
" -+ -+XCCDF_REFINABLE_PROPERTIES = ["weight", "severity", "role", "selector"] -+ -+OVAL_TO_XCCDF_DATATYPE_CONSTRAINTS = { -+ 'int': 'number', -+ 'float': 'number', -+ 'boolean': 'boolean', -+ 'string': 'string', -+ 'evr_string': 'string', -+ 'version': 'string', -+ 'ios_version': 'string', -+ 'fileset_revision': 'string', -+ 'binary': 'string' -+} -+ -+OVALTAG_TO_ABBREV = { -+ 'definition': 'def', -+ 'criteria': 'crit', -+ 'test': 'tst', -+ 'object': 'obj', -+ 'state': 'ste', -+ 'variable': 'var', -+} -+ -+OCILTAG_TO_ABBREV = { -+ 'questionnaire': 'questionnaire', -+ 'action': 'testaction', -+ 'question': 'question', -+ 'artifact': 'artifact', -+ 'variable': 'variable', -+} -+ -+OVALREFATTR_TO_TAG = { -+ "definition_ref": "definition", -+ "test_ref": "test", -+ "object_ref": "object", -+ "state_ref": "state", -+ "var_ref": "variable", -+} -+ -+OCILREFATTR_TO_TAG = { -+ "question_ref": "question", -+} -+ -+# Default platform to package mapping -+XCCDF_PLATFORM_TO_PACKAGE = { -+ "grub2": "grub2-common", -+ "login_defs": "login", -+ "sssd": "sssd-common", -+ "zipl": "s390utils-base", -+ "sssd-ldap": None, # Force package check wrapping skip -+ "uefi": None, -+ "non-uefi": None, -+ "not_s390x_arch": None, -+} -+ -+# _version_name_map = { -+MAKEFILE_ID_TO_PRODUCT_MAP = { -+ 'chromium': 'Google Chromium Browser', -+ 'fedora': 'Fedora', -+ 'firefox': 'Mozilla Firefox', -+ 'jre': 'Java Runtime Environment', -+ 'macos': 'Apple macOS', -+ 'rhosp': 'Red Hat OpenStack Platform', -+ 'rhel': 'Red Hat Enterprise Linux', -+ 'rhv': 'Red Hat Virtualization', -+ 'debian': 'Debian', -+ 'ubuntu': 'Ubuntu', -+ 'eap': 'JBoss Enterprise Application Platform', -+ 'fuse': 'JBoss Fuse', -+ 'opensuse': 'openSUSE', -+ 'sle': 'SUSE Linux Enterprise', -+ 'vsel': 'McAfee VirusScan Enterprise for Linux', -+ 'wrlinux': 'WRLinux', -+ 'example': 'Example Linux Content', -+ 'ol': 'Oracle Linux', -+ 'ocp': 'Red Hat OpenShift Container Platform', -+ 'rhcos': 'Red Hat Enterprise Linux CoreOS', -+} -+ -+ -+# Application constants -+DEFAULT_UID_MIN = 1000 -diff --git a/tests/ocp4e2e/vendor/github.com/googleapis/gnostic/compiler/README.md b/tests/ocp4e2e/vendor/github.com/googleapis/gnostic/compiler/README.md -index 848b16c..803cf4e 100644 ---- a/tests/ocp4e2e/vendor/github.com/googleapis/gnostic/compiler/README.md -+++ b/tests/ocp4e2e/vendor/github.com/googleapis/gnostic/compiler/README.md -@@ -1,3 +1,3 @@ - # Compiler support code - --This directory contains compiler support code used by Gnostic and Gnostic extensions. -\ No newline at end of file -+This directory contains compiler support code used by Gnostic and Gnostic extensions. -diff --git a/tests/ocp4e2e/vendor/github.com/imdario/mergo/.deepsource.toml b/tests/ocp4e2e/vendor/github.com/imdario/mergo/.deepsource.toml -index 8a0681a..e897cf2 100644 ---- a/tests/ocp4e2e/vendor/github.com/imdario/mergo/.deepsource.toml -+++ b/tests/ocp4e2e/vendor/github.com/imdario/mergo/.deepsource.toml -@@ -9,4 +9,4 @@ name = "go" - enabled = true - - [analyzers.meta] -- import_path = "github.com/imdario/mergo" -\ No newline at end of file -+ import_path = "github.com/imdario/mergo" -diff --git a/tests/ocp4e2e/vendor/github.com/json-iterator/go/fuzzy_mode_convert_table.md b/tests/ocp4e2e/vendor/github.com/json-iterator/go/fuzzy_mode_convert_table.md -index 3095662..81d75ab 100644 ---- a/tests/ocp4e2e/vendor/github.com/json-iterator/go/fuzzy_mode_convert_table.md -+++ b/tests/ocp4e2e/vendor/github.com/json-iterator/go/fuzzy_mode_convert_table.md -@@ -4,4 +4,4 @@ - | string | empty string => false
string "0" => false
other strings => true | "123.32" => 123
"-123.4" => -123
"123.23xxxw" => 123
"abcde12" => 0
"-32.1" => -32| 13.2 => 13
-1.1 => 0 |12.1 => 12.1
-12.3 => -12.3
12.4xxa => 12.4
+1.1e2 =>110 |same as origin| - | bool | true => true
false => false| true => 1
false => 0 | true => 1
false => 0 |true => 1
false => 0|true => "true"
false => "false"| - | object | true | 0 | 0 |0|originnal json| --| array | empty array => false
nonempty array => true| [] => 0
[1,2] => 1 | [] => 0
[1,2] => 1 |[] => 0
[1,2] => 1|original json| -\ No newline at end of file -+| array | empty array => false
nonempty array => true| [] => 0
[1,2] => 1 | [] => 0
[1,2] => 1 |[] => 0
[1,2] => 1|original json| -diff --git a/tests/ocp4e2e/vendor/github.com/modern-go/concurrent/README.md b/tests/ocp4e2e/vendor/github.com/modern-go/concurrent/README.md -index acab320..16413f7 100644 ---- a/tests/ocp4e2e/vendor/github.com/modern-go/concurrent/README.md -+++ b/tests/ocp4e2e/vendor/github.com/modern-go/concurrent/README.md -@@ -46,4 +46,4 @@ fmt.Println("executor stopped") - attach goroutine to executor instance, so that we can - - * cancel it by stop the executor with Stop/StopAndWait/StopAndWaitForever --* handle panic by callback: the default behavior will no longer crash your application -\ No newline at end of file -+* handle panic by callback: the default behavior will no longer crash your application -diff --git a/tests/ocp4e2e/vendor/github.com/modern-go/concurrent/log.go b/tests/ocp4e2e/vendor/github.com/modern-go/concurrent/log.go -index 9756fcc..5e8f46a 100644 ---- a/tests/ocp4e2e/vendor/github.com/modern-go/concurrent/log.go -+++ b/tests/ocp4e2e/vendor/github.com/modern-go/concurrent/log.go -@@ -10,4 +10,4 @@ import ( - var ErrorLogger = log.New(os.Stderr, "", 0) - - // InfoLogger is used to print informational message, default to off --var InfoLogger = log.New(ioutil.Discard, "", 0) -\ No newline at end of file -+var InfoLogger = log.New(ioutil.Discard, "", 0) -diff --git a/tests/ocp4e2e/vendor/github.com/modern-go/reflect2/README.md b/tests/ocp4e2e/vendor/github.com/modern-go/reflect2/README.md -index 6f968aa..9a3e7f4 100644 ---- a/tests/ocp4e2e/vendor/github.com/modern-go/reflect2/README.md -+++ b/tests/ocp4e2e/vendor/github.com/modern-go/reflect2/README.md -@@ -68,4 +68,4 @@ Instead of casting `[]byte` to `sliceHeader` in your application using unsafe. - We can use reflect2 instead. This way, if `sliceHeader` changes in the future, - only reflect2 need to be upgraded. - --reflect2 tries its best to keep the implementation same as reflect (by testing). -\ No newline at end of file -+reflect2 tries its best to keep the implementation same as reflect (by testing). -diff --git a/tests/unit/kubernetes/vendor/github.com/vincent-petithory/dataurl/wercker.yml b/tests/unit/kubernetes/vendor/github.com/vincent-petithory/dataurl/wercker.yml -index 3ab8084..7c64bf0 100644 ---- a/tests/unit/kubernetes/vendor/github.com/vincent-petithory/dataurl/wercker.yml -+++ b/tests/unit/kubernetes/vendor/github.com/vincent-petithory/dataurl/wercker.yml -@@ -1 +1 @@ --box: wercker/default -\ No newline at end of file -+box: wercker/default -diff --git a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml -index 8d79d10..61b7976 100644 ---- a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml -+++ b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml -@@ -19,7 +19,7 @@ oval_external_content: null - platform: machine - # TODO: Make Rule get this from group, so it can be saved here - # platform: null --prodtype: rhel7,rhel8,fedora,ol7,ol8 -+prodtype: rhel7,rhel8,rl8,fedora,ol7,ol8 - rationale: Only root should be able to modify important boot parameters. - references: {cis: 1.4.1, cis-csc: '12,13,14,15,16,18,3,5', cjis: 5.5.2.2, cobit5: 'APO01.06,DSS05.04,DSS05.07,DSS06.02', - cui: 3.4.5, disa: 'CCI-000225', hipaa: '164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)', -diff --git a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml -index 08d2749..4d8fb4e 100644 ---- a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml -+++ b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml -@@ -13,7 +13,7 @@ ocil: 'Check the file /etc/selinux/config and ensure the following line - ocil_clause: SELINUX is not set to enforcing - oval_external_content: null - platform: machine --prodtype: rhel7,rhel8,fedora,ol7,ol8,rhv4 -+prodtype: rhel7,rhel8,rl8,fedora,ol7,ol8,rhv4 - rationale: 'Setting the SELinux state to enforcing ensures SELinux is able to confine - - potentially compromised processes to the security policy, which is designed to --- -2.24.3 (Apple Git-128) - diff --git a/package/0.1.54/SOURCES/0001-scap-security-guide-0.1.54-rocky8-support.patch b/package/0.1.54/SOURCES/0001-scap-security-guide-0.1.54-rocky8-support.patch new file mode 100644 index 00000000..e1eb4906 --- /dev/null +++ b/package/0.1.54/SOURCES/0001-scap-security-guide-0.1.54-rocky8-support.patch @@ -0,0 +1,27241 @@ +diff -ruN scap-security-guide-0.1.54/build_product b/build_product +--- scap-security-guide-0.1.54/build_product 2021-02-03 05:54:09.000000000 -0500 ++++ b/build_product 2021-08-21 16:22:39.497069200 -0400 +@@ -294,6 +294,7 @@ + VSEL + WRLINUX8 + WRLINUX1019 ++ ROCKY8 + ) + + DEFAULT_OVAL_MAJOR_VERSION=5 +diff -ruN scap-security-guide-0.1.54/CMakeLists.txt b/CMakeLists.txt +--- scap-security-guide-0.1.54/CMakeLists.txt 2021-02-03 05:54:09.000000000 -0500 ++++ b/CMakeLists.txt 2021-08-21 16:28:59.467367345 -0400 +@@ -87,6 +87,8 @@ + option(SSG_PRODUCT_VSEL "If enabled, the McAfee VSEL SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_WRLINUX8 "If enabled, the WRLinux8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_WRLINUX1019 "If enabled, the WRLinux1019 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) ++option(SSG_PRODUCT_ROCKY8 "If enabled, the ROCKY8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) ++ + + option(SSG_CENTOS_DERIVATIVES_ENABLED "If enabled, CentOS derivative content will be built from the RHEL content" TRUE) + option(SSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED "If enabled, Scientific Linux derivative content will be built from the RHEL content" TRUE) +@@ -267,6 +269,8 @@ + message(STATUS "McAfee VSEL: ${SSG_PRODUCT_VSEL}") + message(STATUS "WRLinux 8: ${SSG_PRODUCT_WRLINUX8}") + message(STATUS "WRLinux 1019: ${SSG_PRODUCT_WRLINUX1019}") ++message(STATUS "ROCKY 8: ${SSG_PRODUCT_ROCKY8}") ++ + + + +@@ -386,6 +390,10 @@ + if (SSG_PRODUCT_WRLINUX1019) + add_subdirectory("wrlinux1019") + endif() ++if (SSG_PRODUCT_ROCKY8) ++ add_subdirectory("rl8" "rl8") ++endif() ++ + + # ZIP only contains source datastreams and kickstarts, people who + # want sources to build from should get the tarball instead. +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml 2021-08-21 16:25:39.884059180 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Check Avahi Responses'' TTL Field' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml 2021-08-21 16:25:39.879059097 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Serve Avahi Only via Required Protocol' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml 2021-08-21 16:25:39.882059147 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Prevent Other Programs from Using Avahi''s Port' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml 2021-08-21 16:25:39.883059163 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Restrict Information Published by Avahi' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml 2021-08-21 16:25:39.889059263 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Disable Avahi Server Software' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/package_abrt_removed/rule.yml b/linux_os/guide/services/base/package_abrt_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/package_abrt_removed/rule.yml 2021-08-21 16:35:51.169191450 -0400 ++++ b/linux_os/guide/services/base/package_abrt_removed/rule.yml 2021-08-21 16:25:39.157047129 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall Automatic Bug Reporting Tool (abrt)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/package_psacct_installed/rule.yml b/linux_os/guide/services/base/package_psacct_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/package_psacct_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/package_psacct_installed/rule.yml 2021-08-21 16:25:39.169047328 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Install the psacct package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_abrtd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml 2021-08-21 16:25:39.173047395 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable Automatic Bug Reporting Tool (abrtd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_acpid_disabled/rule.yml b/linux_os/guide/services/base/service_acpid_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_acpid_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_acpid_disabled/rule.yml 2021-08-21 16:25:39.159047163 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Advanced Configuration and Power Interface (acpid)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_certmonger_disabled/rule.yml b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_certmonger_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml 2021-08-21 16:25:39.165047262 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Certmonger Service (certmonger)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_cockpit_disabled/rule.yml b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_cockpit_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml 2021-08-21 16:25:39.168047312 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable Cockpit Management Server' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_cpupower_disabled/rule.yml b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_cpupower_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml 2021-08-21 16:25:39.175047428 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable CPU Speed (cpupower)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda 2021-08-21 16:25:39.172047378 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol + + kdump --disable +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_kdump_disabled/rule.yml 2021-08-21 16:35:51.169191450 -0400 ++++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml 2021-08-21 16:25:39.171047361 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Disable KDump Kernel Crash Analyzer (kdump)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml 2021-08-21 16:25:39.180047511 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Software RAID Monitor (mdmonitor)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_netconsole_disabled/rule.yml b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_netconsole_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml 2021-08-21 16:25:39.154047080 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Network Console (netconsole)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml 2021-08-21 16:25:39.162047212 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable ntpdate Service (ntpdate)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml 2021-08-21 16:25:39.174047411 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable Odd Job Daemon (oddjobd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_portreserve_disabled/rule.yml b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_portreserve_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml 2021-08-21 16:25:39.164047245 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Portreserve (portreserve)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_psacct_enabled/rule.yml b/linux_os/guide/services/base/service_psacct_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_psacct_enabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_psacct_enabled/rule.yml 2021-08-21 16:25:39.155047096 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable Process Accounting (psacct)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_qpidd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml 2021-08-21 16:25:39.152047046 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Apache Qpid (qpidd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml 2021-08-21 16:25:39.178047477 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Quota Netlink (quota_nld)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_rdisc_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml 2021-08-21 16:25:39.150047013 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable Network Router Discovery Daemon (rdisc)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml 2021-08-21 16:25:39.179047494 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Red Hat Network Service (rhnsd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml 2021-08-21 16:25:39.148046980 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Red Hat Subscription Manager Daemon (rhsmcertd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml 2021-08-21 16:25:39.160047179 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Cyrus SASL Authentication Daemon (saslauthd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/base/service_sysstat_disabled/rule.yml b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/base/service_sysstat_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml 2021-08-21 16:25:39.158047146 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable System Statistics Reset Service (sysstat)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml 2021-08-21 16:25:39.860058782 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable anacron Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml 2021-08-21 16:25:39.832058318 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.d' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml 2021-08-21 16:25:39.856058716 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.daily' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml 2021-08-21 16:25:39.799057771 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.hourly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml 2021-08-21 16:25:39.842058484 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.monthly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml 2021-08-21 16:25:39.872058981 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Group Who Owns Crontab' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml 2021-08-21 16:25:39.876059047 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Group Who Owns cron.weekly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml 2021-08-21 16:25:39.828058252 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Owner on cron.d' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml 2021-08-21 16:25:39.804057854 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Owner on cron.daily' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml 2021-08-21 16:25:39.811057970 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Owner on cron.hourly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml 2021-08-21 16:25:39.845058533 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Owner on cron.monthly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml 2021-08-21 16:25:39.849058599 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Owner on crontab' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml 2021-08-21 16:25:39.807057904 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Owner on cron.weekly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml 2021-08-21 16:25:39.791057638 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Permissions on cron.d' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml 2021-08-21 16:25:39.853058666 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Permissions on cron.daily' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml 2021-08-21 16:25:39.795057705 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Permissions on cron.hourly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml 2021-08-21 16:25:39.818058086 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Permissions on cron.monthly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml 2021-08-21 16:25:39.815058036 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Permissions on crontab' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml 2021-08-21 16:25:39.837058401 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify Permissions on cron.weekly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml 2021-08-21 16:25:39.862058815 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Verify Group Who Owns /etc/cron.allow file' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml 2021-08-21 16:25:39.867058898 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Verify User Who Owns /etc/cron.allow file' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml 2021-08-21 16:25:39.824058185 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable At Service (atd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml 2021-08-21 16:25:39.835058367 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Enable cron Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml 2021-08-21 16:25:40.235064998 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure Logging' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml 2021-08-21 16:25:40.236065014 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Deny BOOTP Queries' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml 2021-08-21 16:25:40.233064965 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Deny Decline Messages' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml 2021-08-21 16:25:40.234064981 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Do Not Use Dynamic DNS' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml 2021-08-21 16:25:40.223064799 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable DHCP Client in ifcfg' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml 2021-08-21 16:25:40.229064898 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Uninstall DHCP Server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml 2021-08-21 16:25:40.228064882 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable DHCP Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml 2021-08-21 16:25:40.063062147 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Uninstall bind Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml 2021-08-21 16:25:40.062062130 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable named Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml 2021-08-21 16:25:40.066062197 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Authenticate Zone Transfers' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml 2021-08-21 16:25:40.071062279 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Dynamic Updates' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml 2021-08-21 16:25:40.067062213 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Zone Transfers from the Nameserver' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml b/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/docker/docker_selinux_enabled/rule.yml 2021-08-21 16:25:40.081062445 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ensure SELinux support is enabled in Docker' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml 2021-08-21 16:35:51.206192063 -0400 ++++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml 2021-08-21 16:25:39.917059727 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Install fapolicyd Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml 2021-08-21 16:35:51.169191450 -0400 ++++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml 2021-08-21 16:25:39.916059710 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol8,rhel8 ++prodtype: rhcos4,ol8,rhel8,rl8 + + title: 'Enable the File Access Policy Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml 2021-08-21 16:35:51.169191450 -0400 ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml 2021-08-21 16:25:39.913059661 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Uninstall vsftpd Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml 2021-08-21 16:25:39.911059627 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable vsftpd Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml 2021-08-21 16:25:39.904059511 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable FTP Uploads if Possible' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml 2021-08-21 16:25:39.910059611 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Place the FTP Home Directory on its Own Partition' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml 2021-08-21 16:25:39.901059461 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Enable Logging of All FTP Transactions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml 2021-08-21 16:35:51.120190638 -0400 ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml 2021-08-21 16:25:39.898059412 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle12 ++prodtype: fedora,rhel7,rhel8,rl8,sle12 + + title: 'Create Warning Banners for All FTP Users' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml 2021-08-21 16:25:39.907059561 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Restrict Access to Anonymous Users if Possible' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml 2021-08-21 16:25:39.895059362 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Install vsftpd Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml 2021-08-21 16:25:39.927059893 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Uninstall httpd Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml 2021-08-21 16:25:39.928059909 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable httpd Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml 2021-08-21 16:25:39.952060307 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure Error Log Format' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml 2021-08-21 16:25:39.996061036 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure The Number of Allowed Simultaneous Requests' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml 2021-08-21 16:25:39.947060224 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Scan All Uploaded Content for Malicious Software' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml 2021-08-21 16:25:39.949060257 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure firewall to Allow Access to the Web Server' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml 2021-08-21 16:25:39.948060241 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ensure Remote Administrative Access Is Encrypted' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml 2021-08-21 16:25:39.936060042 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Set Permissions on the /etc/httpd/conf/ Directory' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml 2021-08-21 16:25:39.941060124 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Set Permissions on the /var/log/httpd/ Directory' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml 2021-08-21 16:25:39.943060158 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml 2021-08-21 16:25:39.933059992 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf/' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml 2021-08-21 16:25:39.931059959 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml 2021-08-21 16:25:39.939060092 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'HTTPD Log Files Must Be Owned By Root' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml 2021-08-21 16:25:40.029061583 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure HTTP PERL Scripts To Use TAINT Option' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml 2021-08-21 16:25:40.013061318 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Web Content Directories Must Not Be Shared Anonymously' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml 2021-08-21 16:25:40.014061335 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Remove Write Permissions From Filesystem Paths And Server Scripts' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml 2021-08-21 16:25:40.006061202 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Anonymous FTP Access' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml 2021-08-21 16:25:40.009061252 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ignore HTTPD .htaccess Files' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml 2021-08-21 16:25:40.007061218 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Limit Available Methods' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml 2021-08-21 16:25:40.010061268 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Restrict Other Critical Directories' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml 2021-08-21 16:25:40.015061351 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Restrict Root Directory' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml 2021-08-21 16:25:40.012061301 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Restrict Web Directory' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml 2021-08-21 16:25:39.997061053 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'MIME types for csh or sh shell programs must be disabled' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml 2021-08-21 16:25:40.002061136 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable HTTPD Error Logging' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml 2021-08-21 16:25:39.953060324 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable HTTPD LogLevel' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml 2021-08-21 16:25:39.979060755 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable HTTPD System Logging' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml 2021-08-21 16:25:40.027061550 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'The web server password(s) must be entrusted to the SA or Web Manager' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml 2021-08-21 16:25:39.960060439 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Cache Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml 2021-08-21 16:25:39.962060473 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable CGI Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml 2021-08-21 16:25:39.963060489 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable HTTP Digest Authentication' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml 2021-08-21 16:25:39.975060688 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable log_config_module For HTTPD Logging' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml 2021-08-21 16:25:39.970060605 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable LDAP Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml 2021-08-21 16:25:39.974060672 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable MIME Magic' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml 2021-08-21 16:25:39.969060589 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable HTTP mod_rewrite' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml 2021-08-21 16:25:39.968060572 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Proxy Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml 2021-08-21 16:25:39.971060622 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Server Activity Status' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml 2021-08-21 16:25:39.977060721 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Web Server Configuration Display' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml 2021-08-21 16:25:39.973060655 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Server Side Includes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml 2021-08-21 16:25:39.958060406 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable URL Correction on Misspelled Entries' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml 2021-08-21 16:25:39.959060423 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable WebDAV (Distributed Authoring and Versioning)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml 2021-08-21 16:25:39.991060953 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Install mod_security' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml 2021-08-21 16:25:39.985060854 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable Transport Layer Security (TLS) Encryption' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml 2021-08-21 16:25:39.987060887 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure A Valid Server Certificate' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml 2021-08-21 16:25:39.988060904 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Install mod_ssl' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml 2021-08-21 16:25:39.986060870 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Require Client Certificates' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml 2021-08-21 16:25:40.030061600 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ extension' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml 2021-08-21 16:25:39.980060771 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Installation of a compiler on production web server is prohibited' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml 2021-08-21 16:25:40.003061152 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'A private web server must be located on a separate controlled access subnet' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml 2021-08-21 16:25:39.992060970 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Public web server resources must not be shared with private assets' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml 2021-08-21 16:25:39.981060787 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Backup interactive scripts on the production web server are prohibited' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml 2021-08-21 16:25:39.998061069 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Set httpd ServerSignature Directive to Off' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml 2021-08-21 16:25:40.001061119 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Set httpd ServerTokens Directive to Prod' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml 2021-08-21 16:25:40.026061533 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure A Banner Page For Each Website' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml 2021-08-21 16:25:40.024061500 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Each Web Content Directory Must Contain An index.html File' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml 2021-08-21 16:25:40.023061484 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Web Content Symbolic Links' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml 2021-08-21 16:25:40.020061434 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Encrypt All File Uploads' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml 2021-08-21 16:25:40.022061467 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Remove .java And .jpp Files' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml 2021-08-21 16:25:40.017061384 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'The robots.txt Files Must Not Exist' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml 2021-08-21 16:25:40.021061451 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ensure Web Content Located on Separate partition' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml 2021-08-21 16:25:40.112062959 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure Dovecot to Use the SSL Certificate file' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml 2021-08-21 16:25:40.105062843 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure Dovecot to Use the SSL Key file' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml 2021-08-21 16:25:40.110062926 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Plaintext Authentication' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml 2021-08-21 16:25:40.107062876 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the SSL flag in /etc/dovecot.conf' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml 2021-08-21 16:25:40.100062760 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Uninstall dovecot Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml 2021-08-21 16:25:40.098062727 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable Dovecot Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml 2021-08-21 16:25:40.089062578 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Remove the Kerberos Server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml 2021-08-21 16:25:39.607054588 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8 ++prodtype: rhcos4,rhel7,rhel8,rl8 + + title: 'Uninstall 389-ds-base Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml 2021-08-21 16:25:39.621054820 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the LDAP Client For Use in Authconfig' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh 2021-08-21 16:25:39.610054638 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml 2021-08-21 16:25:39.612054671 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Configure LDAP Client to Use TLS For All Transactions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml 2021-08-21 16:25:39.618054771 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure Certificate Directives for LDAP Use of TLS' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml 2021-08-21 16:25:39.617054754 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Ensure LDAP client is not installed' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml 2021-08-21 16:25:39.623054854 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Uninstall openldap-servers Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/mail/package_sendmail_removed/rule.yml 2021-08-21 16:35:51.169191450 -0400 ++++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml 2021-08-21 16:25:40.291065926 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Uninstall Sendmail Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml 2021-08-21 16:25:40.273065628 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh 2021-08-21 16:25:40.265065495 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml 2021-08-21 16:25:40.266065512 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable Postfix Network Listening' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml 2021-08-21 16:25:40.246065180 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure SMTP Greeting Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml 2021-08-21 16:35:51.198191931 -0400 ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml 2021-08-21 16:25:40.258065379 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 + + title: 'Prevent Unrestricted Mail Relaying' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/mail/service_postfix_enabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml 2021-08-21 16:25:40.289065893 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Enable Postfix Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml 2021-08-21 16:25:39.669055616 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable Network File System Lock Service (nfslock)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml 2021-08-21 16:25:39.668055599 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable rpcbind Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml 2021-08-21 16:25:39.667055583 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable Secure RPC Client Service (rpcgssd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml 2021-08-21 16:25:39.664055533 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable RPC ID Mapping Service (rpcidmapd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml 2021-08-21 16:25:39.679055782 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure lockd to use static TCP port' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml 2021-08-21 16:25:39.676055732 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure lockd to use static UDP port' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml 2021-08-21 16:25:39.680055798 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure mountd to use static port' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml 2021-08-21 16:25:39.677055748 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure statd to use static port' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml 2021-08-21 16:25:39.658055434 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Specify UID and GID for Anonymous NFS Connections' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml 2021-08-21 16:25:39.660055467 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle15 ++prodtype: fedora,rhel7,rhel8,rl8,sle15 + + title: 'Disable Network File System (nfs)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml 2021-08-21 16:25:39.661055483 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable Secure RPC Server Service (rpcsvcgssd)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml 2021-08-21 16:25:39.649055285 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 + + title: 'Mount Remote Filesystems with Kerberos Security' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml 2021-08-21 16:35:51.204192030 -0400 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml 2021-08-21 16:25:39.656055401 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Mount Remote Filesystems with nodev' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml 2021-08-21 16:35:51.198191931 -0400 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml 2021-08-21 16:25:39.643055185 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Mount Remote Filesystems with noexec' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml 2021-08-21 16:35:51.198191931 -0400 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml 2021-08-21 16:25:39.655055384 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Mount Remote Filesystems with nosuid' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml 2021-08-21 16:25:39.630054970 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Ensure Insecure File Locking is Not Allowed' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml 2021-08-21 16:25:39.638055102 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Restrict NFS Clients to Privileged Ports' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml 2021-08-21 16:25:39.627054920 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Use Kerberos Security on All Exports' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml 2021-08-21 16:25:39.636055069 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Use Root-Squashing on All Exports' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml 2021-08-21 16:25:39.673055682 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall nfs-utils Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh 2021-08-21 16:25:39.599054456 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Include source function library + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml 2021-08-21 16:25:39.606054572 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_client_only/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml 2021-08-21 16:25:39.600054472 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Disable chrony daemon from acting as server' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh 2021-08-21 16:25:39.583054191 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Include source function library + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml 2021-08-21 16:25:39.590054307 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml 2021-08-21 16:25:39.584054207 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Disable network management of chrony daemon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh 2021-08-21 16:25:39.555053726 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_time_service_set_maxpoll") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml 2021-08-21 16:35:51.198191931 -0400 ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml 2021-08-21 16:25:39.556053743 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Configure Time Service Maxpoll Interval' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml 2021-08-21 16:25:39.530053312 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Specify Additional Remote NTP Servers' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml 2021-08-21 16:25:39.534053378 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Specify a Remote NTP Server' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml 2021-08-21 16:25:39.543053528 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,fedora,sle15 ++prodtype: rhel7,rhel8,rl8,fedora,sle15 + + title: 'Ensure that chronyd is running under chrony user account' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml 2021-08-21 16:25:39.597054422 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Enable the NTP Daemon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml 2021-08-21 16:25:40.125063175 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Uninstall xinetd Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml 2021-08-21 16:25:40.132063290 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Disable xinetd Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml 2021-08-21 16:25:40.167063871 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Remove NIS Client' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml 2021-08-21 16:25:40.168063887 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Uninstall ypserv Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml 2021-08-21 16:25:40.169063904 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable ypbind Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh 2021-08-21 16:25:40.156063688 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol + + # Identify local mounts + MOUNT_LIST=$(df --local | awk '{ print $6 }') +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml 2021-08-21 16:25:40.157063705 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Remove Host-Based Authentication Files' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml 2021-08-21 16:25:40.155063672 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh 2021-08-21 16:25:40.151063606 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + find /home -maxdepth 2 -type f -name .rhosts -exec rm -f '{}' \; + + if [ -f /etc/hosts.equiv ]; then +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh 2021-08-21 16:25:40.146063523 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol + + # Identify local mounts + MOUNT_LIST=$(df --local | awk '{ print $6 }') +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml 2021-08-21 16:25:40.147063539 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Remove User Host-Based Authentication Files' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml 2021-08-21 16:25:40.163063804 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Uninstall rsh Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml 2021-08-21 16:35:51.170191466 -0400 ++++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml 2021-08-21 16:25:40.162063788 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Uninstall rsh-server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml 2021-08-21 16:25:40.160063755 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable rexec Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml 2021-08-21 16:25:40.164063821 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable rlogin Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml 2021-08-21 16:25:40.161063771 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable rsh Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml 2021-08-21 16:25:40.117063042 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,rhcos4,sle15 ++prodtype: rhel7,ol7,rhel8,rl8,ol8,fedora,rhv4,rhcos4,sle15 + + title: 'Ensure rsyncd service is diabled' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml 2021-08-21 16:25:40.188064219 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Uninstall talk Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml 2021-08-21 16:25:40.186064186 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Uninstall talk-server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml 2021-08-21 16:25:40.124063158 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Remove telnet Clients' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml 2021-08-21 16:35:51.170191466 -0400 ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml 2021-08-21 16:25:40.123063141 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Uninstall telnet-server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml 2021-08-21 16:25:40.120063092 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable telnet Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml 2021-08-21 16:25:40.181064103 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Remove tftp Daemon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml 2021-08-21 16:35:51.170191466 -0400 ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml 2021-08-21 16:25:40.184064152 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Uninstall tftp-server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml 2021-08-21 16:25:40.183064136 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable tftp Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml 2021-08-21 16:35:51.170191466 -0400 ++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml 2021-08-21 16:25:40.172063954 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure tftp Daemon Uses Secure Mode' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml 2021-08-21 16:25:39.498052782 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Printer Browsing Entirely if Possible' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml 2021-08-21 16:25:39.496052748 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Print Server Capabilities' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/printing/service_cups_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml 2021-08-21 16:25:39.493052699 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable the CUPS Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml 2021-08-21 16:25:39.922059810 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall squid Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml 2021-08-21 16:25:39.919059760 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Disable Squid' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/radius/package_freeradius_removed/rule.yml b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/radius/package_freeradius_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml 2021-08-21 16:25:40.116063025 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Remove the FreeRadius Server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/rng/service_rngd_enabled/rule.yml 2021-08-21 16:35:51.170191466 -0400 ++++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml 2021-08-21 16:25:40.218064716 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Enable the Hardware RNG Entropy Gatherer Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml 2021-08-21 16:25:40.309066224 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall quagga Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml 2021-08-21 16:25:40.307066191 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable Quagga Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml 2021-08-21 16:25:39.182047544 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Require Client SMB Packet Signing, if using mount.cifs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml 2021-08-21 16:25:39.193047726 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Install the Samba Common Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml 2021-08-21 16:25:39.189047660 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh 2021-08-21 16:25:39.186047610 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + ###################################################################### + #By Luke "Brisk-OH" Brisk + #luke.brisk@boeing.com or luke.brisk@gmail.com +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml 2021-08-21 16:25:39.187047626 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Require Client SMB Packet Signing, if using smbclient' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml 2021-08-21 16:25:39.191047693 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Root Access to SMB Shares' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml 2021-08-21 16:25:39.197047792 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Uninstall Samba Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml 2021-08-21 16:25:39.196047776 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,rl8,sle15 + + title: 'Disable Samba' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml 2021-08-21 16:25:40.215064666 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Uninstall net-snmp Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml 2021-08-21 16:25:40.217064700 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,rhel7,rhel8,sle15 ++prodtype: debian10,debian9,rhel7,rhel8,rl8,sle15 + + title: 'Disable snmpd Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml 2021-08-21 16:25:40.211064600 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Ensure SNMP Read Write is disabled' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml 2021-08-21 16:25:40.194064318 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 + + title: 'Ensure Default SNMP Password Is Not Used' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml 2021-08-21 16:25:40.212064617 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure SNMP Service to Use Only SNMPv3 or Newer' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml 2021-08-21 16:25:39.205047925 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15,rhcos4 + + title: 'Verify Group Who Owns SSH Server config file' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml 2021-08-21 16:25:39.484052550 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15,rhcos4 + + title: 'Verify Owner on SSH Server config file' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml 2021-08-21 16:25:39.202047875 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 ++prodtype: rhel7,rhel8,rl8,rhv4,sle15,rhcos4 + + title: 'Verify Permissions on SSH Server config file' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml 2021-08-21 16:25:39.470052317 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Remove SSH Server firewalld Firewall exception (Unusual)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml 2021-08-21 16:25:39.490052649 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,rl8 + + title: 'Install OpenSSH client software' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml 2021-08-21 16:35:51.206192063 -0400 ++++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml 2021-08-21 16:25:39.477052434 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 ++prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 + + title: 'Install the OpenSSH Server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml 2021-08-21 16:25:39.472052351 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 ++prodtype: debian10,debian9,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8 + + title: 'Remove the OpenSSH Server Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml 2021-08-21 16:35:51.170191466 -0400 ++++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml 2021-08-21 16:25:39.479052467 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Enable the OpenSSH Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml 2021-08-21 16:25:39.218048140 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,rl8 + + title: 'SSH client uses strong entropy to seed (for CSH like shells)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml 2021-08-21 16:25:39.228048306 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,rl8 + + title: 'SSH client uses strong entropy to seed (Bash-like shells)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml 2021-08-21 16:25:39.469052301 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml 2021-08-21 16:25:39.257048787 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Enable SSH Server firewalld Firewall Exception' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml 2021-08-21 16:25:39.451052003 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh 2021-08-21 16:25:39.444051886 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml 2021-08-21 16:35:51.120190638 -0400 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml 2021-08-21 16:25:39.435051737 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh 2021-08-21 16:25:39.425051571 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml 2021-08-21 16:25:39.358050461 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh 2021-08-21 16:25:39.355050411 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml 2021-08-21 16:25:39.412051356 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml 2021-08-21 16:25:39.334050063 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh 2021-08-21 16:25:39.326049931 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml 2021-08-21 16:35:51.159191284 -0400 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml 2021-08-21 16:25:39.307049616 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019,wrlinux8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019,wrlinux8 + + title: 'Use Only FIPS 140-2 Validated Ciphers' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml 2021-08-21 16:35:51.159191284 -0400 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml 2021-08-21 16:25:39.275049085 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle12,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,sle12,wrlinux1019 + + title: 'Use Only FIPS 140-2 Validated MACs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh 2021-08-21 16:25:39.267048953 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + + sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config + echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh 2021-08-21 16:25:39.268048969 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + + sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh 2021-08-21 16:25:39.254048737 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + + sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config + echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh 2021-08-21 16:25:39.253048720 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + + sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml 2021-08-21 16:25:39.371050677 -0400 +@@ -2,7 +2,7 @@ + + # TODO: The plan is not to need this for RHEL>=8.4 + # TODO: Compliant setting is SSH_USE_STRONG_RNG set to 32 or more +-prodtype: rhel8 ++prodtype: rhel8,rl8 + + title: 'SSH server uses strong entropy to seed' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh 2021-08-21 16:25:39.372050693 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + + echo 'SSH_USE_STRONG_RNG=1' > /etc/sysconfig/sshd +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh 2021-08-21 16:25:39.373050710 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + + echo 'SSH_USE_STRONG_RNG=32' > /etc/sysconfig/sshd +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh 2021-08-21 16:25:39.375050743 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + + rm -f /etc/sysconfig/sshd +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh 2021-08-21 16:25:39.374050726 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + + echo 'SSH_USE_STRONG_RNG="32"' > /etc/sysconfig/sshd +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml 2021-08-21 16:25:39.304049566 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Prevent remote hosts from connecting to the proxy display' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/package_sssd_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/package_sssd_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml 2021-08-21 16:25:39.760057124 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Install the SSSD Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml 2021-08-21 16:25:39.777057406 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install sssd-ipa Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml 2021-08-21 16:25:39.779057439 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Enable the SSSD Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh 2021-08-21 16:25:39.766057224 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml 2021-08-21 16:25:39.767057241 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Configure PAM in SSSD Services' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml 2021-08-21 16:25:39.762057158 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4 + + title: 'Enable Smartcards in SSSD' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml 2021-08-21 16:25:39.704056196 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client CA Certificate' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml 2021-08-21 16:25:39.702056163 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh 2021-08-21 16:25:39.692055997 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml 2021-08-21 16:25:39.693056014 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client CA Certificate Location' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml 2021-08-21 16:25:39.728056594 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh 2021-08-21 16:25:39.717056412 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml 2021-08-21 16:25:39.719056445 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml 2021-08-21 16:25:39.715056379 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh 2021-08-21 16:25:39.705056213 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml 2021-08-21 16:25:39.707056246 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend to Use TLS For All Transactions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml 2021-08-21 16:25:39.759057108 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh 2021-08-21 16:25:39.750056959 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml 2021-08-21 16:25:39.751056975 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Configure SSSD''s Memory Cache to Expire' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml 2021-08-21 16:25:39.748056925 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh 2021-08-21 16:25:39.739056776 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml 2021-08-21 16:25:39.740056793 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4 + + title: 'Configure SSSD to Expire Offline Credentials' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh 2021-08-21 16:25:39.780057456 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + found=false + for f in $( ls /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf 2> /dev/null ) ; do +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml 2021-08-21 16:25:39.782057489 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Configure SSSD to run as user sssd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml 2021-08-21 16:25:39.738056760 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh 2021-08-21 16:25:39.729056610 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml 2021-08-21 16:25:39.730056627 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,rl8,rhv4 + + title: 'Configure SSSD to Expire SSH Known Hosts' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml 2021-08-21 16:25:40.035061683 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Log USBGuard daemon audit events using Linux Audit' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml 2021-08-21 16:35:51.206192063 -0400 ++++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml 2021-08-21 16:25:40.033061650 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install usbguard Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml 2021-08-21 16:25:40.058062064 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Enable the USBGuard Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml 2021-08-21 16:25:40.056062031 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Authorize Human Interface Devices in USBGuard daemon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml 2021-08-21 16:25:40.048061898 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Authorize Human Interface Devices and USB hubs in USBGuard daemon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml 2021-08-21 16:25:40.044061832 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Authorize USB hubs in USBGuard daemon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml 2021-08-21 16:25:40.305066158 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Remove the X Windows Package Group' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml 2021-08-21 16:35:51.153191185 -0400 ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml 2021-08-21 16:25:40.294065976 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle12,sle15,rhv4 + + title: 'Disable X Windows Startup By Setting Default Target' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml 2021-08-21 16:35:51.121190654 -0400 ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml 2021-08-21 16:25:37.250015520 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh 2021-08-21 16:25:37.239015337 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml 2021-08-21 16:25:37.240015354 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Modify the System Login Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml 2021-08-21 16:25:37.231015205 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh 2021-08-21 16:25:37.223015072 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml 2021-08-21 16:25:37.224015089 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Modify the System Message of the Day Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml 2021-08-21 16:25:37.220015022 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Verify Group Ownership of System Login Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml 2021-08-21 16:25:37.236015288 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Verify Group Ownership of Message of the Day Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml 2021-08-21 16:25:37.233015238 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Verify ownership of System Login Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml 2021-08-21 16:25:37.235015271 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Verify ownership of Message of the Day Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml 2021-08-21 16:25:37.221015039 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Verify permissions on System Login Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml 2021-08-21 16:25:37.237015304 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Verify permissions on Message of the Day Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml 2021-08-21 16:25:37.218014989 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml 2021-08-21 16:35:51.206192063 -0400 ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml 2021-08-21 16:25:37.213014906 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Enable GNOME3 Login Warning Banner' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml 2021-08-21 16:25:37.211014873 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml 2021-08-21 16:25:37.202014724 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Set the GNOME3 Login Warning Banner Text' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh 2021-08-21 16:25:37.196014625 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + + if grep -q "^session.*pam_lastlog.so" /etc/pam.d/postlogin; then + sed -i --follow-symlinks "/pam_lastlog.so/d" /etc/pam.d/postlogin +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml 2021-08-21 16:25:37.045012122 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Set Up a Private Namespace in PAM Configuration + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml 2021-08-21 16:25:37.062012403 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh 2021-08-21 16:25:37.059012354 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_remember") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml 2021-08-21 16:25:37.060012370 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Limit Password Reuse' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml 2021-08-21 16:25:37.084012768 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh 2021-08-21 16:25:37.063012420 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml 2021-08-21 16:25:37.065012453 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Set Deny For Failed Password Attempts' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml 2021-08-21 16:25:37.129013514 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh 2021-08-21 16:25:37.121013381 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + AUTH_FILES[0]="/etc/pam.d/system-auth" + AUTH_FILES[1]="/etc/pam.d/password-auth" +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml 2021-08-21 16:35:51.206192063 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml 2021-08-21 16:25:37.122013398 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Configure the root Account for Failed Password Attempts' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml 2021-08-21 16:25:37.051012221 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8 ++prodtype: fedora,rhel8,rl8 + + title: 'Enforce pam_faillock for Local Accounts Only' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml 2021-08-21 16:25:37.118013332 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh 2021-08-21 16:25:37.101013050 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # include our remediation functions library + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml 2021-08-21 16:25:37.102013066 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,rhv4 + + title: 'Set Interval For Counting Failed Password Attempts' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml 2021-08-21 16:25:37.100013033 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh 2021-08-21 16:25:37.086012801 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml 2021-08-21 16:35:51.172191500 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml 2021-08-21 16:25:37.088012834 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Set Lockout Time for Failed Password Attempts' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml 2021-08-21 16:25:37.160014028 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml 2021-08-21 16:25:37.150013862 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Characters' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml 2021-08-21 16:25:37.151013879 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8 ++prodtype: fedora,rhel8,rl8 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml 2021-08-21 16:25:37.145013779 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8 ++prodtype: fedora,rhel8,rl8 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for root User' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml 2021-08-21 16:25:37.156013962 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml 2021-08-21 16:25:37.152013895 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml 2021-08-21 16:25:37.143013746 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Set Password Maximum Consecutive Repeating Characters' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml 2021-08-21 16:25:37.154013928 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml 2021-08-21 16:25:37.155013945 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Length' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml 2021-08-21 16:25:37.133013580 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml 2021-08-21 16:25:37.168014160 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml 2021-08-21 16:25:37.162014061 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml 2021-08-21 16:25:37.148013829 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml 2021-08-21 16:25:37.178014326 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh 2021-08-21 16:25:37.170014194 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + LIBUSER_CONF="/etc/libuser.conf" + CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*' +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml 2021-08-21 16:25:37.172014227 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Set Password Hashing Algorithm in /etc/libuser.conf' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml 2021-08-21 16:25:37.190014525 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh 2021-08-21 16:25:37.184014426 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml 2021-08-21 16:25:37.185014442 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Set Password Hashing Algorithm in /etc/login.defs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh 2021-08-21 16:25:37.180014359 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + AUTH_FILES[0]="/etc/pam.d/system-auth" + AUTH_FILES[1]="/etc/pam.d/password-auth" +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml 2021-08-21 16:25:37.181014376 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: "Set PAM's Password Hashing Algorithm" + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml 2021-08-21 16:25:37.469019150 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml 2021-08-21 16:25:37.463019050 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable Ctrl-Alt-Del Burst Action' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh 2021-08-21 16:25:37.455018918 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + {{%- if init_system == "systemd" -%}} + {{% if product in ["rhel7", "rhel8"] %}} + # The process to disable ctrl+alt+del has changed in RHEL7. +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml 2021-08-21 16:35:51.173191516 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml 2021-08-21 16:25:37.456018934 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Disable Ctrl-Alt-Del Reboot Activation' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml 2021-08-21 16:25:37.381017691 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Verify that Interactive Boot is Disabled' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh 2021-08-21 16:25:37.448018802 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + service_file="/usr/lib/systemd/system/emergency.service" + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml 2021-08-21 16:35:51.206192063 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml 2021-08-21 16:25:37.449018818 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Require Authentication for Emergency Systemd Target' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh 2021-08-21 16:25:37.373017559 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + {{% if init_system == "systemd" -%}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml 2021-08-21 16:35:51.174191533 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml 2021-08-21 16:25:37.374017575 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Require Authentication for Single User Mode' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml 2021-08-21 16:35:51.174191533 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml 2021-08-21 16:25:37.407018122 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhcos4 ++prodtype: fedora,ol8,rhel8,rl8,rhcos4 + + title: 'Support session locking with tmux' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml 2021-08-21 16:25:37.402018039 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml 2021-08-21 16:35:51.174191533 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml 2021-08-21 16:25:37.399017989 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhcos4 ++prodtype: fedora,ol8,rhel8,rl8,rhcos4 + + title: 'Configure tmux to lock session after inactivity' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml 2021-08-21 16:35:51.174191533 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml 2021-08-21 16:25:37.389017824 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhcos4 ++prodtype: fedora,ol8,rhel8,rl8,rhcos4 + + title: 'Configure the tmux Lock Command' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml 2021-08-21 16:25:37.412018205 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml 2021-08-21 16:35:51.174191533 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml 2021-08-21 16:25:37.410018172 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhcos4 ++prodtype: fedora,ol8,rhel8,rl8,rhcos4 + + title: 'Prevent user from disabling the screen lock' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml 2021-08-21 16:35:51.206192063 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml 2021-08-21 16:25:37.404018072 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhv4,rhcos4 ++prodtype: fedora,ol8,rhel8,rl8,rhv4,rhcos4 + + title: 'Install the tmux Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml 2021-08-21 16:25:37.443018719 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Configure opensc Smart Card Drivers' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml 2021-08-21 16:25:37.418018305 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Force opensc To Use Defined Smart Card Driver' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml 2021-08-21 16:35:51.201191980 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml 2021-08-21 16:25:37.415018255 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,rhel7,rhel8 ++prodtype: fedora,ol7,rhel7,rhel8,rl8 + + title: 'Install Smart Card Packages For Multifactor Authentication' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml 2021-08-21 16:35:51.174191533 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml 2021-08-21 16:25:37.416018271 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install the opensc Package For Multifactor Authentication' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml 2021-08-21 16:25:37.432018537 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install the pcsc-lite package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml 2021-08-21 16:25:37.447018785 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Enable the pcscd Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml 2021-08-21 16:25:37.440018669 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Configure Smart Card Certificate Status Checking' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml 2021-08-21 16:25:37.372017542 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml 2021-08-21 16:35:51.174191533 -0400 ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml 2021-08-21 16:25:37.368017476 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable debug-shell SystemD Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml 2021-08-21 16:25:37.484019399 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh 2021-08-21 16:25:37.477019282 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml 2021-08-21 16:35:51.174191533 -0400 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml 2021-08-21 16:25:37.478019299 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Set Account Expiration Following Inactivity' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml 2021-08-21 16:25:37.487019448 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4,sle12 ++prodtype: fedora,rhel7,rhel8,rl8,rhv4,sle12 + + title: 'Assign Expiration Date to Temporary Accounts' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml 2021-08-21 16:25:37.612021520 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh 2021-08-21 16:25:37.601021338 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_fedora ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_rhv,multi_platform_fedora + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_maximum_age_login_defs") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml 2021-08-21 16:25:37.622021686 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml 2021-08-21 16:25:37.636021918 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh 2021-08-21 16:25:37.626021752 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + . /usr/share/scap-security-guide/remediation_functions + declare var_accounts_password_minlen_login_defs + {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}} +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml 2021-08-21 16:35:51.175191549 -0400 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml 2021-08-21 16:25:37.624021719 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Set Existing Passwords Maximum Age' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml 2021-08-21 16:35:51.175191549 -0400 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml 2021-08-21 16:25:37.625021736 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Set Existing Passwords Minimum Age' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml 2021-08-21 16:25:37.645022067 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml 2021-08-21 16:25:37.538020294 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh 2021-08-21 16:25:37.534020227 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml 2021-08-21 16:25:37.535020244 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Set number of Password Hashing Rounds - password-auth' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml 2021-08-21 16:25:37.599021305 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh 2021-08-21 16:25:37.593021205 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml 2021-08-21 16:25:37.594021222 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Set number of Password Hashing Rounds - system-auth' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml 2021-08-21 16:25:37.566020758 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh 2021-08-21 16:25:37.555020575 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + sed --follow-symlinks -i 's/\//g' /etc/pam.d/system-auth + sed --follow-symlinks -i 's/\//g' /etc/pam.d/password-auth +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml 2021-08-21 16:25:37.564020725 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml 2021-08-21 16:25:37.568020791 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/group' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml 2021-08-21 16:25:37.578020957 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/passwd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml 2021-08-21 16:25:37.545020410 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/shadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml 2021-08-21 16:25:37.533020211 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml 2021-08-21 16:25:37.532020194 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml 2021-08-21 16:25:37.514019896 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Restrict Web Browser Use for Administrative Accounts' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml 2021-08-21 16:25:37.493019548 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml 2021-08-21 16:25:37.504019730 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml 2021-08-21 16:25:37.515019912 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Root Path Must Be Vendor Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml 2021-08-21 16:25:37.524020061 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml 2021-08-21 16:25:37.513019879 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh 2021-08-21 16:25:37.506019763 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # uncomment the option if commented + sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml 2021-08-21 16:25:37.507019780 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Enforce usage of pam_wheel for su authentication' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml 2021-08-21 16:35:51.175191549 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml 2021-08-21 16:25:37.346017111 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,fedora ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019,fedora + + title: 'Ensure Home Directories are Created for New Users' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml 2021-08-21 16:25:37.274015917 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_sle + # disruption = low + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh 2021-08-21 16:25:37.266015785 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml 2021-08-21 16:35:51.121190654 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml 2021-08-21 16:25:37.362017376 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh 2021-08-21 16:25:37.354017243 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml 2021-08-21 16:25:37.343017061 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml 2021-08-21 16:25:37.333016895 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,rhcos4 + + title: 'Set Interactive Session Timeout' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml 2021-08-21 16:25:37.324016746 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'User Initialization Files Must Be Group-Owned By The Primary User' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml 2021-08-21 16:25:37.327016796 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'User Initialization Files Must Not Run World-Writable Programs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml 2021-08-21 16:25:37.326016779 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'User Initialization Files Must Be Owned By the Primary User' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml 2021-08-21 16:25:37.330016846 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Ensure that Users Path Contains Only Local Directories' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml 2021-08-21 16:25:37.365017426 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'All Interactive Users Must Have A Home Directory Defined' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml 2021-08-21 16:35:51.176191566 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml 2021-08-21 16:25:37.328016813 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'All Interactive Users Home Directories Must Exist' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml 2021-08-21 16:25:37.363017393 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml 2021-08-21 16:25:37.325016763 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'All User Files and Directories In The Home Directory Must Be Owned By The Primary User' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml 2021-08-21 16:25:37.366017443 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml 2021-08-21 16:35:51.176191566 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml 2021-08-21 16:25:37.252015553 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml 2021-08-21 16:35:51.159191284 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml 2021-08-21 16:25:37.254015586 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'All Interactive User Home Directories Must Be Owned By The Primary User' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml 2021-08-21 16:25:37.253015569 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml 2021-08-21 16:25:37.344017078 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml 2021-08-21 16:25:37.281016034 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh 2021-08-21 16:25:37.316016614 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml 2021-08-21 16:35:51.210192129 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml 2021-08-21 16:25:37.317016630 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Ensure the Default Bash Umask is Set Correctly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh 2021-08-21 16:25:37.293016232 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml 2021-08-21 16:25:37.294016249 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Ensure the Default C Shell Umask is Set Correctly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml 2021-08-21 16:25:37.314016580 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh 2021-08-21 16:25:37.307016465 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml 2021-08-21 16:25:37.305016431 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Ensure the Default Umask is Set Correctly For Interactive Users' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml 2021-08-21 16:25:36.093996358 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Record Any Attempts to Run chcon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml 2021-08-21 16:25:36.098996441 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Any Attempts to Run restorecon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml 2021-08-21 16:25:36.094996375 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Record Any Attempts to Run semanage' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml 2021-08-21 16:25:36.095996391 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Any Attempts to Run setfiles' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml 2021-08-21 16:25:36.101996491 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Record Any Attempts to Run setsebool' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml 2021-08-21 16:25:36.099996458 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Any Attempts to Run seunshare' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh 2021-08-21 16:25:36.082996176 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml 2021-08-21 16:25:35.782991203 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Record Successful Permission Changes to Files - chmod' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml 2021-08-21 16:25:35.934993723 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Ownership Changes to Files - chown' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml 2021-08-21 16:25:35.915993408 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Access Attempts to Files - creat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml 2021-08-21 16:25:35.883992877 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmod' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml 2021-08-21 16:25:35.813991717 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmodat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml 2021-08-21 16:25:35.894993060 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchown' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml 2021-08-21 16:25:35.959994137 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchownat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml 2021-08-21 16:25:35.845992247 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Permission Changes to Files - fremovexattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml 2021-08-21 16:25:35.965994237 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Permission Changes to Files - fsetxattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml 2021-08-21 16:25:35.863992546 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Access Attempts to Files - ftruncate' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml 2021-08-21 16:25:35.961994170 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Ownership Changes to Files - lchown' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml 2021-08-21 16:25:35.817991784 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Permission Changes to Files - lremovexattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml 2021-08-21 16:25:35.932993689 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Permission Changes to Files - lsetxattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml 2021-08-21 16:25:35.885992911 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Access Attempts to Files - open' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml 2021-08-21 16:25:35.798991469 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Access Attempts to Files - openat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml 2021-08-21 16:25:35.802991535 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Successful Creation Attempts to Files - openat O_CREAT' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml 2021-08-21 16:25:35.862992529 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml 2021-08-21 16:25:35.859992480 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Access Attempts to Files - open_by_handle_at' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml 2021-08-21 16:25:35.830991999 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml 2021-08-21 16:25:35.962994187 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml 2021-08-21 16:25:35.818991800 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Successful Creation Attempts to Files - open O_CREAT' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml 2021-08-21 16:25:35.780991170 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Successful Creation Attempts to Files - open O_TRUNC_WRITE' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml 2021-08-21 16:25:35.799991485 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Permission Changes to Files - removexattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml 2021-08-21 16:25:35.896993093 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Delete Attempts to Files - rename' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml 2021-08-21 16:25:35.963994203 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Delete Attempts to Files - renameat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml 2021-08-21 16:25:35.861992513 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Permission Changes to Files - setxattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml 2021-08-21 16:25:35.882992861 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Access Attempts to Files - truncate' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml 2021-08-21 16:25:35.814991734 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlink' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml 2021-08-21 16:25:35.843992214 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlinkat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh 2021-08-21 16:25:35.820991833 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml 2021-08-21 16:25:35.931993673 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - chmod' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml 2021-08-21 16:25:35.874992728 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Ownership Changes to Files - chown' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml 2021-08-21 16:35:51.130190803 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml 2021-08-21 16:25:35.946993922 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - creat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml 2021-08-21 16:25:35.816991767 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - fchmod' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml 2021-08-21 16:25:35.783991220 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - fchmodat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml 2021-08-21 16:25:35.913993375 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Ownership Changes to Files - fchown' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml 2021-08-21 16:25:35.925993574 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Ownership Changes to Files - fchownat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml 2021-08-21 16:25:35.912993358 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - fremovexattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml 2021-08-21 16:25:35.865992579 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - fsetxattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml 2021-08-21 16:35:51.130190803 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml 2021-08-21 16:25:35.892993026 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - ftruncate' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml 2021-08-21 16:25:35.796991435 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Ownership Changes to Files - lchown' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml 2021-08-21 16:25:35.858992463 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - lremovexattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml 2021-08-21 16:25:35.812991701 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - lsetxattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/bash/shared.sh 2021-08-21 16:25:35.947993938 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml 2021-08-21 16:35:51.163191350 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml 2021-08-21 16:25:35.948993955 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - open' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/bash/shared.sh 2021-08-21 16:25:35.803991552 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml 2021-08-21 16:35:51.130190803 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml 2021-08-21 16:25:35.805991584 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - openat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh 2021-08-21 16:25:35.831992015 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml 2021-08-21 16:25:35.833992049 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessful Creation Attempts to Files - openat O_CREAT' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh 2021-08-21 16:25:35.786991270 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml 2021-08-21 16:25:35.787991286 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh 2021-08-21 16:25:35.846992264 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml 2021-08-21 16:25:35.847992281 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/bash/shared.sh 2021-08-21 16:25:35.855992413 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml 2021-08-21 16:35:51.130190803 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml 2021-08-21 16:25:35.857992446 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh 2021-08-21 16:25:35.806991601 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml 2021-08-21 16:25:35.807991618 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh 2021-08-21 16:25:35.927993607 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml 2021-08-21 16:25:35.928993623 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh 2021-08-21 16:25:35.899993143 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml 2021-08-21 16:25:35.900993159 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh 2021-08-21 16:25:35.935993739 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml 2021-08-21 16:25:35.936993756 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessful Creation Attempts to Files - open O_CREAT' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh 2021-08-21 16:25:35.902993192 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml 2021-08-21 16:25:35.903993209 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh 2021-08-21 16:25:35.916993424 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml 2021-08-21 16:25:35.917993441 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml 2021-08-21 16:25:35.895993076 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - removexattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml 2021-08-21 16:25:35.879992811 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Delete Attempts to Files - rename' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml 2021-08-21 16:25:35.810991667 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Delete Attempts to Files - renameat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml 2021-08-21 16:25:35.784991236 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Permission Changes to Files - setxattr' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml 2021-08-21 16:35:51.130190803 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml 2021-08-21 16:25:35.898993126 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - truncate' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml 2021-08-21 16:25:35.866992595 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Delete Attempts to Files - unlink' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml 2021-08-21 16:25:35.881992844 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Unsuccessul Delete Attempts to Files - unlinkat' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml 2021-08-21 16:25:35.758990806 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml 2021-08-21 16:35:51.163191350 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml 2021-08-21 16:25:35.771991021 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_rhv,multi_platform_sle + # reboot = false + # complexity = low + # disruption = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml 2021-08-21 16:35:51.163191350 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml 2021-08-21 16:25:35.768990971 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml 2021-08-21 16:35:51.163191350 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml 2021-08-21 16:25:35.779991153 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # complexity = low + # disruption = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml 2021-08-21 16:35:51.163191350 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml 2021-08-21 16:25:35.774991071 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml 2021-08-21 16:35:51.163191350 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml 2021-08-21 16:25:35.765990921 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_rhv,multi_platform_sle + # reboot = false + # complexity = low + # disruption = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml 2021-08-21 16:35:51.163191350 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml 2021-08-21 16:25:35.760990839 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh 2021-08-21 16:25:36.146997237 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml 2021-08-21 16:25:36.138997104 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Attempts to Alter Logon and Logout Events - faillock' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml 2021-08-21 16:35:51.176191566 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml 2021-08-21 16:25:36.134997038 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Attempts to Alter Logon and Logout Events - lastlog' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml 2021-08-21 16:35:51.130190803 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml 2021-08-21 16:25:36.152997336 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15 + + title: 'Record Attempts to Alter Logon and Logout Events - tallylog' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml 2021-08-21 16:25:36.209998281 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh 2021-08-21 16:25:36.188997933 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml 2021-08-21 16:25:36.216998397 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml 2021-08-21 16:35:51.130190803 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml 2021-08-21 16:25:36.229998613 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml 2021-08-21 16:25:36.214998364 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml 2021-08-21 16:35:51.163191350 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml 2021-08-21 16:25:36.217998414 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - crontab' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml 2021-08-21 16:25:36.230998629 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml 2021-08-21 16:35:51.164191367 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml 2021-08-21 16:25:36.221998480 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle12 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - mount' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml 2021-08-21 16:25:36.218998430 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml 2021-08-21 16:25:36.213998347 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml 2021-08-21 16:25:36.227998579 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml 2021-08-21 16:35:51.164191367 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml 2021-08-21 16:25:36.224998530 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml 2021-08-21 16:25:36.212998331 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - passwd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml 2021-08-21 16:25:36.211998314 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postdrop' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml 2021-08-21 16:25:36.222998497 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postqueue' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml 2021-08-21 16:25:36.228998596 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml 2021-08-21 16:25:36.174997701 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml 2021-08-21 16:35:51.164191367 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml 2021-08-21 16:25:36.225998546 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - su' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml 2021-08-21 16:35:51.164191367 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml 2021-08-21 16:25:36.175997717 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml 2021-08-21 16:25:36.187997916 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml 2021-08-21 16:35:51.164191367 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml 2021-08-21 16:25:36.210998297 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - umount' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml 2021-08-21 16:35:51.131190820 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml 2021-08-21 16:25:36.220998463 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml 2021-08-21 16:25:36.226998563 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - userhelper' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml 2021-08-21 16:25:36.219998447 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml 2021-08-21 16:25:36.091996325 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/group' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml 2021-08-21 16:25:35.722990209 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/group' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml 2021-08-21 16:25:35.709989993 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml 2021-08-21 16:25:36.154997369 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/gshadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml 2021-08-21 16:25:36.008994949 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/gshadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml 2021-08-21 16:25:36.172997668 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml 2021-08-21 16:25:35.723990225 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/passwd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml 2021-08-21 16:25:36.232998662 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/passwd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml 2021-08-21 16:25:36.074996043 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml 2021-08-21 16:25:36.153997353 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/shadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml 2021-08-21 16:25:36.231998646 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/shadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml 2021-08-21 16:25:36.240998795 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh 2021-08-21 16:25:36.048995612 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Traverse all of: + # +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml 2021-08-21 16:25:36.043995529 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh 2021-08-21 16:25:36.030995314 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml 2021-08-21 16:25:36.073996027 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot =false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh 2021-08-21 16:25:36.062995844 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml 2021-08-21 16:25:35.721990192 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh 2021-08-21 16:25:35.710990010 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh 2021-08-21 16:25:36.012995016 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml 2021-08-21 16:25:36.107996590 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Shutdown System When Auditing Failures Occur' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh 2021-08-21 16:25:36.021995165 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml 2021-08-21 16:35:51.176191566 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml 2021-08-21 16:25:36.173997684 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/group' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml 2021-08-21 16:35:51.177191582 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml 2021-08-21 16:25:36.155997386 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/gshadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml 2021-08-21 16:35:51.177191582 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml 2021-08-21 16:25:36.010994983 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/security/opasswd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml 2021-08-21 16:35:51.177191582 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml 2021-08-21 16:25:36.164997535 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/passwd' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml 2021-08-21 16:35:51.177191582 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml 2021-08-21 16:25:36.075996060 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Record Events that Modify User/Group Information - /etc/shadow' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh 2021-08-21 16:25:35.977994435 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh 2021-08-21 16:25:35.967994270 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh 2021-08-21 16:25:35.999994800 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh 2021-08-21 16:25:35.991994668 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh 2021-08-21 16:25:35.985994568 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml 2021-08-21 16:25:35.739990490 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh 2021-08-21 16:25:36.026995248 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky + + if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then + GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh 2021-08-21 16:25:36.044995546 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + + if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then + GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml 2021-08-21 16:35:51.177191582 -0400 ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml 2021-08-21 16:25:36.045995563 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'System Audit Logs Must Have Mode 0640 or Less Permissive' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml 2021-08-21 16:25:36.368000900 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + # reboot = false + # strategy = configure + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh 2021-08-21 16:25:36.361000784 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_audispd_remote_server") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml 2021-08-21 16:25:36.362000800 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Configure audispd Plugin To Send Logs To Remote Server' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml 2021-08-21 16:35:51.165191383 -0400 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml 2021-08-21 16:25:36.280999458 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Configure audispd''s Plugin disk_full_action When Disk Is Full' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml 2021-08-21 16:35:51.121190654 -0400 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml 2021-08-21 16:25:36.311999972 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Encrypt Audit Records Sent With audispd Plugin' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml 2021-08-21 16:35:51.165191383 -0400 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml 2021-08-21 16:25:36.408001563 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Configure audispd''s Plugin network_failure_action On Network Failure' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml 2021-08-21 16:25:36.381001116 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh 2021-08-21 16:25:36.378001066 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml 2021-08-21 16:25:36.386001198 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh 2021-08-21 16:25:36.383001148 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_sle + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml 2021-08-21 16:25:36.395001348 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh 2021-08-21 16:25:36.388001231 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux,multi_platform_sle + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml 2021-08-21 16:25:36.349000585 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh 2021-08-21 16:25:36.336000370 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + + {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}} +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml 2021-08-21 16:25:36.308999922 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh 2021-08-21 16:25:36.297999740 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_flush") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml 2021-08-21 16:25:36.307999905 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml 2021-08-21 16:25:36.298999756 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Configure auditd flush priority' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh 2021-08-21 16:25:36.305999872 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rocky + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh 2021-08-21 16:25:36.304999856 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rocky + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh 2021-08-21 16:25:36.302999822 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rocky + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh 2021-08-21 16:25:36.300999789 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rocky + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh 2021-08-21 16:25:36.301999806 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rocky + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh 2021-08-21 16:25:36.299999773 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rocky + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml 2021-08-21 16:25:36.264999193 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh 2021-08-21 16:25:36.256999060 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_max_log_file") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml 2021-08-21 16:25:36.335000353 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh 2021-08-21 16:25:36.325000187 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml 2021-08-21 16:25:36.358000734 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml 2021-08-21 16:25:36.404001497 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh 2021-08-21 16:25:36.397001381 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_space_left") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml 2021-08-21 16:35:51.202191997 -0400 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml 2021-08-21 16:25:36.398001397 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Configure auditd space_left on Low Disk Space' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml 2021-08-21 16:25:36.278999425 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh 2021-08-21 16:25:36.266999226 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_auditd_space_left_action") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml 2021-08-21 16:25:36.371000950 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml 2021-08-21 16:25:36.253999010 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml 2021-08-21 16:25:36.407001546 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml 2021-08-21 16:25:36.410001596 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml 2021-08-21 16:25:36.374000999 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml 2021-08-21 16:35:51.178191599 -0400 ++++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml 2021-08-21 16:25:36.477002707 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml 2021-08-21 16:35:51.178191599 -0400 ++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml 2021-08-21 16:25:36.497003038 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Extend Audit Backlog Limit for the Audit Daemon' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml 2021-08-21 16:25:36.494002988 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install audispd-plugins Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml 2021-08-21 16:25:36.463002475 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml 2021-08-21 16:25:36.461002442 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of unsuccessful file accesses' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml 2021-08-21 16:25:36.472002624 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml 2021-08-21 16:25:36.470002591 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of successful file accesses' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml 2021-08-21 16:25:36.430001928 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml 2021-08-21 16:25:36.426001861 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4,rhcos4 + + title: 'Configure basic parameters of Audit system' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml 2021-08-21 16:25:36.454002325 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml 2021-08-21 16:25:36.452002292 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of unsuccessful file creations' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml 2021-08-21 16:25:36.458002392 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of successful file creations' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml 2021-08-21 16:25:36.436002027 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml 2021-08-21 16:25:36.434001994 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of unsuccessful file deletions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml 2021-08-21 16:25:36.419001745 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + + {{% set file_contents = """## Successful file delete + -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml 2021-08-21 16:25:36.415001679 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of successful file deletions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml 2021-08-21 16:25:36.447002210 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml 2021-08-21 16:35:51.178191599 -0400 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml 2021-08-21 16:25:36.445002176 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure immutable Audit login UIDs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml 2021-08-21 16:25:36.450002259 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml 2021-08-21 16:25:36.448002226 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4,rhcos4 + + title: 'Configure auditing of unsuccessful file modifications' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml 2021-08-21 16:25:36.466002524 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml 2021-08-21 16:25:36.464002491 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of successful file modifications' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml 2021-08-21 16:25:36.476002690 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml 2021-08-21 16:25:36.474002657 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4,rhcos4 + + title: 'Configure auditing of loading and unloading of kernel modules' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml 2021-08-21 16:25:36.457002375 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml 2021-08-21 16:25:36.455002342 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4,rhcos4 + + title: 'Perform general configuration of Audit for OSPP' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml 2021-08-21 16:25:36.420001762 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of unsuccessful ownership changes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml 2021-08-21 16:25:36.423001812 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of successful ownership changes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml 2021-08-21 16:25:36.431001944 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of unsuccessful permission changes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml 2021-08-21 16:25:36.467002541 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,rl8,rhcos4 + + title: 'Configure auditing of successful permission changes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml 2021-08-21 16:25:36.438002060 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Configure audit according to OSPP requirements' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml 2021-08-21 16:25:36.506003187 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml 2021-08-21 16:25:36.999011359 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,rl8 + + title: 'Configure kernel to trust the CPU random number generator' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml 2021-08-21 16:35:51.178191599 -0400 ++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml 2021-08-21 16:25:37.031011889 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,rl8 + + title: 'Enable Kernel Page-Table Isolation (KPTI)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml 2021-08-21 16:35:51.178191599 -0400 ++++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml 2021-08-21 16:25:37.038012006 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable vsyscalls' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml 2021-08-21 16:25:37.007011492 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify /boot/grub2/grub.cfg Group Ownership' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml 2021-08-21 16:25:37.016011641 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify /boot/grub2/grub.cfg User Ownership' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml 2021-08-21 16:25:37.017011658 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify /boot/grub2/grub.cfg Permissions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml 2021-08-21 16:35:51.206192063 -0400 ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml 2021-08-21 16:25:37.026011807 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Set the Boot Loader Admin Username to a Non-Default Value' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml 2021-08-21 16:25:37.008011508 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Boot Loader Is Not Installed On Removeable Media' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml 2021-08-21 16:35:51.179191616 -0400 ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml 2021-08-21 16:25:37.018011674 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Set Boot Loader Password in grub2' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml 2021-08-21 16:25:36.985011127 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml 2021-08-21 16:25:36.984011111 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Verify the UEFI Boot Loader grub.cfg User Ownership' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml 2021-08-21 16:25:36.978011011 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Verify the UEFI Boot Loader grub.cfg Permissions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml 2021-08-21 16:25:36.986011144 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Set the UEFI Boot Loader Admin Username to a Non-Default Value' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml 2021-08-21 16:35:51.179191616 -0400 ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml 2021-08-21 16:25:36.992011243 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Set the UEFI Boot Loader Password' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml 2021-08-21 16:35:51.153191185 -0400 ++++ b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml 2021-08-21 16:25:36.979011028 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'UEFI Boot Loader Is Not Installed On Removeable Media' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml 2021-08-21 16:25:39.142046881 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml 2021-08-21 16:25:39.147046963 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml 2021-08-21 16:25:39.134046748 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Ensure all zIPL boot entries are BLS compliant' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml 2021-08-21 16:25:39.126046615 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Ensure zIPL bootmap is up to date' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml 2021-08-21 16:25:39.141046864 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Ensure SELinux Not Disabled in zIPL' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml 2021-08-21 16:25:39.123046566 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Enable page allocator poisoning in zIPL' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml 2021-08-21 16:25:39.133046732 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Enable SLUB/SLAB allocator poisoning in zIPL' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml 2021-08-21 16:25:39.140046848 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Disable vsyscalls in zIPL' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml 2021-08-21 16:25:36.541003768 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure Logwatch HostLimit Line' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml 2021-08-21 16:25:36.545003834 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure Logwatch SplitHosts Line' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml 2021-08-21 16:25:36.600004745 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable Logwatch on Clients if a Logserver Exists' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh 2021-08-21 16:25:36.562004116 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + + if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then + mkdir -p /etc/rsyslog.d +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml 2021-08-21 16:35:51.179191616 -0400 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml 2021-08-21 16:25:36.563004132 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure cron Is Logging To Rsyslog' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh 2021-08-21 16:25:36.549003900 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with root group-owner log from rules and + # non root group-owner log from $IncludeConfig fails. +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh 2021-08-21 16:25:36.551003933 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with root group-owner log from rules and + # root group-owner log from $IncludeConfig passes. +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh 2021-08-21 16:25:36.552003950 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check if log file with non root group-owner in rsyslog.conf fails. + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh 2021-08-21 16:25:36.558004049 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check if log file with root group-owner in rsyslog.conf passes. + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh 2021-08-21 16:25:36.589004563 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with root user log from rules and + # non root user log from $IncludeConfig fails. +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh 2021-08-21 16:25:36.590004580 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with root user log from rules and + # root user log from $IncludeConfig passes. +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh 2021-08-21 16:25:36.591004596 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check if log file with non root user in rsyslog.conf fails. + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh 2021-08-21 16:25:36.597004696 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check if log file with root user in rsyslog.conf passes. + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh 2021-08-21 16:25:36.572004281 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + # List of log file paths to be inspected for correct permissions + # * Primarily inspect log file paths listed in /etc/rsyslog.conf +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh 2021-08-21 16:25:36.583004464 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0600 from $IncludeConfig passes. +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh 2021-08-21 16:25:36.578004381 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0601 from $IncludeConfig fails. +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh 2021-08-21 16:25:36.582004447 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check if log file with permissions 0600 in rsyslog.conf passes. + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh 2021-08-21 16:25:36.579004397 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + # Check if log file with permissions 0601 in rsyslog.conf fails. + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml 2021-08-21 16:25:36.604004812 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml 2021-08-21 16:25:36.531003602 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh 2021-08-21 16:25:36.527003536 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + + . /usr/share/scap-security-guide/remediation_functions + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml 2021-08-21 16:25:36.532003618 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,rl8 + + title: 'Configure TLS for rsyslog remote logging' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml 2021-08-21 16:25:36.520003419 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,rl8 + + title: 'Configure CA certificate for rsyslog remote logging' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network_configure_name_resolution/rule.yml 2021-08-21 16:35:51.199191947 -0400 ++++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml 2021-08-21 16:25:35.588987988 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Configure Multiple DNS Servers in /etc/resolv.conf' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml 2021-08-21 16:25:35.415985120 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable Client Dynamic DNS Updates' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network_disable_zeroconf/rule.yml b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network_disable_zeroconf/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml 2021-08-21 16:25:35.585987938 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable Zeroconf Networking' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml 2021-08-21 16:25:35.392984739 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Install firewalld Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml 2021-08-21 16:35:51.179191616 -0400 ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml 2021-08-21 16:25:35.388984673 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Verify firewalld Enabled' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml 2021-08-21 16:35:51.179191616 -0400 ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml 2021-08-21 16:25:35.406984971 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Configure the Firewalld Ports' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml 2021-08-21 16:25:35.409985021 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Set Default firewalld Zone for Incoming Packets' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml 2021-08-21 16:25:35.707989960 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Verify Any Configured IPSec Tunnel Connections' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml 2021-02-03 05:54:09.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml 2021-08-21 16:25:35.705989927 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install libreswan Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml 2021-08-21 16:25:35.567987639 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Install iptables Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml 2021-08-21 16:25:35.518986827 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Manually Assign IPv6 Router Address' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh 2021-08-21 16:25:35.534987093 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + + # enable randomness in ipv6 address generation + for interface in /etc/sysconfig/network-scripts/ifcfg-* +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml 2021-08-21 16:25:35.536987126 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Use Privacy Extensions for Address' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml 2021-08-21 16:25:35.489986347 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Manually Assign Global IPv6 Address' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml 2021-08-21 16:25:35.501986546 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml 2021-08-21 16:35:51.210192129 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml 2021-08-21 16:25:35.498986496 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml 2021-08-21 16:25:35.521986877 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml 2021-08-21 16:25:35.506986628 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml 2021-08-21 16:25:35.487986314 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml 2021-08-21 16:25:35.515986778 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml 2021-08-21 16:25:35.512986728 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml 2021-08-21 16:25:35.556987457 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml 2021-08-21 16:25:35.548987325 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml 2021-08-21 16:25:35.504986595 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Auto Configuration on All IPv6 Interfaces + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml 2021-08-21 16:25:35.563987573 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable Kernel Parameter for IPv6 Forwarding' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml 2021-08-21 16:25:35.502986562 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml 2021-08-21 16:25:35.541987209 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure Denying Router Solicitations on All IPv6 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml 2021-08-21 16:25:35.544987258 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml 2021-08-21 16:35:51.210192129 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml 2021-08-21 16:25:35.542987225 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml 2021-08-21 16:25:35.547987308 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml 2021-08-21 16:25:35.527986976 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml 2021-08-21 16:25:35.517986811 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml 2021-08-21 16:25:35.560987524 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml 2021-08-21 16:25:35.557987474 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml 2021-08-21 16:25:35.531987043 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml 2021-08-21 16:35:51.131190820 -0400 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml 2021-08-21 16:25:35.528986993 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml 2021-08-21 16:25:35.532987059 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Auto Configuration on All IPv6 Interfaces By Default + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml 2021-08-21 16:25:35.511986711 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml 2021-08-21 16:25:35.494986430 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Configure Denying Router Solicitations on All IPv6 Interfaces By Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml 2021-08-21 16:25:35.467985982 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Ensure IPv6 is disabled through kernel boot parameter' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml 2021-08-21 16:25:35.465985949 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable Interface Usage of IPv6' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh 2021-08-21 16:25:35.459985850 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky + + # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC + # services for NFSv4 from attempting to start IPv6 network listeners +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml 2021-08-21 16:25:35.460985866 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,rl8,rhv4 + + title: 'Disable Support for RPC IPv6' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml 2021-08-21 16:25:35.458985833 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Disable IPv6 Networking Support Automatic Loading' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml 2021-08-21 16:25:35.606988286 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml 2021-08-21 16:35:51.180191632 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml 2021-08-21 16:25:35.603988236 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml 2021-08-21 16:25:35.666989281 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml 2021-08-21 16:25:35.663989231 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml 2021-08-21 16:25:35.662989214 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml 2021-08-21 16:25:35.659989165 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml 2021-08-21 16:25:35.670989347 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml 2021-08-21 16:25:35.667989297 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml 2021-08-21 16:25:35.647988966 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml 2021-08-21 16:25:35.640988850 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml 2021-08-21 16:25:35.632988717 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml 2021-08-21 16:25:35.629988667 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,sle12 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml 2021-08-21 16:25:35.600988187 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml 2021-08-21 16:35:51.121190654 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml 2021-08-21 16:25:35.598988153 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml 2021-08-21 16:25:35.675989430 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml 2021-08-21 16:25:35.672989380 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml 2021-08-21 16:25:35.594988087 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml 2021-08-21 16:25:35.592988054 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml 2021-08-21 16:25:35.626988618 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml 2021-08-21 16:25:35.619988502 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml 2021-08-21 16:25:35.638988816 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml 2021-08-21 16:25:35.635988767 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml 2021-08-21 16:25:35.617988468 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml 2021-08-21 16:25:35.614988419 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml 2021-08-21 16:25:35.650989015 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Set Kernel Parameter to Increase Local Port Range' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml 2021-08-21 16:25:35.597988137 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15,wrlinux1019 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15,wrlinux1019 + + title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml 2021-08-21 16:25:35.613988402 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml 2021-08-21 16:25:35.658989148 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml 2021-08-21 16:25:35.656989115 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Enable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml 2021-08-21 16:25:35.683989562 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml 2021-08-21 16:25:35.681989529 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml 2021-08-21 16:25:35.687989629 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml 2021-08-21 16:25:35.684989579 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml 2021-08-21 16:25:35.688989645 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,rhcos4,sle12 + + title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network_nmcli_permissions/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml 2021-08-21 16:25:35.444985601 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4 + + title: 'Prevent non-Privileged Users from Modifying Network Interfaces using nmcli' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network_sniffer_disabled/rule.yml 2021-08-21 16:35:51.182191665 -0400 ++++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml 2021-08-21 16:25:35.689989662 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure System is Not Acting as a Network Sniffer' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml 2021-08-21 16:25:35.423985253 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml 2021-08-21 16:25:35.421985219 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel7,rhel8,rl8 + + title: 'Disable ATM Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml 2021-08-21 16:25:35.420985203 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml 2021-08-21 16:25:35.418985170 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel7,rhel8,rl8 + + title: 'Disable CAN Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml 2021-08-21 16:35:51.131190820 -0400 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml 2021-08-21 16:25:35.424985269 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,sle12 + + title: 'Disable DCCP Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml 2021-08-21 16:25:35.441985551 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml 2021-08-21 16:25:35.431985385 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel7,rhel8,rl8 + + title: 'Disable IEEE 1394 (FireWire) Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml 2021-08-21 16:25:35.429985352 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml 2021-08-21 16:25:35.428985336 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Disable SCTP Support' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml 2021-08-21 16:25:35.426985302 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml 2021-08-21 16:25:35.699989827 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml 2021-08-21 16:25:35.698989811 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable Bluetooth Kernel Module' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml 2021-08-21 16:25:35.704989910 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4,rhcos4 ++prodtype: fedora,rhel7,rhel8,rl8,rhv4,rhcos4 + + title: 'Disable Bluetooth Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml 2021-08-21 16:25:35.697989794 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8 + + title: 'Disable WiFi or Bluetooth in BIOS' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml 2021-08-21 16:35:51.181191649 -0400 ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml 2021-08-21 16:25:35.701989861 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Deactivate Wireless Network Interfaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml 2021-08-21 16:35:51.204192030 -0400 ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml 2021-08-21 16:25:36.828008525 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure All World-Writable Directories Are Owned by root user' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh 2021-08-21 16:35:51.122190671 -0400 ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh 2021-08-21 16:25:36.818008359 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_sle + df --local -P | awk '{if (NR!=1) print $6}' \ + | xargs -I '{}' find '{}' -xdev -type d \ + \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \ +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml 2021-08-21 16:25:36.812008260 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure All World-Writable Directories Are Owned by a System Account' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml 2021-08-21 16:35:51.131190820 -0400 ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml 2021-08-21 16:25:36.821008409 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Ensure All World-Writable Directories Are Group Owned by a System Account' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml 2021-08-21 16:25:36.844008790 -0400 +@@ -2,7 +2,7 @@ + + title: 'Ensure All SGID Executables Are Authorized' + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,wrlinux1019,sle15,wrlinux8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,wrlinux1019,sle15,wrlinux8 + + description: |- + The SGID (set group id) bit should be set only on files that were +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml 2021-08-21 16:25:36.930010215 -0400 +@@ -2,7 +2,7 @@ + + title: 'Ensure All SUID Executables Are Authorized' + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,wrlinux1019,wrlinux8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,wrlinux1019,wrlinux8 + + description: |- + The SUID (set user id) bit should be set only on files that were +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml 2021-08-21 16:35:51.182191665 -0400 ++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml 2021-08-21 16:25:36.934010282 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure All Files Are Owned by a Group' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml 2021-08-21 16:35:51.182191665 -0400 ++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml 2021-08-21 16:25:36.842008757 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure All Files Are Owned by a User' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml 2021-08-21 16:25:36.866009155 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = medium +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh 2021-08-21 16:25:36.863009105 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + find /bin/ \ + /usr/bin/ \ + /usr/local/bin/ \ +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml 2021-08-21 16:25:36.857009005 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = medium +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh 2021-08-21 16:25:36.854008956 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + for LIBDIR in /usr/lib /usr/lib64 /lib /lib64 + do + if [ -d $LIBDIR ] +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml 2021-08-21 16:25:36.862009088 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = medium +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh 2021-08-21 16:25:36.859009038 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec" + for dirPath in $DIRS; do + find "$dirPath" -perm /022 -exec chmod go-w '{}' \; +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml 2021-08-21 16:25:36.852008923 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = high +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml 2021-08-21 16:25:36.837008674 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml 2021-08-21 16:25:36.841008740 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml 2021-08-21 16:25:36.963010762 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Assign Password to Prevent Changes to Boot Firmware Configuration' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml 2021-08-21 16:25:36.962010746 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8 + + title: 'Disable Booting from USB Devices in Boot Firmware' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml 2021-08-21 16:25:36.940010381 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8 + + title: 'Disable Kernel Support for USB via Bootloader Configuration' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.950010547 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml 2021-08-21 16:35:51.182191665 -0400 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml 2021-08-21 16:25:36.949010530 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of cramfs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.938010348 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml 2021-08-21 16:25:36.937010332 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of freevxfs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.959010696 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml 2021-08-21 16:25:36.957010663 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of hfs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.956010646 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml 2021-08-21 16:25:36.955010630 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of hfsplus' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.965010795 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml 2021-08-21 16:25:36.964010779 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15,ubuntu1804 + + title: 'Disable Mounting of jffs2' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.968010845 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml 2021-08-21 16:25:36.967010829 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,sle15 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8,sle15 + + title: 'Disable Mounting of squashfs' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.952010580 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml 2021-08-21 16:25:36.951010564 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,sle15,ubuntu1804 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8,sle15,ubuntu1804 + + title: 'Disable Mounting of udf' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.948010514 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml 2021-08-21 16:35:51.182191665 -0400 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml 2021-08-21 16:25:36.945010464 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Disable Modprobe Loading of USB Storage Driver' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.961010729 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml 2021-08-21 16:25:36.960010713 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Disable Mounting of vFAT filesystems' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.970010878 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml 2021-08-21 16:35:51.182191665 -0400 ++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml 2021-08-21 16:25:36.969010862 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,ubuntu1804 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019,ubuntu1804 + + title: 'Disable the Automounter' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml 2021-08-21 16:25:36.671005922 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Add noauto Option to /boot' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml 2021-08-21 16:25:36.657005690 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nodev Option to /boot' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml 2021-08-21 16:25:36.659005724 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Add noexec Option to /boot' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml 2021-08-21 16:35:51.183191682 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml 2021-08-21 16:25:36.644005475 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nosuid Option to /boot' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml 2021-08-21 16:35:51.183191682 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml 2021-08-21 16:25:36.674005972 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 + + title: 'Add noexec Option to /dev/shm' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml 2021-08-21 16:25:36.666005839 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 + + title: 'Add nodev Option to /home' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml 2021-08-21 16:25:36.631005259 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Add noexec Option to /home' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml 2021-08-21 16:35:51.183191682 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml 2021-08-21 16:25:36.679006055 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,rhcos4,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,rhcos4,sle12 + + title: 'Add nosuid Option to /home' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml 2021-08-21 16:35:51.210192129 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml 2021-08-21 16:25:36.616005011 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nodev Option to Non-Root Local Partitions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml 2021-08-21 16:35:51.205192046 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml 2021-08-21 16:25:36.625005160 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4,sle15,ubuntu1804 + + title: 'Add nodev Option to Removable Media Partitions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml 2021-08-21 16:25:36.635005326 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4,sle15,ubuntu1804 + + title: 'Add noexec Option to Removable Media Partitions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml 2021-08-21 16:35:51.183191682 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml 2021-08-21 16:25:36.669005889 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,rhcos4,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019,rhcos4,ubuntu1804 + + title: 'Add nosuid Option to Removable Media Partitions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml 2021-08-21 16:25:36.667005856 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Add nosuid Option to /opt' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml 2021-08-21 16:25:36.650005574 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Add nosuid Option to /srv' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml 2021-08-21 16:25:36.678006038 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,ubuntu1804,rhcos4 + + title: 'Add nodev Option to /tmp' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml 2021-08-21 16:25:36.661005756 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,rhcos4 + + title: 'Add noexec Option to /tmp' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml 2021-08-21 16:25:36.652005607 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15,ubuntu1804,rhcos4 + + title: 'Add nosuid Option to /tmp' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml 2021-08-21 16:35:51.183191682 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml 2021-08-21 16:25:36.653005624 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nodev Option to /var/log/audit' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml 2021-08-21 16:35:51.183191682 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml 2021-08-21 16:25:36.656005674 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add noexec Option to /var/log/audit' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml 2021-08-21 16:35:51.184191698 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml 2021-08-21 16:25:36.634005309 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nosuid Option to /var/log/audit' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml 2021-08-21 16:35:51.184191698 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml 2021-08-21 16:25:36.660005740 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nodev Option to /var/log' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml 2021-08-21 16:35:51.184191698 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml 2021-08-21 16:25:36.651005591 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add noexec Option to /var/log' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml 2021-08-21 16:35:51.184191698 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml 2021-08-21 16:25:36.654005641 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nosuid Option to /var/log' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml 2021-08-21 16:25:36.684006138 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nodev Option to /var' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml 2021-08-21 16:25:36.633005293 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Add noexec Option to /var' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml 2021-08-21 16:25:36.632005276 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhcos4 ++prodtype: fedora,rhel7,rhel8,rl8,rhcos4 + + title: 'Add nosuid Option to /var' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh 2021-08-21 16:25:36.685006155 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + + . /usr/share/scap-security-guide/remediation_functions + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml 2021-08-21 16:25:36.686006171 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Bind Mount /var/tmp To /tmp' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml 2021-08-21 16:25:36.628005210 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 + + title: 'Add nodev Option to /var/tmp' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml 2021-08-21 16:25:36.645005491 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 + + title: 'Add noexec Option to /var/tmp' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml 2021-08-21 16:25:36.665005823 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 + + title: 'Add nosuid Option to /var/tmp' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml 2021-08-21 16:25:36.727006850 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml 2021-08-21 16:25:36.735006983 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh 2021-08-21 16:25:36.711006585 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + SECURITY_LIMITS_FILE="/etc/security/limits.conf" + + if grep -qE '\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml 2021-08-21 16:25:36.717006685 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml 2021-08-21 16:25:36.712006602 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Disable Core Dumps for All Users' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml 2021-08-21 16:25:36.738007033 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Disable acquiring, saving, and processing core dumps' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml 2021-08-21 16:25:36.755007315 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Set Daemon Umask' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml 2021-08-21 16:25:36.795007978 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,rl8,rhv4 + + title: 'Enable ExecShield via sysctl' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml 2021-08-21 16:25:36.783007779 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml 2021-08-21 16:25:36.793007944 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml 2021-08-21 16:25:36.764007464 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Enable NX or XD Support in the BIOS' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml 2021-08-21 16:25:36.765007481 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,rl8,rhv4 + + title: 'Install PAE Kernel on Supported 32-bit x86 Systems' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml 2021-08-21 16:35:51.184191698 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml 2021-08-21 16:25:36.805008144 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Enable page allocator poisoning' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml 2021-08-21 16:35:51.184191698 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml 2021-08-21 16:25:36.803008110 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Enable SLUB/SLAB allocator poisoning' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml 2021-08-21 16:25:36.774007630 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml 2021-08-21 16:35:51.211192146 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml 2021-08-21 16:25:36.772007596 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Disable storing core dumps' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml 2021-08-21 16:25:36.707006519 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml 2021-08-21 16:25:36.704006469 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Restrict Access to Kernel Message Buffer' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.771007580 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml 2021-08-21 16:25:36.768007530 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable Kernel Image Loading' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml 2021-08-21 16:35:51.101190323 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml 2021-08-21 16:25:36.703006453 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,rl8 + + title: 'Disable loading and unloading of kernel modules' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml 2021-08-21 16:25:36.776007663 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,rl8 + + title: 'Limit CPU consumption of the Perf system' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml 2021-08-21 16:25:36.811008243 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,rl8 + + title: 'Limit sampling frequency of the Perf system' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml 2021-08-21 16:25:36.741007083 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml 2021-08-21 16:25:36.739007050 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel7,rhel8,rl8 + + title: 'Disallow kernel profiling by unprivileged users' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml 2021-08-21 16:25:36.748007199 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,rl8 + + title: 'Configure maximum number of process identifiers' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml 2021-08-21 16:25:36.798008027 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,rl8 + + title: 'Disallow magic SysRq key' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml 2021-08-21 16:25:36.751007248 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml 2021-08-21 16:25:36.749007215 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml 2021-08-21 16:25:36.746007166 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml 2021-08-21 16:25:36.743007116 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Restrict usage of ptrace to descendant processes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml 2021-08-21 16:25:36.810008226 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml 2021-08-21 16:25:36.808008193 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Harden the operation of the BPF just-in-time compiler' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml 2021-08-21 16:25:36.779007713 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml 2021-08-21 16:25:36.777007679 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8 + + title: 'Disable the use of user namespaces' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml 2021-08-21 16:25:36.799008044 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8 ++prodtype: fedora,ol8,rhel7,rhel8,rl8 + + title: 'Prevent applications from mapping low portion of virtual memory' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml 2021-08-21 16:25:37.683022697 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh 2021-08-21 16:25:37.677022598 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 + + sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* + sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml 2021-08-21 16:25:37.678022614 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Ensure SELinux Not Disabled in /etc/default/grub' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml 2021-08-21 16:25:37.686022747 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4,sle15 + + title: 'Install libselinux Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml 2021-08-21 16:25:37.658022282 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle15 ++prodtype: fedora,rhel7,rhel8,rl8,sle15 + + title: 'Uninstall mcstrans Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml 2021-08-21 16:25:37.668022448 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install policycoreutils Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml 2021-08-21 16:25:37.655022233 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,rl8 + + title: 'Install policycoreutils-python-utils package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml 2021-08-21 16:25:37.654022216 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle15 ++prodtype: fedora,rhel7,rhel8,rl8,sle15 + + title: 'Uninstall setroubleshoot Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml 2021-08-21 16:25:37.671022498 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure No Device Files are Unlabeled by SELinux' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml 2021-08-21 16:25:38.220031598 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the abrt_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml 2021-08-21 16:25:38.331033438 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the abrt_handle_event SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml 2021-08-21 16:25:38.039028598 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the abrt_upload_watch_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml 2021-08-21 16:25:38.276032526 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the antivirus_can_scan_system SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml 2021-08-21 16:25:37.936026890 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the antivirus_use_jit SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml 2021-08-21 16:25:37.814024868 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the auditadm_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml 2021-08-21 16:25:37.863025681 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the authlogin_nsswitch_use_ldap SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml 2021-08-21 16:25:37.784024371 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the authlogin_radius SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml 2021-08-21 16:25:37.960027288 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the authlogin_yubikey SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml 2021-08-21 16:25:37.882025996 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the awstats_purge_apache_log_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml 2021-08-21 16:25:38.235031847 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the boinc_execmem SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml 2021-08-21 16:25:38.356033852 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cdrecord_read_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml 2021-08-21 16:25:38.030028449 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cluster_can_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml 2021-08-21 16:25:37.931026808 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cluster_manage_all_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml 2021-08-21 16:25:38.138030239 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cluster_use_execmem SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml 2021-08-21 16:25:37.748023774 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cobbler_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml 2021-08-21 16:25:38.239031913 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cobbler_can_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml 2021-08-21 16:25:38.094029509 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cobbler_use_cifs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml 2021-08-21 16:25:37.948027090 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cobbler_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml 2021-08-21 16:25:38.075029195 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the collectd_tcp_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml 2021-08-21 16:25:37.688022780 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the condor_tcp_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml 2021-08-21 16:25:37.988027753 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the conman_can_network SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml 2021-08-21 16:25:37.978027587 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the container_connect_any SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml 2021-08-21 16:25:37.817024918 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the cron_can_relabel SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml 2021-08-21 16:25:37.875025879 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the cron_system_cronjob_use_shares SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml 2021-08-21 16:25:37.892026161 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the cron_userdomain_transition SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml 2021-08-21 16:25:38.124030007 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cups_execmem SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml 2021-08-21 16:25:38.221031615 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the cvs_read_shadow SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml 2021-08-21 16:25:38.110029775 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the daemons_dump_core SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml 2021-08-21 16:25:37.698022945 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the daemons_enable_cluster_mode SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml 2021-08-21 16:25:37.788024437 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the daemons_use_tcp_wrapper SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml 2021-08-21 16:25:37.969027438 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the daemons_use_tty SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml 2021-08-21 16:25:37.997027902 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the dbadm_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml 2021-08-21 16:25:38.157030554 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the dbadm_manage_user_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml 2021-08-21 16:25:38.199031250 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the dbadm_read_user_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml 2021-08-21 16:25:38.020028283 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the deny_execmem SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml 2021-08-21 16:25:38.302032957 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the deny_ptrace SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml 2021-08-21 16:25:38.088029410 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the dhcpc_exec_iptables SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml 2021-08-21 16:25:38.061028963 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the dhcpd_use_ldap SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml 2021-08-21 16:25:38.051028797 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the domain_fd_use SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml 2021-08-21 16:25:38.063028996 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the domain_kernel_load_modules SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml 2021-08-21 16:25:38.355033836 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the entropyd_use_audio SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml 2021-08-21 16:25:37.733023526 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the exim_can_connect_db SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml 2021-08-21 16:25:38.123029990 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the exim_manage_user_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml 2021-08-21 16:25:38.308033057 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the exim_read_user_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml 2021-08-21 16:25:38.175030852 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the fcron_crond SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml 2021-08-21 16:25:38.193031151 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the fenced_can_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml 2021-08-21 16:25:38.159030587 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the fenced_can_ssh SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml 2021-08-21 16:25:38.209031416 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the fips_mode SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml 2021-08-21 16:25:38.320033256 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ftpd_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml 2021-08-21 16:25:38.346033686 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ftpd_connect_all_unreserved SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml 2021-08-21 16:25:38.066029046 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ftpd_connect_db SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml 2021-08-21 16:25:37.734023542 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ftpd_full_access SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml 2021-08-21 16:25:38.008028084 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ftpd_use_cifs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml 2021-08-21 16:25:37.972027487 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ftpd_use_fusefs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml 2021-08-21 16:25:37.760023973 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ftpd_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml 2021-08-21 16:25:38.300032924 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ftpd_use_passive_mode SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml 2021-08-21 16:25:38.301032941 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the git_cgi_enable_homedirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml 2021-08-21 16:25:37.914026526 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the git_cgi_use_cifs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml 2021-08-21 16:25:37.913026509 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the git_cgi_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml 2021-08-21 16:25:38.052028813 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the gitosis_can_sendmail SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml 2021-08-21 16:25:38.145030355 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the git_session_bind_all_unreserved_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml 2021-08-21 16:25:38.177030885 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the git_session_users SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml 2021-08-21 16:25:37.925026708 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the git_system_enable_homedirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml 2021-08-21 16:25:38.021028300 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the git_system_use_cifs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml 2021-08-21 16:25:38.324033322 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the git_system_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml 2021-08-21 16:25:38.296032858 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the glance_api_can_network SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml 2021-08-21 16:25:37.883026012 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the glance_use_execmem SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml 2021-08-21 16:25:37.738023609 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the glance_use_fusefs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml 2021-08-21 16:25:37.777024255 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the global_ssp SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml 2021-08-21 16:25:38.323033305 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the gluster_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml 2021-08-21 16:25:38.290032758 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the gluster_export_all_ro SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml 2021-08-21 16:25:38.207031383 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure the gluster_export_all_rw SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml 2021-08-21 16:25:37.723023360 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the gpg_web_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml 2021-08-21 16:25:38.181030952 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the gssd_read_tmp SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml 2021-08-21 16:25:38.208031399 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the guest_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml 2021-08-21 16:25:38.131030123 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the haproxy_connect_any SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml 2021-08-21 16:25:38.311033106 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml 2021-08-21 16:25:38.137030222 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure the httpd_builtin_scripting SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml 2021-08-21 16:25:37.700022979 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_check_spam SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml 2021-08-21 16:25:38.003028001 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_connect_ftp SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml 2021-08-21 16:25:38.240031929 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_connect_ldap SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml 2021-08-21 16:25:37.975027537 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_connect_mythtv SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml 2021-08-21 16:25:38.229031747 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_connect_zabbix SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml 2021-08-21 16:25:37.801024653 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml 2021-08-21 16:25:37.956027222 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_network_connect_cobbler SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml 2021-08-21 16:25:38.026028382 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_network_connect_db SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml 2021-08-21 16:25:38.107029725 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_network_memcache SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml 2021-08-21 16:25:38.236031863 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_network_relay SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml 2021-08-21 16:25:38.152030471 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_can_sendmail SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml 2021-08-21 16:25:37.979027603 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_dbus_avahi SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml 2021-08-21 16:25:38.262032294 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_dbus_sssd SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml 2021-08-21 16:25:38.004028018 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_dontaudit_search_dirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml 2021-08-21 16:25:38.187031051 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Configure the httpd_enable_cgi SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml 2021-08-21 16:25:38.252032129 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_enable_ftp_server SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml 2021-08-21 16:25:38.200031266 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_enable_homedirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml 2021-08-21 16:25:38.350033753 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_execmem SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml 2021-08-21 16:25:37.876025896 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the httpd_graceful_shutdown SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml 2021-08-21 16:25:38.071029128 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_manage_ipa SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml 2021-08-21 16:25:37.790024470 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_mod_auth_ntlm_winbind SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml 2021-08-21 16:25:37.943027007 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_mod_auth_pam SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml 2021-08-21 16:25:38.191031117 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_read_user_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml 2021-08-21 16:25:37.713023194 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_run_ipa SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml 2021-08-21 16:25:37.798024603 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_run_preupgrade SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml 2021-08-21 16:25:38.201031283 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_run_stickshift SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml 2021-08-21 16:25:37.719023294 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_serve_cobbler_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml 2021-08-21 16:25:37.961027305 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_setrlimit SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml 2021-08-21 16:25:37.938026924 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_ssi_exec SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml 2021-08-21 16:25:37.747023758 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_sys_script_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml 2021-08-21 16:25:38.116029874 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_tmp_exec SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml 2021-08-21 16:25:37.919026609 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_tty_comm SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml 2021-08-21 16:25:38.053028830 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_unified SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml 2021-08-21 16:25:37.964027355 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_use_cifs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml 2021-08-21 16:25:37.908026427 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_use_fusefs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml 2021-08-21 16:25:37.998027918 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_use_gpg SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml 2021-08-21 16:25:38.013028167 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml 2021-08-21 16:25:37.929026775 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_use_openstack SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml 2021-08-21 16:25:38.149030421 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_use_sasl SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml 2021-08-21 16:25:38.274032493 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the httpd_verify_dns SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml 2021-08-21 16:25:37.862025664 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the icecast_use_any_tcp_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml 2021-08-21 16:25:37.963027338 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the irc_use_any_tcp_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml 2021-08-21 16:25:37.843025349 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the irssi_use_full_network SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml 2021-08-21 16:25:37.989027769 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the kdumpgui_run_bootloader SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml 2021-08-21 16:25:37.935026874 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the kerberos_enabled SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml 2021-08-21 16:25:37.898026261 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ksmtuned_use_cifs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml 2021-08-21 16:25:37.799024620 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the ksmtuned_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml 2021-08-21 16:25:37.781024321 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the logadm_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml 2021-08-21 16:25:37.903026344 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the logging_syslogd_can_sendmail SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml 2021-08-21 16:25:37.818024935 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the logging_syslogd_run_nagios_plugins SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml 2021-08-21 16:25:38.264032327 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the logging_syslogd_use_tty SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml 2021-08-21 16:25:37.944027023 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the login_console_enabled SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml 2021-08-21 16:25:38.060028946 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the logrotate_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml 2021-08-21 16:25:38.258032228 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the logwatch_can_network_connect_mail SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml 2021-08-21 16:25:38.093029493 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the lsmd_plugin_connect_any SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml 2021-08-21 16:25:38.130030106 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mailman_use_fusefs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml 2021-08-21 16:25:37.849025449 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mcelog_client SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml 2021-08-21 16:25:37.707023095 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the mcelog_exec_scripts SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml 2021-08-21 16:25:38.341033604 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mcelog_foreground SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml 2021-08-21 16:25:37.721023327 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mcelog_server SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml 2021-08-21 16:25:37.725023393 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the minidlna_read_generic_user_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml 2021-08-21 16:25:37.899026277 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the mmap_low_allowed SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml 2021-08-21 16:25:37.807024752 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the mock_enable_homedirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml 2021-08-21 16:25:38.280032592 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the mount_anyfile SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml 2021-08-21 16:25:37.736023576 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mozilla_plugin_bind_unreserved_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml 2021-08-21 16:25:37.991027802 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mozilla_plugin_can_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml 2021-08-21 16:25:38.129030090 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mozilla_plugin_use_bluejeans SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml 2021-08-21 16:25:38.083029327 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mozilla_plugin_use_gps SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml 2021-08-21 16:25:37.832025167 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mozilla_plugin_use_spice SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml 2021-08-21 16:25:37.779024288 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mozilla_read_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml 2021-08-21 16:25:37.894026194 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mpd_enable_homedirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml 2021-08-21 16:25:37.952027156 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mpd_use_cifs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml 2021-08-21 16:25:38.125030023 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mpd_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml 2021-08-21 16:25:37.704023045 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mplayer_execstack SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml 2021-08-21 16:25:38.033028498 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the mysql_connect_any SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml 2021-08-21 16:25:37.828025101 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the nagios_run_pnp4nagios SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml 2021-08-21 16:25:38.128030073 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the nagios_run_sudo SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml 2021-08-21 16:25:37.771024156 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the named_tcp_bind_http_port SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml 2021-08-21 16:25:37.840025299 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the named_write_master_zones SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml 2021-08-21 16:25:38.250032095 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the neutron_can_network SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml 2021-08-21 16:25:37.772024172 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the nfsd_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml 2021-08-21 16:25:38.265032344 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the nfs_export_all_ro SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml 2021-08-21 16:25:37.983027670 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the nfs_export_all_rw SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml 2021-08-21 16:25:37.856025564 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the nis_enabled SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml 2021-08-21 16:25:37.795024553 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the nscd_use_shm SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml 2021-08-21 16:25:37.743023691 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the openshift_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml 2021-08-21 16:25:38.305033007 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the openvpn_can_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml 2021-08-21 16:25:37.715023227 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the openvpn_enable_homedirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml 2021-08-21 16:25:37.942026990 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the openvpn_run_unconfined SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml 2021-08-21 16:25:38.111029791 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the pcp_bind_all_unreserved_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml 2021-08-21 16:25:38.101029626 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the pcp_read_generic_logs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml 2021-08-21 16:25:38.259032245 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the piranha_lvs_can_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml 2021-08-21 16:25:38.298032891 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the polipo_connect_all_unreserved SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml 2021-08-21 16:25:38.303032974 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the polipo_session_bind_all_unreserved_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml 2021-08-21 16:25:37.749023791 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the polipo_session_users SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml 2021-08-21 16:25:37.730023476 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the polipo_use_cifs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml 2021-08-21 16:25:37.739023625 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the polipo_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml 2021-08-21 16:25:37.808024769 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the polyinstantiation_enabled SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml 2021-08-21 16:25:37.923026675 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the postfix_local_write_mail_spool SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml 2021-08-21 16:25:38.038028581 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the postgresql_can_rsync SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml 2021-08-21 16:25:38.263032311 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the postgresql_selinux_transmit_client_label SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml 2021-08-21 16:25:38.017028233 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the postgresql_selinux_unconfined_dbadm SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml 2021-08-21 16:25:37.990027786 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the postgresql_selinux_users_ddl SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml 2021-08-21 16:25:37.915026542 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the pppd_can_insmod SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml 2021-08-21 16:25:37.864025697 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the pppd_for_user SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml 2021-08-21 16:25:37.911026476 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the privoxy_connect_any SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml 2021-08-21 16:25:37.959027272 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the prosody_bind_http_port SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml 2021-08-21 16:25:37.984027686 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the puppetagent_manage_all_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml 2021-08-21 16:25:37.853025515 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the puppetmaster_use_db SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml 2021-08-21 16:25:38.242031963 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the racoon_read_shadow SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml 2021-08-21 16:25:37.951027139 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the rsync_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml 2021-08-21 16:25:37.812024835 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the rsync_client SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml 2021-08-21 16:25:38.034028515 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the rsync_export_all_ro SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml 2021-08-21 16:25:37.907026410 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the rsync_full_access SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml 2021-08-21 16:25:38.195031184 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_create_home_dirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml 2021-08-21 16:25:37.761023990 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_domain_controller SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml 2021-08-21 16:25:37.858025598 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_enable_home_dirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml 2021-08-21 16:25:38.314033156 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_export_all_ro SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml 2021-08-21 16:25:37.947027073 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_export_all_rw SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml 2021-08-21 16:25:37.966027388 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_load_libgfapi SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml 2021-08-21 16:25:37.776024239 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_portmapper SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml 2021-08-21 16:25:38.281032609 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_run_unconfined SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml 2021-08-21 16:25:37.741023658 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_share_fusefs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml 2021-08-21 16:25:38.160030604 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the samba_share_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml 2021-08-21 16:25:38.108029741 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the sanlock_use_fusefs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml 2021-08-21 16:25:37.768024106 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the sanlock_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml 2021-08-21 16:25:37.699022962 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the sanlock_use_samba SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml 2021-08-21 16:25:37.806024736 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the saslauthd_read_shadow SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml 2021-08-21 16:25:37.846025399 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the secadm_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml 2021-08-21 16:25:37.718023277 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the secure_mode SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml 2021-08-21 16:25:38.166030703 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the secure_mode_insmod SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml 2021-08-21 16:25:37.821024984 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the secure_mode_policyload SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml 2021-08-21 16:25:37.974027521 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Configure the selinuxuser_direct_dri_enabled SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml 2021-08-21 16:25:37.694022879 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Disable the selinuxuser_execheap SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml 2021-08-21 16:25:38.307033040 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Enable the selinuxuser_execmod SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml 2021-08-21 16:25:38.032028482 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'disable the selinuxuser_execstack SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml 2021-08-21 16:25:37.941026973 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the selinuxuser_mysql_connect_enabled SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml 2021-08-21 16:25:37.837025250 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the selinuxuser_ping SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml 2021-08-21 16:25:38.282032626 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml 2021-08-21 16:25:38.335033504 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the selinuxuser_rw_noexattrfile SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml 2021-08-21 16:25:38.132030139 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the selinuxuser_share_music SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml 2021-08-21 16:25:38.064029012 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the selinuxuser_tcp_server SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml 2021-08-21 16:25:38.141030289 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the selinuxuser_udp_server SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml 2021-08-21 16:25:38.135030189 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the selinuxuser_use_ssh_chroot SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml 2021-08-21 16:25:38.076029211 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the sge_domain_can_network_connect SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml 2021-08-21 16:25:37.965027371 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the sge_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml 2021-08-21 16:25:38.016028217 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the smartmon_3ware SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml 2021-08-21 16:25:38.215031515 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the smbd_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml 2021-08-21 16:25:37.750023808 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the spamassassin_can_network SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml 2021-08-21 16:25:38.197031217 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the spamd_enable_home_dirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml 2021-08-21 16:25:38.297032874 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the squid_connect_any SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml 2021-08-21 16:25:37.752023841 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the squid_use_tproxy SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml 2021-08-21 16:25:38.188031068 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the ssh_chroot_rw_homedirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml 2021-08-21 16:25:38.170030769 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the ssh_keysign SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml 2021-08-21 16:25:38.245032012 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the ssh_sysadm_login SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml 2021-08-21 16:25:37.765024056 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the staff_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml 2021-08-21 16:25:38.192031134 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the staff_use_svirt SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml 2021-08-21 16:25:38.019028266 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the swift_can_network SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml 2021-08-21 16:25:38.255032178 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the sysadm_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml 2021-08-21 16:25:37.729023459 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the telepathy_connect_all_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml 2021-08-21 16:25:37.932026824 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the telepathy_tcp_connect_generic_network_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml 2021-08-21 16:25:38.047028730 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the tftp_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml 2021-08-21 16:25:37.926026725 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the tftp_home_dir SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml 2021-08-21 16:25:37.780024305 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the tmpreaper_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml 2021-08-21 16:25:38.345033670 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the tmpreaper_use_samba SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml 2021-08-21 16:25:38.294032825 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the tor_bind_all_unreserved_ports SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml 2021-08-21 16:25:38.241031946 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the tor_can_network_relay SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml 2021-08-21 16:25:37.819024951 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the unconfined_chrome_sandbox_transition SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml 2021-08-21 16:25:37.815024885 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the unconfined_login SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml 2021-08-21 16:25:37.714023211 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the unconfined_mozilla_plugin_transition SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml 2021-08-21 16:25:38.010028117 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the unprivuser_use_svirt SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml 2021-08-21 16:25:38.267032377 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the use_ecryptfs_home_dirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml 2021-08-21 16:25:37.889026112 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the use_fusefs_home_dirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml 2021-08-21 16:25:38.041028631 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the use_lpd_server SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml 2021-08-21 16:25:38.096029543 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the use_nfs_home_dirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml 2021-08-21 16:25:37.727023426 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Enable the user_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml 2021-08-21 16:25:37.996027885 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the use_samba_home_dirs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml 2021-08-21 16:25:38.284032659 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the varnishd_connect_any SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml 2021-08-21 16:25:37.778024272 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_read_qemu_ga_data SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml 2021-08-21 16:25:37.825025051 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_rw_qemu_ga_data SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml 2021-08-21 16:25:38.182030968 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_sandbox_use_all_caps SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml 2021-08-21 16:25:38.233031814 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the virt_sandbox_use_audit SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml 2021-08-21 16:25:37.742023675 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_sandbox_use_mknod SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml 2021-08-21 16:25:38.348033720 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_sandbox_use_netlink SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml 2021-08-21 16:25:38.176030869 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_sandbox_use_sys_admin SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml 2021-08-21 16:25:38.139030255 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_transition_userdomain SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml 2021-08-21 16:25:38.085029360 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_comm SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml 2021-08-21 16:25:38.315033173 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_execmem SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml 2021-08-21 16:25:38.349033736 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_fusefs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml 2021-08-21 16:25:37.706023078 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml 2021-08-21 16:25:37.968027421 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_rawip SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml 2021-08-21 16:25:38.048028747 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_samba SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml 2021-08-21 16:25:37.949027106 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_sanlock SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml 2021-08-21 16:25:37.888026095 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_usb SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml 2021-08-21 16:25:38.158030570 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the virt_use_xserver SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml 2021-08-21 16:25:38.183030985 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the webadm_manage_user_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml 2021-08-21 16:25:38.238031896 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the webadm_read_user_files SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml 2021-08-21 16:25:38.344033654 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the wine_mmap_zero_ignore SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml 2021-08-21 16:25:37.887026078 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xdm_bind_vnc_tcp_port SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml 2021-08-21 16:25:38.312033123 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xdm_exec_bootloader SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml 2021-08-21 16:25:37.873025846 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xdm_sysadm_login SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml 2021-08-21 16:25:38.092029476 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xdm_write_home SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml 2021-08-21 16:25:37.702023012 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the xend_run_blktap SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml 2021-08-21 16:25:38.216031532 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable the xend_run_qemu SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml 2021-08-21 16:25:38.049028764 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the xen_use_nfs SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml 2021-08-21 16:25:37.756023907 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xguest_connect_network SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml 2021-08-21 16:25:38.102029642 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xguest_exec_content SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml 2021-08-21 16:25:37.879025946 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xguest_mount_media SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml 2021-08-21 16:25:37.696022913 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xguest_use_bluetooth SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml 2021-08-21 16:25:38.330033421 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xserver_clients_write_xshm SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml 2021-08-21 16:25:37.916026559 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xserver_execmem SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml 2021-08-21 16:25:37.762024007 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Disable the xserver_object_manager SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml 2021-08-21 16:25:38.109029758 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the zabbix_can_network SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml 2021-08-21 16:25:37.962027321 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the zarafa_setrlimit SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml 2021-08-21 16:25:37.852025498 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the zebra_write_config SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml 2021-08-21 16:25:37.895026211 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the zoneminder_anon_write SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml 2021-08-21 16:25:37.774024205 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Disable the zoneminder_run_sudo SELinux Boolean' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml 2021-08-21 16:25:37.684022713 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Ensure No Daemons are Unconfined by SELinux' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml 2021-08-21 16:25:37.666022415 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh 2021-08-21 16:25:37.659022299 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_policytype/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml 2021-08-21 16:25:37.660022316 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Configure SELinux Policy' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml 2021-08-21 16:25:37.652022183 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_state/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh 2021-08-21 16:25:37.646022084 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platorm_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platorm_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_state/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/selinux/selinux_state/rule.yml 2021-08-21 16:25:37.647022100 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure SELinux State is Enforcing' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml 2021-08-21 16:35:51.144191035 -0400 ++++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml 2021-08-21 16:25:37.667022432 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Map System Users To The Appropriate SELinux Role' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml 2021-08-21 16:35:51.185191715 -0400 ++++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml 2021-08-21 16:25:39.107046301 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,rhcos4,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,rhcos4,sle12 + + title: 'Encrypt Partitions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml 2021-08-21 16:25:39.105046267 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure /boot Located On Separate Partition' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml 2021-08-21 16:25:39.095046101 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure /opt Located On Separate Partition' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml 2021-08-21 16:25:39.101046201 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure /usr Located On Separate Partition' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml 2021-08-21 16:25:39.096046118 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhcos4,sle15,ubuntu1804 + + title: 'Ensure /var/tmp Located On Separate Partition' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh 2021-08-21 16:25:39.005044610 -0400 +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + + dconf update +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml 2021-08-21 16:25:39.007044643 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Make sure that the dconf databases are up-to-date with regards to respective keyfiles' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml 2021-08-21 16:25:38.826041643 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle15 + + title: 'Configure GNOME3 DConf User Profile' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml 2021-08-21 16:25:38.873042422 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml 2021-08-21 16:25:38.868042339 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable the GNOME3 Login Restart and Shutdown Buttons' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml 2021-08-21 16:25:38.881042555 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml 2021-08-21 16:25:38.876042472 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable the GNOME3 Login User List' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml 2021-08-21 16:25:38.898042836 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml 2021-08-21 16:25:38.893042753 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Enable the GNOME3 Login Smartcard Authentication' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml 2021-08-21 16:25:38.866042306 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml 2021-08-21 16:25:38.861042223 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Set the GNOME3 Login Number of Failures' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml 2021-08-21 16:25:38.849042024 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml 2021-08-21 16:35:51.186191732 -0400 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml 2021-08-21 16:25:38.842041908 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,sle12 + + title: 'Disable GDM Automatic Login' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml 2021-08-21 16:25:38.858042173 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml 2021-08-21 16:25:38.851042057 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable GDM Guest Login' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml 2021-08-21 16:25:38.891042720 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml 2021-08-21 16:25:38.996044461 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml 2021-08-21 16:35:51.155191218 -0400 ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml 2021-08-21 16:25:38.992044394 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable GNOME3 Automounting' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml 2021-08-21 16:25:38.984044262 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml 2021-08-21 16:35:51.155191218 -0400 ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml 2021-08-21 16:25:38.979044179 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable GNOME3 Automount Opening' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml 2021-08-21 16:25:39.004044593 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml 2021-08-21 16:35:51.156191234 -0400 ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml 2021-08-21 16:25:38.999044510 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable GNOME3 Automount running' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml 2021-08-21 16:25:38.989044344 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml 2021-08-21 16:25:38.986044295 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable All GNOME3 Thumbnailers' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml 2021-08-21 16:25:38.906042969 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml 2021-08-21 16:25:38.903042919 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable WIFI Network Connection Creation in GNOME3' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml 2021-08-21 16:25:38.911043052 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml 2021-08-21 16:25:38.908043002 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable WIFI Network Notification in GNOME3' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml 2021-08-21 16:25:38.838041842 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml 2021-08-21 16:25:38.835041792 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Require Credential Prompting for Remote Access in GNOME3' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml 2021-08-21 16:25:38.833041759 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml 2021-08-21 16:25:38.831041726 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Require Encryption for Remote Access in GNOME3' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml 2021-08-21 16:25:38.970044030 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml 2021-08-21 16:25:38.968043996 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Enable GNOME3 Screensaver Idle Activation' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml 2021-08-21 16:25:38.965043947 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml 2021-08-21 16:25:38.961043881 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Idle Activation' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml 2021-08-21 16:25:38.976044129 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml 2021-08-21 16:35:51.186191732 -0400 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml 2021-08-21 16:25:38.973044079 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Set GNOME3 Screensaver Inactivity Timeout' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml 2021-08-21 16:25:38.943043582 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml 2021-08-21 16:25:38.941043549 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Set GNOME3 Screensaver Lock Delay After Activation Period' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml 2021-08-21 16:25:38.922043234 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml 2021-08-21 16:35:51.186191732 -0400 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml 2021-08-21 16:25:38.913043085 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Enable GNOME3 Screensaver Lock After Idle Period' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml 2021-08-21 16:25:38.950043698 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml 2021-08-21 16:25:38.946043632 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml 2021-08-21 16:25:38.957043814 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml 2021-08-21 16:25:38.954043764 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Implement Blank Screensaver' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml 2021-08-21 16:25:38.927043317 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml 2021-08-21 16:25:38.925043284 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable Full User Name on Splash Shield' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml 2021-08-21 16:25:38.938043499 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml 2021-08-21 16:25:38.936043466 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Settings' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml 2021-08-21 16:25:38.932043400 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml 2021-08-21 16:25:38.930043367 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure Users Cannot Change GNOME3 Session Idle Settings' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml 2021-08-21 16:25:38.810041378 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml 2021-08-21 16:35:51.200191964 -0400 ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml 2021-08-21 16:25:38.802041245 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml 2021-08-21 16:25:38.818041510 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml 2021-08-21 16:25:38.816041477 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable Geolocation in GNOME3' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml 2021-08-21 16:25:38.813041427 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,rl8 + + title: 'Disable Power Settings in GNOME3' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/ansible/shared.yml 2021-08-21 16:25:38.823041593 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml 2021-08-21 16:25:38.821041560 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Disable User Administration in GNOME3' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml 2021-08-21 16:25:38.825041626 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,rl8,rhv4 + + title: 'Remove the GDM Package Group' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml 2021-08-21 16:25:38.399034565 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15 + + title: 'The Installed Operating System Is FIPS 140-2 Certified' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml 2021-08-21 16:35:51.207192080 -0400 ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml 2021-08-21 16:25:38.397034532 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'The Installed Operating System Is Vendor Supported' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml 2021-08-21 16:25:38.645038643 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 + + title: 'Configure BIND to use System Crypto Policy' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml 2021-08-21 16:25:38.655038808 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 + + title: 'Configure System Cryptography Policy' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml 2021-08-21 16:25:38.601037913 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 + + title: 'Configure Kerberos to use System Crypto Policy' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml 2021-08-21 16:25:38.575037482 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 + + title: 'Configure Libreswan to use System Crypto Policy' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml 2021-08-21 16:25:38.633038444 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 + + title: 'Configure OpenSSL library to use System Crypto Policy' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml 2021-08-21 16:25:38.565037317 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhv4,rhcos4 ++prodtype: fedora,ol8,rhel8,rl8,rhv4,rhcos4 + + title: 'Configure SSH to use System Crypto Policy' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml 2021-08-21 16:25:38.611038079 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Harden OpenSSL Crypto Policy' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml 2021-08-21 16:25:38.624038294 -0400 +@@ -1,7 +1,7 @@ + documentation_complete: true + + # TODO: The plan is not to need this for RHEL>=8.4 +-prodtype: rhel8 ++prodtype: rhel8,rl8 + + title: 'OpenSSL uses strong entropy source' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml 2021-08-21 16:25:38.563037283 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,rl8 + + title: 'Install crypto-policies package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml 2021-08-21 16:35:51.186191732 -0400 ++++ b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml 2021-08-21 16:25:38.551037085 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhcos4 ++prodtype: rhel8,rl8,rhcos4 + + title: 'Configure session renegotiation for SSH client' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml 2021-08-21 16:25:38.432035112 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml 2021-08-21 16:25:38.425034996 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install Virus Scanning Software' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml 2021-08-21 16:25:38.422034946 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,rl8,rhv4 + + title: 'Install Intrusion Detection Software' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml 2021-08-21 16:25:38.412034780 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install McAfee Virus Scanning Software' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml 2021-08-21 16:25:38.414034814 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Install the McAfee Runtime Libraries and Linux Agent' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml 2021-08-21 16:25:38.417034863 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Virus Scanning Software Definitions Are Updated' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml 2021-08-21 16:25:38.409034731 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Install the Asset Configuration Compliance Module (ACCM)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml 2021-08-21 16:25:38.407034698 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Install the Policy Auditor (PA) Module' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml 2021-08-21 16:35:51.156191234 -0400 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/package_MFEhiplsm_installed/rule.yml 2021-08-21 16:25:38.406034681 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rl8,rhv4,sle12,sle15 + + title: 'Install the Host Intrusion Prevention System (HIPS) Module' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml 2021-08-21 16:25:38.419034897 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Enable nails Service' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml 2021-08-21 16:25:38.698039521 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 + + title: "Enable Dracut FIPS Module" + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml 2021-08-21 16:35:51.186191732 -0400 ++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml 2021-08-21 16:25:38.688039355 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 + + title: Enable FIPS Mode + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml 2021-08-21 16:25:38.700039554 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: Ensure '/etc/system-fips' exists + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml 2021-08-21 16:25:38.694039455 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol8,rhel8,rl8,rhv4 + + title: "Set kernel parameter 'crypto.fips_enabled' to 1" + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh 2021-08-21 16:25:38.456035510 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + + {{{ bash_package_install("aide") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh 2021-08-21 16:25:38.467035692 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rocky,multi_platform_wrlinux + + {{{ bash_package_install("aide") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml 2021-08-21 16:25:38.468035709 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Configure Periodic Execution of AIDE' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml 2021-08-21 16:35:51.186191732 -0400 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml 2021-08-21 16:25:38.485035991 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019,sle12 + + title: 'Configure Notification of Post-AIDE Scan Details' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh 2021-08-21 16:25:38.499036223 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + + {{{ bash_package_install("aide") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml 2021-08-21 16:25:38.501036256 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Configure AIDE to Use FIPS 140-2 for Validating Hashes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh 2021-08-21 16:25:38.493036123 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + + {{{ bash_package_install("aide") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml 2021-08-21 16:35:51.186191732 -0400 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml 2021-08-21 16:25:38.495036156 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Configure AIDE to Verify Access Control Lists (ACLs)' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh 2021-08-21 16:25:38.506036339 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_rocky,multi_platform_ol + + {{{ bash_package_install("aide") }}} + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml 2021-08-21 16:35:51.186191732 -0400 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml 2021-08-21 16:25:38.507036355 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Configure AIDE to Verify Extended Attributes' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml 2021-08-21 16:25:38.463035626 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,wrlinux1019 + + title: 'Install AIDE' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh 2021-08-21 16:25:38.435035162 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Find which files have incorrect hash (not in /etc, because of the system related config files) and then get files names + files_with_incorrect_hash="$(rpm -Va --noconfig | grep -E '^..5' | awk '{print $NF}' )" +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml 2021-08-21 16:25:38.436035178 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Verify File Hashes with RPM' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml 2021-08-21 16:25:38.446035344 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = high +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh 2021-08-21 16:25:38.442035278 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml 2021-08-21 16:35:51.144191035 -0400 ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml 2021-08-21 16:25:38.444035311 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Verify and Correct Ownership with RPM' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml 2021-08-21 16:25:38.453035460 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh 2021-08-21 16:25:38.447035361 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml 2021-08-21 16:25:38.448035377 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15,wrlinux1019 + + title: 'Verify and Correct File Permissions with RPM' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml 2021-08-21 16:25:38.732040085 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle15 + + title: 'Install sudo Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_add_env_reset/rule.yml 2021-08-21 16:25:38.793041096 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ensure sudo Runs In A Minimal Environment - sudo env_reset' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml 2021-08-21 16:25:38.794041113 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml 2021-08-21 16:25:38.723039936 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ensure sudo umask is appropriate - sudo umask' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh 2021-08-21 16:25:38.730040052 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh 2021-08-21 16:25:38.725039969 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh 2021-08-21 16:25:38.726039985 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh 2021-08-21 16:25:38.727040002 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + # variables = var_sudo_umask=0027 + + echo "Defaults use_pty,umask=0022,noexec" >> /etc/sudoers +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh 2021-08-21 16:25:38.728040019 -0400 +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + # variables = var_sudo_umask=0027 + + echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml 2021-08-21 16:25:38.757040499 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ensure a dedicated group owns sudo' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh 2021-08-21 16:25:38.760040549 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_rocky + # remediation = none + + # Make sure sudo is owned by root group +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml 2021-08-21 16:25:38.743040267 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,rl8 + + title: 'Ensure only owner and members of group owner of /usr/bin/sudo can execute it' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml 2021-08-21 16:25:38.374034151 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall abrt-addon-ccpp Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml 2021-08-21 16:25:38.371034101 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall abrt-addon-kerneloops Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml 2021-08-21 16:25:38.381034267 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall abrt-addon-python Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml 2021-08-21 16:25:38.369034068 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall abrt-cli Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml 2021-08-21 16:25:38.391034432 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall abrt-plugin-logger Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml 2021-08-21 16:25:38.380034250 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall abrt-plugin-rhtsupport Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml 2021-08-21 16:35:51.209192113 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml 2021-08-21 16:25:38.368034051 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall abrt-plugin-sosreport Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml 2021-08-21 16:25:38.385034333 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install binutils Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml 2021-08-21 16:25:38.373034134 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,rl8 + + title: 'Install dnf-plugin-subscription-manager Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml 2021-08-21 16:25:38.378034217 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall geolite2-city Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml 2021-08-21 16:25:38.382034283 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall geolite2-country Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml 2021-08-21 16:35:51.187191748 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml 2021-08-21 16:25:38.363033968 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall gssproxy Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml 2021-08-21 16:35:51.187191748 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml 2021-08-21 16:25:38.386034350 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall iprutils Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml 2021-08-21 16:35:51.187191748 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml 2021-08-21 16:25:38.365034002 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall krb5-workstation Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml 2021-08-21 16:25:38.393034466 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install libcap-ng-utils Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml 2021-08-21 16:25:38.372034117 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install openscap-scanner Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml 2021-08-21 16:25:38.379034234 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,rl8 + + title: 'Uninstall pigz Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml 2021-08-21 16:25:38.390034416 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Install rear Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml 2021-08-21 16:25:38.375034167 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install rng-tools Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml 2021-08-21 16:25:38.392034449 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install scap-security-guide Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml 2021-08-21 16:25:38.361033935 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,rl8,rhv4 + + title: 'Install subscription-manager Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml 2021-08-21 16:25:38.367034035 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install tar Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml 2021-08-21 16:35:51.187191748 -0400 ++++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml 2021-08-21 16:25:38.376034184 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8 + + title: 'Uninstall tuned Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml 2021-08-21 16:25:38.387034366 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Install vim Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml 2021-08-21 16:25:39.081045869 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml 2021-08-21 16:35:51.187191748 -0400 ++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml 2021-08-21 16:25:39.078045820 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Ensure {{{ pkg_manager }}} Removes Previous Package Versions' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml 2021-08-21 16:25:39.019044842 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,rl8 + + title: Configure dnf-automatic to Install Available Updates Automatically + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml 2021-08-21 16:25:39.038045157 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,rl8 + + title: Configure dnf-automatic to Install Only Security Updates + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml 2021-08-21 16:25:39.072045720 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh 2021-08-21 16:25:39.063045571 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + + replace_or_append "{{{ pkg_manager_config_file }}}" '^gpgcheck' '1' '@CCENUM@' +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml 2021-08-21 16:35:51.187191748 -0400 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml 2021-08-21 16:25:39.064045588 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15 + + title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml 2021-08-21 16:25:39.062045555 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = unknown + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml 2021-08-21 16:35:51.187191748 -0400 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml 2021-08-21 16:25:39.055045438 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,wrlinux1019 + + title: 'Ensure gpgcheck Enabled for Local Packages' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml 2021-08-21 16:25:39.052045389 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh 2021-08-21 16:25:39.048045323 -0400 +@@ -1,2 +1,2 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/* +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml 2021-08-21 16:25:39.049045339 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4 + + title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml 2021-08-21 16:25:39.034045090 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,rl8 + + title: 'Ensure gpgcheck Enabled for Repository Metadata' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/ansible/shared.yml 2021-08-21 16:25:39.090046019 -0400 +@@ -1,4 +1,4 @@ +-# platform=multi_platform_rhel,multi_platform_rhv ++# platform=multi_platform_rhel,multi_platform_rocky,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = medium +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh 2021-08-21 16:25:39.082045886 -0400 +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_rocky,multi_platform_rhv + # The two fingerprints below are retrieved from https://access.redhat.com/security/team/key + readonly REDHAT_RELEASE_FINGERPRINT="{{{ release_key_fingerprint }}}" + readonly REDHAT_AUXILIARY_FINGERPRINT="{{{ auxiliary_key_fingerprint }}}" +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml 2021-08-21 16:25:39.083045903 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4,rhcos4 ++prodtype: rhel7,rhel8,rl8,rhv4,rhcos4 + + title: 'Ensure Red Hat GPG Key Installed' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml 2021-08-21 16:25:39.017044809 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,rl8 + + title: 'Install dnf-automatic Package' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh 2021-08-21 16:25:39.091046035 -0400 +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_rocky + # reboot = true + # strategy = patch + # complexity = low +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml 2021-08-21 16:35:51.187191748 -0400 ++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml 2021-08-21 16:25:39.092046052 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rl8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804 + + title: 'Ensure Software Patches Installed' + +diff -ruN scap-security-guide-0.1.54/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml +--- scap-security-guide-0.1.54/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml 2021-02-03 05:54:10.000000000 -0500 ++++ b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml 2021-08-21 16:25:39.014044759 -0400 +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8 ++prodtype: fedora,ol8,rhel8,rl8 + + title: Enable dnf-automatic Timer + +diff -ruN scap-security-guide-0.1.54/rl8/CMakeLists.txt b/rl8/CMakeLists.txt +--- scap-security-guide-0.1.54/rl8/CMakeLists.txt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/CMakeLists.txt 2021-08-21 16:33:05.270441617 -0400 +@@ -0,0 +1,40 @@ ++# Sometimes our users will try to do: "cd rocky8; cmake ." That needs to error in a nice way. ++if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") ++ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") ++endif() ++ ++set(PRODUCT "rl8") ++set(DISA_SRG_TYPE "os") ++ ++ssg_build_product(${PRODUCT}) ++ ++ssg_build_html_table_by_ref(${PRODUCT} "nist") ++ssg_build_html_table_by_ref(${PRODUCT} "cui") ++ssg_build_html_table_by_ref(${PRODUCT} "cis") ++ssg_build_html_table_by_ref(${PRODUCT} "pcidss") ++ssg_build_html_table_by_ref(${PRODUCT} "anssi") ++ ++ssg_build_html_nistrefs_table(${PRODUCT} "standard") ++ssg_build_html_nistrefs_table(${PRODUCT} "ospp") ++ssg_build_html_nistrefs_table(${PRODUCT} "stig") ++ ++ssg_build_html_anssirefs_table(${PRODUCT} "bp28_minimal") ++ssg_build_html_anssirefs_table(${PRODUCT} "bp28_intermediary") ++ssg_build_html_anssirefs_table(${PRODUCT} "bp28_enhanced") ++ssg_build_html_anssirefs_table(${PRODUCT} "bp28_high") ++ ++ssg_build_html_cce_table(${PRODUCT}) ++ ++ssg_build_html_srgmap_tables(${PRODUCT} "stig" ${DISA_SRG_TYPE}) ++ ++ssg_build_html_stig_tables(${PRODUCT} "stig") ++ ++#ssg_build_html_stig_tables(${PRODUCT}) ++#ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig") ++#ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig_gui") ++ ++#ssg_build_html_stig_tables(${PRODUCT} "ospp") ++ ++#if (SSG_CENTOS_DERIVATIVES_ENABLED) ++# ssg_build_derivative_product(${PRODUCT} "centos" "centos8") ++#endif() +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg b/rl8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-anssi_bp28_enhanced-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,163 @@ ++# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for Red Hat Enterprise Linux 8 ++# Version: 0.0.1 ++# Date: 2021-01-28 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow ++# Ensure /usr Located On Separate Partition ++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" ++# Ensure /opt Located On Separate Partition ++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /srv Located On Separate Partition ++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg b/rl8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-anssi_bp28_intermediary-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,163 @@ ++# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for Red Hat Enterprise Linux 8 ++# Version: 0.0.1 ++# Date: 2021-01-28 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow ++# Ensure /usr Located On Separate Partition ++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" ++# Ensure /opt Located On Separate Partition ++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /srv Located On Separate Partition ++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg b/rl8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-anssi_bp28_minimal-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,127 @@ ++# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for Red Hat Enterprise Linux 8 ++# Version: 0.0.1 ++# Date: 2021-01-28 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-cis-ks.cfg b/rl8/kickstart/ssg-rhel8-cis-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-cis-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-cis-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,146 @@ ++# SCAP Security Guide CIS profile kickstart for Red Hat Enterprise Linux 8 Server ++# Version: 0.0.1 ++# Date: 2020-03-30 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# sssd profile sets sha512 to hash passwords ++# passwords are shadowed by default ++# See the manual page for authselect-profile for a complete list of possible options. ++authselect select sssd ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++ ++# Harden installation with CIS profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cis ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-cui-ks.cfg b/rl8/kickstart/ssg-rhel8-cui-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-cui-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-cui-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,167 @@ ++# SCAP Security Guide CUI profile kickstart for Red Hat Enterprise Linux 8 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# --enableshadow enable shadowed passwords by default ++# --passalgo hash / crypt algorithm for new passwords ++# See the manual page for authconfig for a complete list of possible options. ++authconfig --enableshadow --passalgo=sha512 ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cui ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-e8-ks.cfg b/rl8/kickstart/ssg-rhel8-e8-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-e8-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-e8-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,125 @@ ++# SCAP Security Guide Essential Eight profile kickstart for Red Hat Enterprise Linux 8 Server ++# Version: 0.0.1 ++# Date: 2019-11-13 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# sssd profile sets sha512 to hash passwords ++# passwords are shadowed by default ++# See the manual page for authselect-profile for a complete list of possible options. ++authselect select sssd ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# Harden installation with Essential Eight profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_e8 ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-hipaa-ks.cfg b/rl8/kickstart/ssg-rhel8-hipaa-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-hipaa-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-hipaa-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,125 @@ ++# SCAP Security Guide HIPAA profile kickstart for Red Hat Enterprise Linux 8 Server ++# Version: 0.0.1 ++# Date: 2020-05-25 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# sssd profile sets sha512 to hash passwords ++# passwords are shadowed by default ++# See the manual page for authselect-profile for a complete list of possible options. ++authselect select sssd ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# Harden installation with HIPAA profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_hipaa ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-ospp-ks.cfg b/rl8/kickstart/ssg-rhel8-ospp-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-ospp-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-ospp-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,167 @@ ++# SCAP Security Guide OSPP profile kickstart for Red Hat Enterprise Linux 8 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# --enableshadow enable shadowed passwords by default ++# --passalgo hash / crypt algorithm for new passwords ++# See the manual page for authconfig for a complete list of possible options. ++authconfig --enableshadow --passalgo=sha512 ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_ospp ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg b/rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-pci-dss-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,157 @@ ++# SCAP Security Guide PCI-DSS profile kickstart for Red Hat Enterprise Linux 8 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# --enableshadow enable shadowed passwords by default ++# --passalgo hash / crypt algorithm for new passwords ++# See the manual page for authconfig for a complete list of possible options. ++authconfig --enableshadow --passalgo=sha512 ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++# ++# PASSWORD TEMPORARILY DISABLED ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow ++# CCE-26557-9: Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# CCE-26435-8: Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++# CCE-26639-5: Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# CCE-26215-4: Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_pci-dss ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-stig-ks.cfg b/rl8/kickstart/ssg-rhel8-stig-ks.cfg +--- scap-security-guide-0.1.54/rl8/kickstart/ssg-rhel8-stig-ks.cfg 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/kickstart/ssg-rhel8-stig-ks.cfg 2021-08-21 16:55:22.260621083 -0400 +@@ -0,0 +1,168 @@ ++# SCAP Security Guide STIG profile kickstart for Red Hat Enterprise Linux 8 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Install a fresh new system (optional) ++install ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration, ++# "--bootproto=static" must be used. For example: ++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1 ++# ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set up the authentication options for the system (required) ++# --enableshadow enable shadowed passwords by default ++# --passalgo hash / crypt algorithm for new passwords ++# See the manual page for authconfig for a complete list of possible options. ++authconfig --enableshadow --passalgo=sha512 ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon org_fedora_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon org_fedora_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_stig ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff -ruN scap-security-guide-0.1.54/rl8/overlays/srg_support.xml b/rl8/overlays/srg_support.xml +--- scap-security-guide-0.1.54/rl8/overlays/srg_support.xml 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/overlays/srg_support.xml 2021-08-21 16:07:04.288532569 -0400 +@@ -0,0 +1,173 @@ ++ +diff -ruN scap-security-guide-0.1.54/rl8/product.yml b/rl8/product.yml +--- scap-security-guide-0.1.54/rl8/product.yml 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/product.yml 2021-08-21 16:43:49.984133194 -0400 +@@ -0,0 +1,33 @@ ++product: rl8 ++full_name: Rocky Linux 8 ++type: platform ++ ++benchmark_root: "../linux_os/guide" ++ ++profiles_root: "./profiles" ++ ++pkg_manager: "yum" ++ ++init_system: "systemd" ++ ++pkg_release: "60287f36" ++pkg_version: "6d745a60" ++rocky_pkg_release: "60287f36" ++rocky_pkg_version: "6d745a60" ++ ++rocky_major_version: "8" ++ ++oval_feed_url: "https://www.redhat.com/security/data/oval/com.redhat.rhsa-RHEL8.xml" ++ ++grub2_uefi_boot_path: "/boot/efi/EFI/redhat" ++ ++cpes_root: "../shared/applicability" ++cpes: ++ - rocky8: ++ name: "cpe:/o:rocky:rocky:8" ++ title: "Rocky Linux 8" ++ check_id: installed_OS_is_rl8 ++ ++# Mapping of CPE platform to package ++platform_package_overrides: ++ login_defs: "shadow-utils" +diff -ruN scap-security-guide-0.1.54/rl8/profiles/anssi_bp28_enhanced.profile b/rl8/profiles/anssi_bp28_enhanced.profile +--- scap-security-guide-0.1.54/rl8/profiles/anssi_bp28_enhanced.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/anssi_bp28_enhanced.profile 2021-08-21 16:38:56.444262447 -0400 +@@ -0,0 +1,16 @@ ++documentation_complete: true ++ ++title: 'ANSSI-BP-028 (enhanced)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the enhanced hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:enhanced ++ - '!selinux_state' +diff -ruN scap-security-guide-0.1.54/rl8/profiles/anssi_bp28_high.profile b/rl8/profiles/anssi_bp28_high.profile +--- scap-security-guide-0.1.54/rl8/profiles/anssi_bp28_high.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/anssi_bp28_high.profile 2021-08-21 16:38:56.444262447 -0400 +@@ -0,0 +1,15 @@ ++documentation_complete: false ++ ++title: 'DRAFT - ANSSI-BP-028 (high)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the high hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:high +diff -ruN scap-security-guide-0.1.54/rl8/profiles/anssi_bp28_intermediary.profile b/rl8/profiles/anssi_bp28_intermediary.profile +--- scap-security-guide-0.1.54/rl8/profiles/anssi_bp28_intermediary.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/anssi_bp28_intermediary.profile 2021-08-21 16:38:56.444262447 -0400 +@@ -0,0 +1,15 @@ ++documentation_complete: true ++ ++title: 'ANSSI-BP-028 (intermediary)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the intermediary hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:intermediary +diff -ruN scap-security-guide-0.1.54/rl8/profiles/anssi_bp28_minimal.profile b/rl8/profiles/anssi_bp28_minimal.profile +--- scap-security-guide-0.1.54/rl8/profiles/anssi_bp28_minimal.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/anssi_bp28_minimal.profile 2021-08-21 16:38:56.444262447 -0400 +@@ -0,0 +1,16 @@ ++documentation_complete: true ++ ++title: 'ANSSI-BP-028 (minimal)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the minimal hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:minimal ++ +diff -ruN scap-security-guide-0.1.54/rl8/profiles/cis.profile b/rl8/profiles/cis.profile +--- scap-security-guide-0.1.54/rl8/profiles/cis.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/cis.profile 2021-08-21 16:38:56.444262447 -0400 +@@ -0,0 +1,1089 @@ ++documentation_complete: true ++ ++metadata: ++ version: 1.0.0 ++ SMEs: ++ - vojtapolasek ++ - yuumasato ++ ++reference: https://www.cisecurity.org/benchmark/red_hat_linux/ ++ ++title: 'CIS Red Hat Enterprise Linux 8 Benchmark' ++ ++description: |- ++ This profile defines a baseline that aligns to the Center for Internet Security® ++ Red Hat Enterprise Linux 8 Benchmark™, v1.0.0, released 09-30-2019. ++ ++ This profile includes Center for Internet Security® ++ Red Hat Enterprise Linux 8 CIS Benchmarks™ content. ++ ++selections: ++ # Necessary for dconf rules ++ - dconf_db_up_to_date ++ ++ ### Partitioning ++ - mount_option_home_nodev ++ ++ ## 1.1 Filesystem Configuration ++ ++ ### 1.1.1 Disable unused filesystems ++ ++ #### 1.1.1.1 Ensure mounting cramfs filesystems is disabled (Scored) ++ - kernel_module_cramfs_disabled ++ ++ #### 1.1.1.2 Ensure mounting of vFAT filesystems is limited (Not Scored) ++ ++ ++ #### 1.1.1.3 Ensure mounting of squashfs filesystems is disabled (Scored) ++ - kernel_module_squashfs_disabled ++ ++ #### 1.1.1.4 Ensure mounting of udf filesystems is disabled (Scored) ++ - kernel_module_udf_disabled ++ ++ ### 1.1.2 Ensure /tmp is configured (Scored) ++ - partition_for_tmp ++ ++ ### 1.1.3 Ensure nodev option set on /tmp partition (Scored) ++ - mount_option_tmp_nodev ++ ++ ### 1.1.4 Ensure nosuid option set on /tmp partition (Scored) ++ - mount_option_tmp_nosuid ++ ++ ### 1.1.5 Ensure noexec option set on /tmp partition (Scored) ++ - mount_option_tmp_noexec ++ ++ ### 1.1.6 Ensure separate partition exists for /var (Scored) ++ - partition_for_var ++ ++ ### 1.1.7 Ensure separate partition exists for /var/tmp (Scored) ++ - partition_for_var_tmp ++ ++ ### 1.1.8 Ensure nodev option set on /var/tmp partition (Scored) ++ - mount_option_var_tmp_nodev ++ ++ ### 1.1.9 Ensure nosuid option set on /var/tmp partition (Scored) ++ - mount_option_var_tmp_nosuid ++ ++ ### 1.1.10 Ensure noexec option set on /var/tmp partition (Scored) ++ - mount_option_var_tmp_noexec ++ ++ ### 1.1.11 Ensure separate partition exists for /var/log (Scored) ++ - partition_for_var_log ++ ++ ### 1.1.12 Ensure separate partition exists for /var/log/audit (Scored) ++ - partition_for_var_log_audit ++ ++ ### 1.1.13 Ensure separate partition exists for /home (Scored) ++ - partition_for_home ++ ++ ### 1.1.14 Ensure nodev option set on /home partition (Scored) ++ - mount_option_home_nodev ++ ++ ### 1.1.15 Ensure nodev option set on /dev/shm partition (Scored) ++ - mount_option_dev_shm_nodev ++ ++ ### 1.1.16 Ensure nosuid option set on /dev/shm partition (Scored) ++ - mount_option_dev_shm_nosuid ++ ++ ### 1.1.17 Ensure noexec option set on /dev/shm partition (Scored) ++ - mount_option_dev_shm_noexec ++ ++ ### 1.1.18 Ensure nodev option set on removable media partitions (Not Scored) ++ - mount_option_nodev_removable_partitions ++ ++ ### 1.1.19 Ensure nosuid option set on removable media partitions (Not Scored) ++ - mount_option_nosuid_removable_partitions ++ ++ ### 1.1.20 Ensure noexec option set on removable media partitions (Not Scored) ++ - mount_option_noexec_removable_partitions ++ ++ ### 1.1.21 Ensure sticky bit is set on all world-writable directories (Scored) ++ - dir_perms_world_writable_sticky_bits ++ ++ ### 1.1.22 Disable Automounting (Scored) ++ - service_autofs_disabled ++ ++ ### 1.1.23 Disable USB Storage (Scored) ++ - kernel_module_usb-storage_disabled ++ ++ ## 1.2 Configure Software Updates ++ ++ ### 1.2.1 Ensure Red Hat Subscription Manager connection is configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5218 ++ ++ ### 1.2.2 Disable the rhnsd Daemon (Not Scored) ++ - service_rhnsd_disabled ++ ++ ### 1.2.3 Ensure GPG keys are configured (Not Scored) ++ - ensure_redhat_gpgkey_installed ++ ++ ### 1.2.4 Ensure gpgcheck is globally activated (Scored) ++ - ensure_gpgcheck_globally_activated ++ ++ ### 1.2.5 Ensure package manager repositories are configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5219 ++ ++ ## 1.3 Configure sudo ++ ++ ### 1.3.1 Ensure sudo is installed (Scored) ++ - package_sudo_installed ++ ++ ### 1.3.2 Ensure sudo commands use pty (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5220 ++ ++ ### 1.3.3 Ensure sudo log file exists (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5221 ++ ++ ## 1.4 Filesystem Integrity Checking ++ ++ ### 1.4.1 Ensure AIDE is installed (Scored) ++ - package_aide_installed ++ ++ ### 1.4.2 Ensure filesystem integrity is regularly checked (Scored) ++ - aide_periodic_cron_checking ++ ++ ## Secure Boot Settings ++ ++ ### 1.5.1 Ensure permissions on bootloader config are configured (Scored) ++ #### chown root:root /boot/grub2/grub.cfg ++ - file_owner_grub2_cfg ++ - file_groupowner_grub2_cfg ++ ++ #### chmod og-rwx /boot/grub2/grub.cfg ++ - file_permissions_grub2_cfg ++ ++ #### chown root:root /boot/grub2/grubenv ++ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5222 ++ ++ #### chmod og-rwx /boot/grub2/grubenv ++ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5222 ++ ++ ### 1.5.2 Ensure bootloader password is set (Scored) ++ - grub2_password ++ ++ ### 1.5.3 Ensure authentication required for single user mode (Scored) ++ #### ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue ++ - require_singleuser_auth ++ ++ #### ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency ++ - require_emergency_target_auth ++ ++ ## 1.6 Additional Process Hardening ++ ++ ### 1.6.1 Ensure core dumps are restricted (Scored) ++ #### * hard core 0 ++ - disable_users_coredumps ++ ++ #### fs.suid_dumpable = 0 ++ - sysctl_fs_suid_dumpable ++ ++ #### ProcessSizeMax=0 ++ - coredump_disable_backtraces ++ ++ #### Storage=none ++ - coredump_disable_storage ++ ++ ### 1.6.2 Ensure address space layout randomization (ASLR) is enabled ++ - sysctl_kernel_randomize_va_space ++ ++ ## 1.7 Mandatory Access Control ++ ++ ### 1.7.1 Configure SELinux ++ ++ #### 1.7.1.1 Ensure SELinux is installed (Scored) ++ - package_libselinux_installed ++ ++ #### 1.7.1.2 Ensure SELinux is not disabled in bootloader configuration (Scored) ++ - grub2_enable_selinux ++ ++ #### 1.7.1.3 Ensure SELinux policy is configured (Scored) ++ - var_selinux_policy_name=targeted ++ - selinux_policytype ++ ++ #### 1.7.1.4 Ensure the SELinux state is enforcing (Scored) ++ - var_selinux_state=enforcing ++ - selinux_state ++ ++ #### 1.7.1.5 Ensure no unconfied services exist (Scored) ++ - selinux_confinement_of_daemons ++ ++ #### 1.7.1.6 Ensure SETroubleshoot is not installed (Scored) ++ - package_setroubleshoot_removed ++ ++ #### 1.7.1.7 Ensure the MCS Translation Service (mcstrans) is not installed (Scored) ++ - package_mcstrans_removed ++ ++ ## Warning Banners ++ ++ ### 1.8.1 Command Line Warning Baners ++ ++ #### 1.8.1.1 Ensure message of the day is configured properly (Scored) ++ - banner_etc_motd ++ ++ #### 1.8.1.2 Ensure local login warning banner is configured properly (Scored) ++ - banner_etc_issue ++ ++ #### 1.8.1.3 Ensure remote login warning banner is configured properly (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5225 ++ ++ #### 1.8.1.4 Ensure permissions on /etc/motd are configured (Scored) ++ # chmod u-x,go-wx /etc/motd ++ - file_permissions_etc_motd ++ ++ #### 1.8.1.5 Ensure permissions on /etc/issue are configured (Scored) ++ # chmod u-x,go-wx /etc/issue ++ - file_permissions_etc_issue ++ ++ #### 1.8.1.6 Ensure permissions on /etc/issue.net are configured (Scored) ++ # Previously addressed via 'rpm_verify_permissions' rule ++ ++ ### 1.8.2 Ensure GDM login banner is configured (Scored) ++ #### banner-message-enable=true ++ - dconf_gnome_banner_enabled ++ ++ #### banner-message-text='' ++ - dconf_gnome_login_banner_text ++ ++ ## 1.9 Ensure updates, patches, and additional security software are installed (Scored) ++ - security_patches_up_to_date ++ ++ ## 1.10 Ensure system-wide crypto policy is not legacy (Scored) ++ #- var_system_crypto_policy ++ - configure_crypto_policy ++ ++ ## 1.11 Ensure system-wide crytpo policy is FUTURE or FIPS (Scored) ++ # Previously addressed via 'configure_crypto_policy' rule ++ ++ # Services ++ ++ ## 2.1 inetd Services ++ ++ ### 2.1.1 Ensure xinetd is not installed (Scored) ++ - package_xinetd_removed ++ ++ ## 2.2 Special Purpose Services ++ ++ ### 2.2.1 Time Synchronization ++ ++ #### 2.2.1.1 Ensure time synchronization is in use (Not Scored) ++ - package_chrony_installed ++ ++ #### 2.2.1.2 Ensure chrony is configured (Scored) ++ - service_chronyd_enabled ++ - chronyd_specify_remote_server ++ - chronyd_run_as_chrony_user ++ ++ ### 2.2.2 Ensure X Window System is not installed (Scored) ++ - package_xorg-x11-server-common_removed ++ - xwindows_runlevel_target ++ ++ ### 2.2.3 Ensure rsync service is not enabled (Scored) ++ - service_rsyncd_disabled ++ ++ ### 2.2.4 Ensure Avahi Server is not enabled (Scored) ++ - service_avahi-daemon_disabled ++ ++ ### 2.2.5 Ensure SNMP Server is not enabled (Scored) ++ - service_snmpd_disabled ++ ++ ### 2.2.6 Ensure HTTP Proxy Server is not enabled (Scored) ++ - package_squid_removed ++ ++ ### 2.2.7 Ensure Samba is not enabled (Scored) ++ - service_smb_disabled ++ ++ ### 2.2.8 Ensure IMAP and POP3 server is not enabled (Scored) ++ - service_dovecot_disabled ++ ++ ### 2.2.9 Ensure HTTP server is not enabled (Scored) ++ - service_httpd_disabled ++ ++ ### 2.2.10 Ensure FTP Server is not enabled (Scored) ++ - service_vsftpd_disabled ++ ++ ### 2.2.11 Ensure DNS Server is not enabled (Scored) ++ - service_named_disabled ++ ++ ### 2.2.12 Ensure NFS is not enabled (Scored) ++ - service_nfs_disabled ++ ++ ### 2.2.13 Ensure RPC is not enabled (Scored) ++ - service_rpcbind_disabled ++ ++ ### 2.2.14 Ensure LDAP service is not enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5231 ++ ++ ### 2.2.15 Ensure DHCP Server is not enabled (Scored) ++ - service_dhcpd_disabled ++ ++ ### 2.2.16 Ensure CUPS is not enabled (Scored) ++ - service_cups_disabled ++ ++ ### 2.2.17 Ensure NIS Server is not enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5232 ++ ++ ### 2.2.18 Ensure mail transfer agent is configured for ++ ### local-only mode (Scored) ++ - postfix_network_listening_disabled ++ ++ ## 2.3 Service Clients ++ ++ ### 2.3.1 Ensure NIS Client is not installed (Scored) ++ - package_ypbind_removed ++ ++ ### 2.3.2 Ensure telnet client is not installed (Scored) ++ - package_telnet_removed ++ ++ ### Ensure LDAP client is not installed ++ - package_openldap-clients_removed ++ ++ # 3 Network Configuration ++ ++ ## 3.1 Network Parameters (Host Only) ++ ++ ### 3.1.1 Ensure IP forwarding is disabled (Scored) ++ #### net.ipv4.ip_forward = 0 ++ - sysctl_net_ipv4_ip_forward ++ ++ #### net.ipv6.conf.all.forwarding = 0 ++ - sysctl_net_ipv6_conf_all_forwarding ++ ++ ### 3.1.2 Ensure packet redirect sending is disabled (Scored) ++ #### net.ipv4.conf.all.send_redirects = 0 ++ - sysctl_net_ipv4_conf_all_send_redirects ++ ++ #### net.ipv4.conf.default.send_redirects = 0 ++ - sysctl_net_ipv4_conf_default_send_redirects ++ ++ ## 3.2 Network Parameters (Host and Router) ++ ++ ### 3.2.1 Ensure source routed packets are not accepted (Scored) ++ #### net.ipv4.conf.all.accept_source_route = 0 ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ ++ #### net.ipv4.conf.default.accept_source_route = 0 ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ ++ #### net.ipv6.conf.all.accept_source_route = 0 ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ ++ #### net.ipv6.conf.default.accept_source_route = 0 ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ ++ ### 3.2.2 Ensure ICMP redirects are not accepted (Scored) ++ #### net.ipv4.conf.all.accept_redirects = 0 ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ ++ #### net.ipv4.conf.default.accept_redirects ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ ++ #### net.ipv6.conf.all.accept_redirects = 0 ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ ++ #### net.ipv6.conf.defaults.accept_redirects = 0 ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ ++ ### 3.2.3 Ensure secure ICMP redirects are not accepted (Scored) ++ #### net.ipv4.conf.all.secure_redirects = 0 ++ - sysctl_net_ipv4_conf_all_secure_redirects ++ ++ #### net.ipv4.cof.default.secure_redirects = 0 ++ - sysctl_net_ipv4_conf_default_secure_redirects ++ ++ ### 3.2.4 Ensure suspicious packets are logged (Scored) ++ #### net.ipv4.conf.all.log_martians = 1 ++ - sysctl_net_ipv4_conf_all_log_martians ++ ++ #### net.ipv4.conf.default.log_martians = 1 ++ - sysctl_net_ipv4_conf_default_log_martians ++ ++ ### 3.2.5 Ensure broadcast ICMP requests are ignored (Scored) ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ ++ ### 3.2.6 Ensure bogus ICMP responses are ignored (Scored) ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses ++ ++ ### 3.2.7 Ensure Reverse Path Filtering is enabled (Scored) ++ #### net.ipv4.conf.all.rp_filter = 1 ++ - sysctl_net_ipv4_conf_all_rp_filter ++ ++ #### net.ipv4.conf.default.rp_filter = 1 ++ - sysctl_net_ipv4_conf_default_rp_filter ++ ++ ### 3.2.8 Ensure TCP SYN Cookies is enabled (Scored) ++ - sysctl_net_ipv4_tcp_syncookies ++ ++ ### 3.2.9 Ensure IPv6 router advertisements are not accepted (Scored) ++ #### net.ipv6.conf.all.accept_ra = 0 ++ - sysctl_net_ipv6_conf_all_accept_ra ++ ++ #### net.ipv6.conf.default.accept_ra = 0 ++ - sysctl_net_ipv6_conf_default_accept_ra ++ ++ ## 3.3 Uncommon Network Protocols ++ ++ ### 3.3.1 Ensure DCCP is disabled (Scored) ++ - kernel_module_dccp_disabled ++ ++ ### Ensure SCTP is disabled (Scored) ++ - kernel_module_sctp_disabled ++ ++ ### 3.3.3 Ensure RDS is disabled (Scored) ++ - kernel_module_rds_disabled ++ ++ ### 3.3.4 Ensure TIPC is disabled (Scored) ++ - kernel_module_tipc_disabled ++ ++ ## 3.4 Firewall Configuration ++ ++ ### 3.4.1 Ensure Firewall software is installed ++ ++ #### 3.4.1.1 Ensure a Firewall package is installed (Scored) ++ ##### firewalld ++ - package_firewalld_installed ++ ++ ##### nftables ++ #NEED RULE - https://github.com/ComplianceAsCode/content/issues/5237 ++ ++ ##### iptables ++ #- package_iptables_installed ++ ++ ### 3.4.2 Configure firewalld ++ ++ #### 3.4.2.1 Ensure firewalld service is enabled and running (Scored) ++ - service_firewalld_enabled ++ ++ #### 3.4.2.2 Ensure iptables is not enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5238 ++ ++ #### 3.4.2.3 Ensure nftables is not enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5239 ++ ++ #### 3.4.2.4 Ensure default zone is set (Scored) ++ - set_firewalld_default_zone ++ ++ #### 3.4.2.5 Ensure network interfaces are assigned to ++ #### appropriate zone (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5240 ++ ++ #### 3.4.2.6 Ensure unnecessary services and ports are not ++ #### accepted (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5241 ++ ++ ### 3.4.3 Configure nftables ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5242 ++ ++ #### 3.4.3.1 Ensure iptables are flushed (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5243 ++ ++ #### 3.4.3.2 Ensure a table exists (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5244 ++ ++ #### 3.4.3.3 Ensure base chains exist (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5245 ++ ++ #### 3.4.3.4 Ensure loopback traffic is configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5246 ++ ++ #### 3.4.3.5 Ensure outbound and established connections are ++ #### configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5247 ++ ++ #### 3.4.3.6 Ensure default deny firewall policy (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5248 ++ ++ #### 3.4.3.7 Ensure nftables service is enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5249 ++ ++ #### 3.4.3.8 Ensure nftables rules are permanent (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5250 ++ ++ ### 3.4.4 Configure iptables ++ ++ #### 3.4.4.1 Configure IPv4 iptables ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5251 ++ ++ ##### 3.4.4.1.1 Ensure default deny firewall policy (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5252 ++ ++ ##### 3.4.4.1.2 Ensure loopback traffic is configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5253 ++ ++ ##### 3.4.4.1.3 Ensure outbound and established connections are ++ ##### configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5254 ++ ++ ##### 3.4.4.1.4 Ensure firewall rules exist for all open ports (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5255 ++ ++ #### 3.4.4.2 Configure IPv6 ip6tables ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5256 ++ ++ ##### 3.4.4.2.1 Ensure IPv6 default deny firewall policy (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5257 ++ ++ ##### 3.4.4.2.2 Ensure IPv6 loopback traffic is configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5258 ++ ++ ##### 3.4.4.2.3 Ensure IPv6 outbound and established connections are ++ ##### configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5260 ++ ++ ## 3.5 Ensure wireless interfaces are disabled (Scored) ++ - wireless_disable_interfaces ++ ++ ## 3.6 Disable IPv6 (Not Scored) ++ - kernel_module_ipv6_option_disabled ++ ++ # Logging and Auditing ++ ++ ## 4.1 Configure System Accounting (auditd) ++ ++ ### 4.1.1 Ensure auditing is enabled ++ ++ #### 4.1.1.1 Ensure auditd is installed (Scored) ++ - package_audit_installed ++ ++ #### 4.1.1.2 Ensure auditd service is enabled (Scored) ++ - service_auditd_enabled ++ ++ #### 4.1.1.3 Ensure auditing for processes that start prior to audit ++ #### is enabled (Scored) ++ - grub2_audit_argument ++ ++ #### 4.1.1.4 Ensure audit_backlog_limit is sufficient (Scored) ++ - grub2_audit_backlog_limit_argument ++ ++ ### 4.1.2 Configure Data Retention ++ ++ #### 4.1.2.1 Ensure audit log storage size is configured (Scored) ++ - auditd_data_retention_max_log_file ++ ++ #### 4.1.2.2 Ensure audit logs are not automatically deleted (Scored) ++ - auditd_data_retention_max_log_file_action ++ ++ #### 4.1.2.3 Ensure system is disabled when audit logs are full (Scored) ++ - var_auditd_space_left_action=email ++ - auditd_data_retention_space_left_action ++ ++ ##### action_mail_acct = root ++ - var_auditd_action_mail_acct=root ++ - auditd_data_retention_action_mail_acct ++ ++ ##### admin_space_left_action = halt ++ - var_auditd_admin_space_left_action=halt ++ - auditd_data_retention_admin_space_left_action ++ ++ ### 4.1.3 Ensure changes to system administration scope ++ ### (sudoers) is collected (Scored) ++ - audit_rules_sysadmin_actions ++ ++ ### 4.1.4 Ensure login and logout events are collected (Scored) ++ - audit_rules_login_events_faillock ++ - audit_rules_login_events_lastlog ++ ++ ### 4.1.5 Ensure session initiation information is collected (Scored) ++ - audit_rules_session_events ++ ++ ### 4.1.6 Ensure events that modify date and time information ++ ### are collected (Scored) ++ #### adjtimex ++ - audit_rules_time_adjtimex ++ ++ #### settimeofday ++ - audit_rules_time_settimeofday ++ ++ #### stime ++ - audit_rules_time_stime ++ ++ #### clock_settime ++ - audit_rules_time_clock_settime ++ ++ #### -w /etc/localtime -p wa ++ - audit_rules_time_watch_localtime ++ ++ ### 4.1.7 Ensure events that modify the system's Mandatory ++ ### Access Control are collected (Scored) ++ #### -w /etc/selinux/ -p wa ++ - audit_rules_mac_modification ++ ++ #### -w /usr/share/selinux/ -p wa ++ # NEED RULE - https://github.com/ComplianceAsCode/content/issues/5264 ++ ++ ### 4.1.8 Ensure events that modify the system's network ++ ### enironment are collected (Scored) ++ - audit_rules_networkconfig_modification ++ ++ ### 4.1.9 Ensure discretionary access control permission modification ++ ### events are collected (Scored) ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_fremovexattr ++ ++ ### 4.1.10 Ensure unsuccessful unauthorized file access attempts are ++ ### collected (Scored) ++ - audit_rules_unsuccessful_file_modification_creat ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ # Opinionated selection ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ ++ ### 4.1.11 Ensure events that modify user/group information are ++ ### collected (Scored) ++ - audit_rules_usergroup_modification_passwd ++ - audit_rules_usergroup_modification_group ++ - audit_rules_usergroup_modification_gshadow ++ - audit_rules_usergroup_modification_shadow ++ - audit_rules_usergroup_modification_opasswd ++ ++ ### 4.1.12 Ensure successful file system mounts are collected (Scored) ++ - audit_rules_media_export ++ ++ ### 4.1.13 Ensure use of privileged commands is collected (Scored) ++ - audit_rules_privileged_commands ++ ++ ### 4.1.14 Ensure file deletion events by users are collected ++ ### (Scored) ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_file_deletion_events_unlinkat ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_renameat ++ # Opinionated selection ++ - audit_rules_file_deletion_events_rmdir ++ ++ ### 4.1.15 Ensure kernel module loading and unloading is collected ++ ### (Scored) ++ - audit_rules_kernel_module_loading ++ ++ ### 4.1.16 Ensure system administrator actions (sudolog) are ++ ### collected (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5516 ++ ++ ### 4.1.17 Ensure the audit configuration is immutable (Scored) ++ - audit_rules_immutable ++ ++ ## 4.2 Configure Logging ++ ++ ### 4.2.1 Configure rsyslog ++ ++ #### 4.2.1.1 Ensure rsyslog is installed (Scored) ++ - package_rsyslog_installed ++ ++ #### 4.2.1.2 Ensure rsyslog Service is enabled (Scored) ++ - service_rsyslog_enabled ++ ++ #### 4.2.1.3 Ensure rsyslog default file permissions configured (Scored) ++ - rsyslog_files_permissions ++ ++ #### 4.2.1.4 Ensure logging is configured (Not Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5519 ++ ++ #### 4.2.1.5 Ensure rsyslog is configured to send logs to a remote ++ #### log host (Scored) ++ - rsyslog_remote_loghost ++ ++ #### 4.2.1.6 Ensure remote rsyslog messages are only accepted on ++ #### designated log hosts (Not Scored) ++ - rsyslog_nolisten ++ ++ ### 4.2.2 Configure journald ++ ++ #### 4.2.2.1 Ensure journald is configured to send logs to ++ #### rsyslog (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5520 ++ ++ #### 4.2.2.2 Ensure journald is configured to compress large ++ #### log files (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5521 ++ ++ ++ #### 4.2.2.3 Ensure journald is configured to write logfiles to ++ #### persistent disk (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5522 ++ ++ ### 4.2.3 Ensure permissions on all logfiles are configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5523 ++ ++ ## 4.3 Ensure logrotate is conifgured (Not Scored) ++ - ensure_logrotate_activated ++ ++ # 5 Access, Authentication and Authorization ++ ++ ## 5.1 Configure cron ++ ++ ### 5.1.1 Ensure cron daemon is enabled (Scored) ++ - service_crond_enabled ++ ++ ++ ### 5.1.2 Ensure permissions on /etc/crontab are configured (Scored) ++ # chown root:root /etc/crontab ++ - file_owner_crontab ++ - file_groupowner_crontab ++ # chmod og-rwx /etc/crontab ++ - file_permissions_crontab ++ ++ ### 5.1.3 Ensure permissions on /etc/cron.hourly are configured (Scored) ++ # chown root:root /etc/cron.hourly ++ - file_owner_cron_hourly ++ - file_groupowner_cron_hourly ++ # chmod og-rwx /etc/cron.hourly ++ - file_permissions_cron_hourly ++ ++ ### 5.1.4 Ensure permissions on /etc/cron.daily are configured (Scored) ++ # chown root:root /etc/cron.daily ++ - file_owner_cron_daily ++ - file_groupowner_cron_daily ++ # chmod og-rwx /etc/cron.daily ++ - file_permissions_cron_daily ++ ++ ### 5.1.5 Ensure permissions on /etc/cron.weekly are configured (Scored) ++ # chown root:root /etc/cron.weekly ++ - file_owner_cron_weekly ++ - file_groupowner_cron_weekly ++ # chmod og-rwx /etc/cron.weekly ++ - file_permissions_cron_weekly ++ ++ ### 5.1.6 Ensure permissions on /etc/cron.monthly are configured (Scored) ++ # chown root:root /etc/cron.monthly ++ - file_owner_cron_monthly ++ - file_groupowner_cron_monthly ++ # chmod og-rwx /etc/cron.monthly ++ - file_permissions_cron_monthly ++ ++ ### 5.1.7 Ensure permissions on /etc/cron.d are configured (Scored) ++ # chown root:root /etc/cron.d ++ - file_owner_cron_d ++ - file_groupowner_cron_d ++ # chmod og-rwx /etc/cron.d ++ - file_permissions_cron_d ++ ++ ### 5.1.8 Ensure at/cron is restricted to authorized users (Scored) ++ ++ ++ ## 5.2 SSH Server Configuration ++ ++ ### 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured (Scored) ++ # chown root:root /etc/ssh/sshd_config ++ - file_owner_sshd_config ++ - file_groupowner_sshd_config ++ ++ # chmod og-rwx /etc/ssh/sshd_config ++ - file_permissions_sshd_config ++ ++ ### 5.2.2 Ensure SSH access is limited (Scored) ++ ++ ++ ### 5.2.3 Ensure permissions on SSH private host key files are ++ ### configured (Scored) ++ # TO DO: The rule sets to 640, but benchmark wants 600 ++ - file_permissions_sshd_private_key ++ # TO DO: check owner of private keys in /etc/ssh is root:root ++ ++ ### 5.2.4 Ensure permissions on SSH public host key files are configured ++ ### (Scored) ++ - file_permissions_sshd_pub_key ++ # TO DO: check owner of pub keys in /etc/ssh is root:root ++ ++ ### 5.2.5 Ensure SSH LogLevel is appropriate (Scored) ++ - sshd_set_loglevel_info ++ ++ ### 5.2.6 Ensure SSH X11 forward is disabled (Scored) ++ - sshd_disable_x11_forwarding ++ ++ ### 5.2.7 Ensure SSH MaxAuthTries is set to 4 or less (Scored) ++ - sshd_max_auth_tries_value=4 ++ - sshd_set_max_auth_tries ++ ++ ### 5.2.8 Ensure SSH IgnoreRhosts is enabled (Scored) ++ - sshd_disable_rhosts ++ ++ ### 5.2.9 Ensure SSH HostbasedAuthentication is disabled (Scored) ++ - disable_host_auth ++ ++ ### 5.2.10 Ensure SSH root login is disabled (Scored) ++ - sshd_disable_root_login ++ ++ ### 5.2.11 Ensure SSH PermitEmptyPasswords is disabled (Scored) ++ - sshd_disable_empty_passwords ++ ++ ### 5.2.12 Ensure SSH PermitUserEnvironment is disabled (Scored) ++ - sshd_do_not_permit_user_env ++ ++ ### 5.2.13 Ensure SSH Idle Timeout Interval is configured (Scored) ++ # ClientAliveInterval 300 ++ - sshd_idle_timeout_value=5_minutes ++ - sshd_set_idle_timeout ++ ++ # ClientAliveCountMax 0 ++ - sshd_set_keepalive ++ ++ ### 5.2.14 Ensure SSH LoginGraceTime is set to one minute ++ ### or less (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5525 ++ ++ ### 5.2.15 Ensure SSH warning banner is configured (Scored) ++ - sshd_enable_warning_banner ++ ++ ### 5.2.16 Ensure SSH PAM is enabled (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5526 ++ ++ ### 5.2.17 Ensure SSH AllowTcpForwarding is disabled (Scored) ++ - sshd_disable_tcp_forwarding ++ ++ ### 5.2.18 Ensure SSH MaxStarups is configured (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5528 ++ ++ ### 5.2.19 Ensure SSH MaxSessions is set to 4 or less (Scored) ++ - sshd_set_max_sessions ++ - var_sshd_max_sessions=4 ++ ++ ### 5.2.20 Ensure system-wide crypto policy is not over-ridden (Scored) ++ - configure_ssh_crypto_policy ++ ++ ## 5.3 Configure authselect ++ ++ ++ ### 5.3.1 Create custom authselectet profile (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5530 ++ ++ ### 5.3.2 Select authselect profile (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5531 ++ ++ ### 5.3.3 Ensure authselect includes with-faillock (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5532 ++ ++ ## 5.4 Configure PAM ++ ++ ### 5.4.1 Ensure password creation requirements are configured (Scored) ++ # NEEDS RULE: try_first_pass - https://github.com/ComplianceAsCode/content/issues/5533 ++ - accounts_password_pam_retry ++ - var_password_pam_minlen=14 ++ - accounts_password_pam_minlen ++ - var_password_pam_minclass=4 ++ - accounts_password_pam_minclass ++ ++ ### 5.4.2 Ensure lockout for failed password attempts is ++ ### configured (Scored) ++ - var_accounts_passwords_pam_faillock_unlock_time=900 ++ - var_accounts_passwords_pam_faillock_deny=5 ++ - accounts_passwords_pam_faillock_unlock_time ++ - accounts_passwords_pam_faillock_deny ++ ++ ### 5.4.3 Ensure password reuse is limited (Scored) ++ - var_password_pam_unix_remember=5 ++ - accounts_password_pam_unix_remember ++ ++ ### 5.4.4 Ensure password hashing algorithm is SHA-512 (Scored) ++ - set_password_hashing_algorithm_systemauth ++ ++ ## 5.5 User Accounts and Environment ++ ++ ### 5.5.1 Set Shadow Password Suite Parameters ++ ++ #### 5.5.1 Ensure password expiration is 365 days or less (Scored) ++ - var_accounts_maximum_age_login_defs=365 ++ - accounts_maximum_age_login_defs ++ ++ #### 5.5.1.2 Ensure minimum days between password changes is 7 ++ #### or more (Scored) ++ - var_accounts_minimum_age_login_defs=7 ++ - accounts_minimum_age_login_defs ++ ++ #### 5.5.1.3 Ensure password expiration warning days is ++ #### 7 or more (Scored) ++ - var_accounts_password_warn_age_login_defs=7 ++ - accounts_password_warn_age_login_defs ++ ++ #### 5.5.1.4 Ensure inactive password lock is 30 days or less (Scored) ++ # TODO: Rule doesn't check list of users ++ # https://github.com/ComplianceAsCode/content/issues/5536 ++ - var_account_disable_post_pw_expiration=30 ++ - account_disable_post_pw_expiration ++ ++ #### 5.5.1.5 Ensure all users last password change date is ++ #### in the past (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5537 ++ ++ ### 5.5.2 Ensure system accounts are secured (Scored) ++ - no_shelllogin_for_systemaccounts ++ ++ ### 5.5.3 Ensure default user shell timeout is 900 seconds ++ ### or less (Scored) ++ - var_accounts_tmout=15_min ++ - accounts_tmout ++ ++ ### 5.5.4 Ensure default group for the root account is ++ ### GID 0 (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5539 ++ ++ ### 5.5.5 Ensure default user mask is 027 or more restrictive (Scored) ++ - var_accounts_user_umask=027 ++ - accounts_umask_etc_bashrc ++ - accounts_umask_etc_profile ++ ++ ## 5.6 Ensure root login is restricted to system console (Not Scored) ++ - securetty_root_login_console_only ++ - no_direct_root_logins ++ ++ ## 5.7 Ensure access to the su command is restricted (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5541 ++ ++ # System Maintenance ++ ++ ## 6.1 System File Permissions ++ ++ ### 6.1.1 Audit system file permissions (Not Scored) ++ - rpm_verify_permissions ++ - rpm_verify_ownership ++ ++ ### 6.1.2 Ensure permissions on /etc/passwd are configured (Scored) ++ # chown root:root /etc/passwd ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ ++ # chmod 644 /etc/passwd ++ - file_permissions_etc_passwd ++ ++ ### 6.1.3 Ensure permissions on /etc/shadow are configured (Scored) ++ # chown root:root /etc/shadow ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ ++ # chmod o-rwx,g-wx /etc/shadow ++ - file_permissions_etc_shadow ++ ++ ### 6.1.4 Ensure permissions on /etc/group are configured (Scored) ++ # chown root:root /etc/group ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ ++ # chmod 644 /etc/group ++ - file_permissions_etc_group ++ ++ ### 6.1.5 Ensure permissions on /etc/gshadow are configured (Scored) ++ # chown root:root /etc/gshadow ++ - file_owner_etc_gshadow ++ - file_groupowner_etc_gshadow ++ ++ # chmod o-rwx,g-rw /etc/gshadow ++ - file_permissions_etc_gshadow ++ ++ ### 6.1.6 Ensure permissions on /etc/passwd- are configured (Scored) ++ # chown root:root /etc/passwd- ++ - file_owner_backup_etc_passwd ++ - file_groupowner_backup_etc_passwd ++ ++ # chmod 644 /etc/passwd- ++ - file_permissions_backup_etc_passwd ++ ++ ### 6.1.7 Ensure permissions on /etc/shadow- are configured (Scored) ++ # chown root:root /etc/shadow- ++ - file_owner_backup_etc_shadow ++ - file_groupowner_backup_etc_shadow ++ ++ # chmod 0000 /etc/shadow- ++ - file_permissions_backup_etc_shadow ++ ++ ### 6.1.8 Ensure permissions on /etc/group- are configured (Scored) ++ # chown root:root /etc/group- ++ - file_owner_backup_etc_group ++ - file_groupowner_backup_etc_group ++ ++ # chmod 644 /etc/group- ++ - file_permissions_backup_etc_group ++ ++ ### 6.1.9 Ensure permissions on /etc/gshadow- are configured (Scored) ++ # chown root:root /etc/gshadow- ++ - file_owner_backup_etc_gshadow ++ - file_groupowner_backup_etc_gshadow ++ ++ # chmod 0000 /etc/gshadow- ++ - file_permissions_backup_etc_gshadow ++ ++ ### 6.1.10 Ensure no world writable files exist (Scored) ++ - file_permissions_unauthorized_world_writable ++ ++ ### 6.1.11 Ensure no unowned files or directories exist (Scored) ++ - no_files_unowned_by_user ++ ++ ### 6.1.12 Ensure no ungrouped files or directories exist (Scored) ++ - file_permissions_ungroupowned ++ ++ ### 6.1.13 Audit SUID executables (Not Scored) ++ - file_permissions_unauthorized_suid ++ ++ ### 6.1.14 Audit SGID executables (Not Scored) ++ - file_permissions_unauthorized_sgid ++ ++ ## 6.2 User and Group Settings ++ ++ ### 6.2.2 Ensure no legacy "+" entries exist in /etc/passwd (Scored) ++ - no_legacy_plus_entries_etc_passwd ++ ++ ### 6.2.4 Ensure no legacy "+" entries exist in /etc/shadow (Scored) ++ - no_legacy_plus_entries_etc_shadow ++ ++ ### 6.2.5 Ensure no legacy "+" entries exist in /etc/group (Scored) ++ - no_legacy_plus_entries_etc_group ++ ++ ### 6.2.6 Ensure root is the only UID 0 account (Scored) ++ - accounts_no_uid_except_zero ++ ++ ### 6.2.7 Ensure users' home directories permissions are 750 ++ ### or more restrictive (Scored) ++ - file_permissions_home_dirs ++ ++ ### 6.2.8 Ensure users own their home directories (Scored) ++ # NEEDS RULE for user owner @ https://github.com/ComplianceAsCode/content/issues/5507 ++ - file_groupownership_home_directories ++ ++ ### 6.2.9 Ensure users' dot files are not group or world ++ ### writable (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5506 ++ ++ ### 6.2.10 Ensure no users have .forward files (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5505 ++ ++ ### 6.2.11 Ensure no users have .netrc files (Scored) ++ - no_netrc_files ++ ++ ### 6.2.12 Ensure users' .netrc Files are not group or ++ ### world accessible (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5504 ++ ++ ### 6.2.13 Ensure no users have .rhosts files (Scored) ++ - no_rsh_trust_files ++ ++ ### 6.2.14 Ensure all groups in /etc/passwd exist in ++ ### /etc/group (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5503 ++ ++ ### 6.2.15 Ensure no duplicate UIDs exist (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5502 ++ ++ ### 6.2.16 Ensure no duplicate GIDs exist (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5501 ++ ++ ### 6.2.17 Ensure no duplicate user names exist (Scored) ++ - account_unique_name ++ ++ ### 6.2.18 Ensure no duplicate group names exist (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5500 ++ ++ ### 6.2.19 Ensure shadow group is empty (Scored) ++ # NEEDS RULE - https://github.com/ComplianceAsCode/content/issues/5499 ++ ++ ### 6.2.20 Ensure all users' home directories exist (Scored) ++ - accounts_user_interactive_home_directory_exists +diff -ruN scap-security-guide-0.1.54/rl8/profiles/cjis.profile b/rl8/profiles/cjis.profile +--- scap-security-guide-0.1.54/rl8/profiles/cjis.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/cjis.profile 2021-08-21 16:38:56.444262447 -0400 +@@ -0,0 +1,139 @@ ++documentation_complete: false ++ ++metadata: ++ version: 5.4 ++ SMEs: ++ - carlosmmatos ++ ++reference: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center ++ ++title: 'Criminal Justice Information Services (CJIS) Security Policy' ++ ++description: |- ++ This profile is derived from FBI's CJIS v5.4 ++ Security Policy. A copy of this policy can be found at the CJIS Security ++ Policy Resource Center: ++ ++ https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center ++ ++selections: ++ - service_auditd_enabled ++ - grub2_audit_argument ++ - auditd_data_retention_num_logs ++ - auditd_data_retention_max_log_file ++ - auditd_data_retention_max_log_file_action ++ - auditd_data_retention_space_left_action ++ - auditd_data_retention_admin_space_left_action ++ - auditd_data_retention_action_mail_acct ++ - auditd_audispd_syslog_plugin_activated ++ - audit_rules_time_adjtimex ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_usergroup_modification ++ - audit_rules_networkconfig_modification ++ - file_permissions_var_log_audit ++ - file_ownership_var_log_audit ++ - audit_rules_mac_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_login_events ++ - audit_rules_session_events ++ - audit_rules_unsuccessful_file_modification ++ - audit_rules_privileged_commands ++ - audit_rules_media_export ++ - audit_rules_file_deletion_events ++ - audit_rules_sysadmin_actions ++ - audit_rules_kernel_module_loading ++ - audit_rules_immutable ++ - account_unique_name ++ - gid_passwd_group_same ++ - accounts_password_all_shadowed ++ - no_empty_passwords ++ - display_login_attempts ++ - var_accounts_password_minlen_login_defs=12 ++ - var_accounts_maximum_age_login_defs=90 ++ - var_password_pam_unix_remember=10 ++ - var_account_disable_post_pw_expiration=0 ++ - var_password_pam_minlen=12 ++ - var_accounts_minimum_age_login_defs=1 ++ - var_password_pam_difok=6 ++ - var_accounts_max_concurrent_login_sessions=3 ++ - account_disable_post_pw_expiration ++ - accounts_password_pam_minlen ++ - accounts_minimum_age_login_defs ++ - accounts_password_pam_difok ++ - accounts_max_concurrent_login_sessions ++ - set_password_hashing_algorithm_systemauth ++ - set_password_hashing_algorithm_logindefs ++ - set_password_hashing_algorithm_libuserconf ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_permissions_etc_shadow ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ - file_permissions_etc_group ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ - file_permissions_etc_passwd ++ - file_owner_grub2_cfg ++ - file_groupowner_grub2_cfg ++ - var_password_pam_retry=5 ++ - var_accounts_passwords_pam_faillock_deny=5 ++ - var_accounts_passwords_pam_faillock_unlock_time=600 ++ - dconf_db_up_to_date ++ - dconf_gnome_screensaver_idle_delay ++ - dconf_gnome_screensaver_idle_activation_enabled ++ - dconf_gnome_screensaver_lock_enabled ++ - dconf_gnome_screensaver_mode_blank ++ - sshd_allow_only_protocol2 ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - disable_host_auth ++ - sshd_disable_root_login ++ - sshd_disable_empty_passwords ++ - sshd_enable_warning_banner ++ - sshd_do_not_permit_user_env ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - kernel_module_dccp_disabled ++ - kernel_module_sctp_disabled ++ - service_firewalld_enabled ++ - set_firewalld_default_zone ++ - firewalld_sshd_port_enabled ++ - sshd_idle_timeout_value=30_minutes ++ - inactivity_timeout_value=30_minutes ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv4_tcp_syncookies ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_conf_default_send_redirects ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ - var_password_pam_ocredit=1 ++ - var_password_pam_dcredit=1 ++ - var_password_pam_ucredit=1 ++ - var_password_pam_lcredit=1 ++ - package_aide_installed ++ - aide_build_database ++ - aide_periodic_cron_checking ++ - rpm_verify_permissions ++ - rpm_verify_hashes ++ - ensure_redhat_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - security_patches_up_to_date ++ - kernel_module_bluetooth_disabled +diff -ruN scap-security-guide-0.1.54/rl8/profiles/cui.profile b/rl8/profiles/cui.profile +--- scap-security-guide-0.1.54/rl8/profiles/cui.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/cui.profile 2021-08-21 16:38:56.444262447 -0400 +@@ -0,0 +1,32 @@ ++documentation_complete: true ++ ++metadata: ++ version: TBD ++ SMEs: ++ - carlosmmatos ++ ++title: 'Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)' ++ ++description: |- ++ From NIST 800-171, Section 2.2: ++ Security requirements for protecting the confidentiality of CUI in nonfederal ++ information systems and organizations have a well-defined structure that ++ consists of: ++ ++ (i) a basic security requirements section; ++ (ii) a derived security requirements section. ++ ++ The basic security requirements are obtained from FIPS Publication 200, which ++ provides the high-level and fundamental security requirements for federal ++ information and information systems. The derived security requirements, which ++ supplement the basic security requirements, are taken from the security controls ++ in NIST Special Publication 800-53. ++ ++ This profile configures Red Hat Enterprise Linux 8 to the NIST Special ++ Publication 800-53 controls identified for securing Controlled Unclassified ++ Information (CUI)." ++ ++extends: ospp ++ ++selections: ++ - inactivity_timeout_value=10_minutes +diff -ruN scap-security-guide-0.1.54/rl8/profiles/e8.profile b/rl8/profiles/e8.profile +--- scap-security-guide-0.1.54/rl8/profiles/e8.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/e8.profile 2021-08-21 16:38:56.444262447 -0400 +@@ -0,0 +1,149 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ ++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers ++ ++title: 'Australian Cyber Security Centre (ACSC) Essential Eight' ++ ++description: |- ++ This profile contains configuration checks for Red Hat Enterprise Linux 8 ++ that align to the Australian Cyber Security Centre (ACSC) Essential Eight. ++ ++ A copy of the Essential Eight in Linux Environments guide can be found at the ++ ACSC website: ++ ++ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers ++ ++selections: ++ ++ ### Remove obsolete packages ++ - package_talk_removed ++ - package_talk-server_removed ++ - package_xinetd_removed ++ - service_xinetd_disabled ++ - package_ypbind_removed ++ - package_telnet_removed ++ - service_telnet_disabled ++ - package_telnet-server_removed ++ - package_rsh_removed ++ - package_rsh-server_removed ++ - service_zebra_disabled ++ - package_quagga_removed ++ - service_avahi-daemon_disabled ++ - package_squid_removed ++ - service_squid_disabled ++ ++ ### Software update ++ - ensure_redhat_gpgkey_installed ++ - ensure_gpgcheck_never_disabled ++ - ensure_gpgcheck_local_packages ++ - ensure_gpgcheck_globally_activated ++ - security_patches_up_to_date ++ - dnf-automatic_security_updates_only ++ ++ ### System security settings ++ - sysctl_kernel_randomize_va_space ++ - sysctl_kernel_exec_shield ++ - sysctl_kernel_kptr_restrict ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_kexec_load_disabled ++ - sysctl_kernel_yama_ptrace_scope ++ - sysctl_kernel_unprivileged_bpf_disabled ++ - sysctl_net_core_bpf_jit_harden ++ ++ ### SELinux ++ - var_selinux_state=enforcing ++ - selinux_state ++ - var_selinux_policy_name=targeted ++ - selinux_policytype ++ ++ ### Filesystem integrity ++ - rpm_verify_hashes ++ - rpm_verify_permissions ++ - rpm_verify_ownership ++ - file_permissions_unauthorized_sgid ++ - file_permissions_unauthorized_suid ++ - file_permissions_unauthorized_world_writable ++ - dir_perms_world_writable_sticky_bits ++ - file_permissions_library_dirs ++ - file_ownership_binary_dirs ++ - file_permissions_binary_dirs ++ - file_ownership_library_dirs ++ ++ ### Passwords ++ - no_empty_passwords ++ ++ ### Partitioning ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_nosuid ++ - mount_option_dev_shm_noexec ++ ++ ### Network ++ - package_firewalld_installed ++ - service_firewalld_enabled ++ - network_sniffer_disabled ++ ++ ### Admin privileges ++ - accounts_no_uid_except_zero ++ - sudo_remove_nopasswd ++ - sudo_remove_no_authenticate ++ - sudo_require_authentication ++ ++ ### Audit ++ - package_rsyslog_installed ++ - service_rsyslog_enabled ++ - service_auditd_enabled ++ - var_auditd_flush=incremental_async ++ - auditd_data_retention_flush ++ - auditd_local_events ++ - auditd_write_logs ++ - auditd_log_format ++ - auditd_freq ++ - auditd_name_format ++ - audit_rules_login_events_tallylog ++ - audit_rules_login_events_faillock ++ - audit_rules_login_events_lastlog ++ - audit_rules_login_events ++ - audit_rules_time_adjtimex ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_execution_restorecon ++ - audit_rules_execution_chcon ++ - audit_rules_execution_semanage ++ - audit_rules_execution_setsebool ++ - audit_rules_execution_setfiles ++ - audit_rules_execution_seunshare ++ - audit_rules_sysadmin_actions ++ - audit_rules_networkconfig_modification ++ - audit_rules_usergroup_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_kernel_module_loading ++ ++ ### Secure access ++ - sshd_disable_root_login ++ - sshd_disable_gssapi_auth ++ - sshd_print_last_log ++ - sshd_do_not_permit_user_env ++ - sshd_disable_rhosts ++ - sshd_set_loglevel_info ++ - sshd_disable_empty_passwords ++ - sshd_disable_user_known_hosts ++ - sshd_enable_strictmodes ++ ++ # See also: https://www.cyber.gov.au/ism/guidelines-using-cryptography ++ - var_system_crypto_policy=default_nosha1 ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ ++ ### Application whitelisting ++ - package_fapolicyd_installed ++ - service_fapolicyd_enabled ++ ++ ### Backup ++ - package_rear_installed +diff -ruN scap-security-guide-0.1.54/rl8/profiles/hipaa.profile b/rl8/profiles/hipaa.profile +--- scap-security-guide-0.1.54/rl8/profiles/hipaa.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/hipaa.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,164 @@ ++documentation_complete: True ++ ++metadata: ++ SMEs: ++ - jjaswanson4 ++ - carlosmmatos ++ ++reference: https://www.hhs.gov/hipaa/for-professionals/index.html ++ ++title: 'Health Insurance Portability and Accountability Act (HIPAA)' ++ ++description: |- ++ The HIPAA Security Rule establishes U.S. national standards to protect individuals’ ++ electronic personal health information that is created, received, used, or ++ maintained by a covered entity. The Security Rule requires appropriate ++ administrative, physical and technical safeguards to ensure the ++ confidentiality, integrity, and security of electronic protected health ++ information. ++ ++ This profile configures Red Hat Enterprise Linux 8 to the HIPAA Security ++ Rule identified for securing of electronic protected health information. ++ Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s). ++ ++selections: ++ - grub2_password ++ - grub2_uefi_password ++ - file_groupowner_grub2_cfg ++ - file_permissions_grub2_cfg ++ - file_owner_grub2_cfg ++ - grub2_disable_interactive_boot ++ - no_direct_root_logins ++ - no_empty_passwords ++ - require_singleuser_auth ++ - restrict_serial_port_logins ++ - securetty_root_login_console_only ++ - service_debug-shell_disabled ++ - disable_ctrlaltdel_reboot ++ - disable_ctrlaltdel_burstaction ++ - dconf_db_up_to_date ++ - dconf_gnome_remote_access_credential_prompt ++ - dconf_gnome_remote_access_encryption ++ - sshd_disable_empty_passwords ++ - sshd_disable_root_login ++ - libreswan_approved_tunnels ++ - no_rsh_trust_files ++ - package_rsh-server_removed ++ - package_talk_removed ++ - package_talk-server_removed ++ - package_telnet_removed ++ - package_telnet-server_removed ++ - package_xinetd_removed ++ - service_crond_enabled ++ - service_rexec_disabled ++ - service_rlogin_disabled ++ - service_telnet_disabled ++ - service_xinetd_disabled ++ - service_zebra_disabled ++ - use_kerberos_security_all_exports ++ - disable_host_auth ++ - sshd_allow_only_protocol2 ++ - sshd_disable_compression ++ - sshd_disable_gssapi_auth ++ - sshd_disable_kerb_auth ++ - sshd_do_not_permit_user_env ++ - sshd_enable_strictmodes ++ - sshd_enable_warning_banner ++ - sshd_set_keepalive ++ - encrypt_partitions ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - var_selinux_policy_name=targeted ++ - var_selinux_state=enforcing ++ - grub2_enable_selinux ++ - sebool_selinuxuser_execheap ++ - sebool_selinuxuser_execmod ++ - sebool_selinuxuser_execstack ++ - selinux_confinement_of_daemons ++ - selinux_policytype ++ - selinux_state ++ - service_kdump_disabled ++ - sysctl_fs_suid_dumpable ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_exec_shield ++ - sysctl_kernel_randomize_va_space ++ - rpm_verify_hashes ++ - rpm_verify_permissions ++ - ensure_redhat_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - ensure_gpgcheck_local_packages ++ - grub2_audit_argument ++ - service_auditd_enabled ++ - audit_rules_privileged_commands_sudo ++ - audit_rules_privileged_commands_su ++ - audit_rules_immutable ++ - kernel_module_usb-storage_disabled ++ - service_autofs_disabled ++ - auditd_audispd_syslog_plugin_activated ++ - rsyslog_remote_loghost ++ - auditd_data_retention_flush ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_execution_chcon ++ - audit_rules_execution_restorecon ++ - audit_rules_execution_semanage ++ - audit_rules_execution_setsebool ++ - audit_rules_file_deletion_events_renameat ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_rmdir ++ - audit_rules_file_deletion_events_unlinkat ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_kernel_module_loading_delete ++ - audit_rules_kernel_module_loading_init ++ - audit_rules_login_events_faillock ++ - audit_rules_login_events_lastlog ++ - audit_rules_login_events_tallylog ++ - audit_rules_mac_modification ++ - audit_rules_media_export ++ - audit_rules_networkconfig_modification ++ - audit_rules_privileged_commands_chage ++ - audit_rules_privileged_commands_chsh ++ - audit_rules_privileged_commands_crontab ++ - audit_rules_privileged_commands_gpasswd ++ - audit_rules_privileged_commands_newgrp ++ - audit_rules_privileged_commands_pam_timestamp_check ++ - audit_rules_privileged_commands_passwd ++ - audit_rules_privileged_commands_postdrop ++ - audit_rules_privileged_commands_postqueue ++ - audit_rules_privileged_commands_ssh_keysign ++ - audit_rules_privileged_commands_sudoedit ++ - audit_rules_privileged_commands_umount ++ - audit_rules_privileged_commands_unix_chkpwd ++ - audit_rules_privileged_commands_userhelper ++ - audit_rules_session_events ++ - audit_rules_sysadmin_actions ++ - audit_rules_system_shutdown ++ - audit_rules_time_adjtimex ++ - audit_rules_time_clock_settime ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_watch_localtime ++ - audit_rules_unsuccessful_file_modification_creat ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_usergroup_modification_group ++ - audit_rules_usergroup_modification_gshadow ++ - audit_rules_usergroup_modification_opasswd ++ - audit_rules_usergroup_modification_passwd ++ - audit_rules_usergroup_modification_shadow +diff -ruN scap-security-guide-0.1.54/rl8/profiles/ism_o.profile b/rl8/profiles/ism_o.profile +--- scap-security-guide-0.1.54/rl8/profiles/ism_o.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/ism_o.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,158 @@ ++documentation_complete: false ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ - wcushen ++ - ahamilto156 ++ ++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-linux-environments ++ ++title: 'Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) Official' ++ ++description: |- ++ This profile contains configuration checks for Red Hat Enterprise Linux 8 ++ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) ++ with the Attorney-General’s Department (AGD)’s applicability marking of OFFICIAL. ++ ++ A overview and list of Cyber security guidelines of the ++ Information Security Manual can be found at the ACSC website: ++ ++ https://www.cyber.gov.au/ism ++ ++extends: e8 ++ ++selections: ++ ++ ## Operating system configuration ++ ## Identifiers 1491 ++ - no_shelllogin_for_systemaccounts ++ ++ ## Local administrator accounts ++ ## Identifiers 1410 ++ - accounts_password_all_shadowed ++ ++ ## Content filtering & Anti virus ++ ## Identifiers 1341 / 1034 / 1417 / 1288 ++ - package_aide_installed ++ ++ ## Software firewall ++ ## Identifiers 1416 ++ - configure_firewalld_ports ++ ## Removing due to build error ++ ## - configure_firewalld_rate_limiting ++ - firewalld_sshd_port_enabled ++ - set_firewalld_default_zone ++ ++ ## Endpoint device control software ++ ## Identifiers 1418 ++ - package_usbguard_installed ++ - service_usbguard_enabled ++ ++ ## Authentication hardening ++ ## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560 ++ ## 1561 / 0421 / 1557 / 0422 / 1558 / 1403 / 0431 ++ - disable_host_auth ++ - require_emergency_target_auth ++ - require_singleuser_auth ++ - sebool_authlogin_nsswitch_use_ldap ++ - sebool_authlogin_radius ++ - sshd_disable_kerb_auth ++ - sshd_set_max_auth_tries ++ - sssd_enable_smartcards ++ - accounts_password_minlen_login_defs ++ - var_password_pam_minlen=14 ++ - accounts_password_pam_minlen ++ - accounts_password_pam_minclass ++ - accounts_password_pam_dcredit ++ - accounts_password_pam_lcredit ++ - accounts_password_pam_ocredit ++ - accounts_password_pam_ucredit ++ - accounts_password_pam_maxrepeat ++ - accounts_passwords_pam_faillock_deny ++ - accounts_passwords_pam_faillock_deny_root ++ - accounts_passwords_pam_faillock_interval ++ - accounts_passwords_pam_faillock_unlock_time ++ ++ ## Password authentication & Protecting credentials ++ ## Identifiers 1055 / 0418 / 1402 ++ - network_nmcli_permissions ++ - configure_kerberos_crypto_policy ++ - kerberos_disable_no_keytab ++ - sebool_kerberos_enabled ++ - sshd_disable_gssapi_auth ++ - enable_ldap_client ++ - set_password_hashing_algorithm_libuserconf ++ - set_password_hashing_algorithm_logindefs ++ - set_password_hashing_algorithm_systemauth ++ - accounts_password_warn_age_login_defs ++ - accounts_maximum_age_login_defs ++ - accounts_minimum_age_login_defs ++ ++ ## System administration & MFA ++ ## Identifiers 1382 / 1384 / 1386 ++ - package_sudo_installed ++ - package_opensc_installed ++ - var_smartcard_drivers=cac ++ - configure_opensc_card_drivers ++ - force_opensc_card_drivers ++ - package_pcsc-lite_installed ++ - service_pcscd_enabled ++ - sssd_enable_smartcards ++ ++ ## System patching & Applicatoin versions ++ ## Identifiers 1493 / 1144 / 0940 / 1472 / 1494 / 1495 / 1467 / 1483 ++ - dnf-automatic_apply_updates ++ - package_dnf-plugin-subscription-manager_installed ++ - package_subscription-manager_installed ++ ++ ## Centralised logging facility ++ ## Identifiers 1405 / 0988 ++ - rsyslog_cron_logging ++ - rsyslog_files_groupownership ++ - rsyslog_files_ownership ++ - rsyslog_files_permissions ++ - rsyslog_nolisten ++ - rsyslog_remote_loghost ++ - rsyslog_remote_tls ++ - rsyslog_remote_tls_cacert ++ - package_chrony_installed ++ - service_chronyd_enabled ++ - chronyd_or_ntpd_specify_multiple_servers ++ - chronyd_specify_remote_server ++ - service_chronyd_or_ntpd_enabled ++ ++ ## Events to be logged ++ ## Identifiers 0584 / 0582 / 0585 / 0586 / 0846 / 0957 ++ - display_login_attempts ++ - sebool_auditadm_exec_content ++ - audit_rules_privileged_commands ++ - audit_rules_session_events ++ - audit_rules_unsuccessful_file_modification ++ - audit_access_failed ++ - audit_access_success ++ ++ ## Web application & Database servers ++ ## Identifiers 1552 / 1277 ++ - openssl_use_strong_entropy ++ ++ ## Network design and configuration ++ ## Identifiers 1311 ++ - service_snmpd_disabled ++ - snmpd_use_newer_protocol ++ ++ ## Wireless networks ++ ## Identifiers 1315 / 1319 ++ - wireless_disable_interfaces ++ - network_ipv6_static_address ++ ++ ## ASD Approved Cryptopgraphic Algorithims ++ ## Identifiers 1446 ++ - enable_dracut_fips_module ++ - enable_fips_mode ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ ++ ## Secure Shell access ++ ## Identifiers 1506 / 1449 / 0487 ++ - sshd_allow_only_protocol2 +diff -ruN scap-security-guide-0.1.54/rl8/profiles/ospp-mls.profile b/rl8/profiles/ospp-mls.profile +--- scap-security-guide-0.1.54/rl8/profiles/ospp-mls.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/ospp-mls.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,25 @@ ++documentation_complete: false ++ ++title: 'Protection Profile for General Purpose Operating Systems - MLS Mode' ++ ++description: |- ++ Placeholder to put MLS specific rules ++ ++extends: ospp ++ ++selections: ++ ++ ################################################ ++ ## MUST INSTALL PACKAGES IN MLS MODE ++ #cups ++ #foomatic ++ #ghostscript ++ #ghostscript-fonts ++ #checkpolicy ++ #mcstrans ++ #policycoreutils-newrole ++ #selinux-policy-devel ++ ##xinetd ++ #iproute ++ #iputils ++ #netlabel_tools +diff -ruN scap-security-guide-0.1.54/rl8/profiles/ospp.profile b/rl8/profiles/ospp.profile +--- scap-security-guide-0.1.54/rl8/profiles/ospp.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/ospp.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,443 @@ ++documentation_complete: true ++ ++metadata: ++ version: 4.2.1 ++ SMEs: ++ - comps ++ - carlosmmatos ++ - stevegrubb ++ ++reference: https://www.niap-ccevs.org/Profile/PP.cfm ++ ++title: 'Protection Profile for General Purpose Operating Systems' ++ ++description: |- ++ This profile reflects mandatory configuration controls identified in the ++ NIAP Configuration Annex to the Protection Profile for General Purpose ++ Operating Systems (Protection Profile Version 4.2.1). ++ ++ This configuration profile is consistent with CNSSI-1253, which requires ++ U.S. National Security Systems to adhere to certain configuration ++ parameters. Accordingly, this configuration profile is suitable for ++ use in U.S. National Security Systems. ++ ++selections: ++ ++ ####################################################### ++ ### GENERAL REQUIREMENTS ++ ### Things needed to meet OSPP functional requirements. ++ ####################################################### ++ ++ ### Partitioning ++ - mount_option_home_nodev ++ - mount_option_home_nosuid ++ - mount_option_tmp_nodev ++ - mount_option_tmp_noexec ++ - mount_option_tmp_nosuid ++ - mount_option_var_tmp_nodev ++ - mount_option_var_tmp_noexec ++ - mount_option_var_tmp_nosuid ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_noexec ++ - mount_option_dev_shm_nosuid ++ - mount_option_nodev_nonroot_local_partitions ++ - mount_option_boot_nodev ++ - mount_option_boot_nosuid ++ - partition_for_home ++ - partition_for_var ++ - mount_option_var_nodev ++ - partition_for_var_log ++ - mount_option_var_log_nodev ++ - mount_option_var_log_nosuid ++ - mount_option_var_log_noexec ++ - partition_for_var_log_audit ++ - mount_option_var_log_audit_nodev ++ - mount_option_var_log_audit_nosuid ++ - mount_option_var_log_audit_noexec ++ ++ ### Services ++ # sshd ++ - sshd_disable_root_login ++ - sshd_enable_strictmodes ++ - disable_host_auth ++ - sshd_disable_empty_passwords ++ - sshd_disable_kerb_auth ++ - sshd_disable_gssapi_auth ++ - sshd_set_keepalive ++ - sshd_enable_warning_banner ++ - sshd_rekey_limit ++ - var_rekey_limit_size=1G ++ - var_rekey_limit_time=1hour ++ - sshd_use_strong_rng ++ - openssl_use_strong_entropy ++ ++ # Time Server ++ - chronyd_client_only ++ - chronyd_no_chronyc_network ++ ++ ### Network Settings ++ - sysctl_net_ipv6_conf_all_accept_ra ++ - sysctl_net_ipv6_conf_default_accept_ra ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ - sysctl_net_ipv4_conf_all_secure_redirects ++ - sysctl_net_ipv4_conf_default_secure_redirects ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_conf_default_send_redirects ++ - sysctl_net_ipv4_conf_all_log_martians ++ - sysctl_net_ipv4_conf_default_log_martians ++ - sysctl_net_ipv4_conf_all_rp_filter ++ - sysctl_net_ipv4_conf_default_rp_filter ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ - sysctl_net_ipv4_ip_forward ++ - sysctl_net_ipv4_tcp_syncookies ++ ++ ### systemd ++ - disable_ctrlaltdel_reboot ++ - disable_ctrlaltdel_burstaction ++ - service_debug-shell_disabled ++ ++ ### umask ++ - var_accounts_user_umask=027 ++ - accounts_umask_etc_profile ++ - accounts_umask_etc_bashrc ++ - accounts_umask_etc_csh_cshrc ++ ++ ### Software update ++ - ensure_redhat_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_local_packages ++ - ensure_gpgcheck_never_disabled ++ ++ ### Passwords ++ - var_password_pam_difok=4 ++ - accounts_password_pam_difok ++ - var_password_pam_maxrepeat=3 ++ - accounts_password_pam_maxrepeat ++ - var_password_pam_maxclassrepeat=4 ++ - accounts_password_pam_maxclassrepeat ++ ++ ### Kernel Config ++ ## Boot prompt ++ - grub2_audit_argument ++ - grub2_audit_backlog_limit_argument ++ - grub2_slub_debug_argument ++ - grub2_page_poison_argument ++ - grub2_vsyscall_argument ++ - grub2_vsyscall_argument.role=unscored ++ - grub2_vsyscall_argument.severity=info ++ - grub2_pti_argument ++ - grub2_kernel_trust_cpu_rng ++ ++ ## Security Settings ++ - sysctl_kernel_kptr_restrict ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_kexec_load_disabled ++ - sysctl_kernel_yama_ptrace_scope ++ - sysctl_kernel_perf_event_paranoid ++ - sysctl_user_max_user_namespaces ++ - sysctl_user_max_user_namespaces.role=unscored ++ - sysctl_user_max_user_namespaces.severity=info ++ - sysctl_kernel_unprivileged_bpf_disabled ++ - sysctl_net_core_bpf_jit_harden ++ - service_kdump_disabled ++ ++ ## File System Settings ++ - sysctl_fs_protected_hardlinks ++ - sysctl_fs_protected_symlinks ++ ++ ### Audit ++ - service_auditd_enabled ++ - var_auditd_flush=incremental_async ++ - auditd_data_retention_flush ++ - auditd_local_events ++ - auditd_write_logs ++ - auditd_log_format ++ - auditd_freq ++ - auditd_name_format ++ ++ ### Module Blacklist ++ - kernel_module_cramfs_disabled ++ - kernel_module_bluetooth_disabled ++ - kernel_module_sctp_disabled ++ - kernel_module_firewire-core_disabled ++ - kernel_module_atm_disabled ++ - kernel_module_can_disabled ++ - kernel_module_tipc_disabled ++ ++ ### rpcbind ++ ++ ### Install Required Packages ++ - package_aide_installed ++ - package_dnf-automatic_installed ++ - package_subscription-manager_installed ++ - package_dnf-plugin-subscription-manager_installed ++ - package_firewalld_installed ++ - package_openscap-scanner_installed ++ - package_policycoreutils_installed ++ - package_sudo_installed ++ - package_usbguard_installed ++ - package_scap-security-guide_installed ++ - package_audit_installed ++ - package_crypto-policies_installed ++ - package_openssh-server_installed ++ - package_openssh-clients_installed ++ - package_policycoreutils-python-utils_installed ++ - package_rsyslog_installed ++ - package_rsyslog-gnutls_installed ++ - package_audispd-plugins_installed ++ - package_chrony_installed ++ - package_gnutls-utils_installed ++ ++ ### Remove Prohibited Packages ++ - package_sendmail_removed ++ - package_iprutils_removed ++ - package_gssproxy_removed ++ - package_nfs-utils_removed ++ - package_krb5-workstation_removed ++ - package_abrt-addon-kerneloops_removed ++ - package_abrt-addon-python_removed ++ - package_abrt-addon-ccpp_removed ++ - package_abrt-plugin-rhtsupport_removed ++ - package_abrt-plugin-logger_removed ++ - package_abrt-plugin-sosreport_removed ++ - package_abrt-cli_removed ++ - package_abrt_removed ++ ++ ### Login ++ - disable_users_coredumps ++ - sysctl_kernel_core_pattern ++ - coredump_disable_storage ++ - coredump_disable_backtraces ++ - service_systemd-coredump_disabled ++ - var_accounts_max_concurrent_login_sessions=10 ++ - accounts_max_concurrent_login_sessions ++ - securetty_root_login_console_only ++ - var_password_pam_unix_remember=5 ++ - accounts_password_pam_unix_remember ++ - use_pam_wheel_for_su ++ ++ ### SELinux Configuration ++ - var_selinux_state=enforcing ++ - selinux_state ++ - var_selinux_policy_name=targeted ++ - selinux_policytype ++ ++ ### Application Whitelisting (RHEL 8) ++ - package_fapolicyd_installed ++ - service_fapolicyd_enabled ++ ++ ### Configure USBGuard ++ - service_usbguard_enabled ++ - configure_usbguard_auditbackend ++ - usbguard_allow_hid_and_hub ++ ++ ++ ### Enable / Configure FIPS ++ - enable_fips_mode ++ - var_system_crypto_policy=fips_ospp ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_kerberos_crypto_policy ++ - enable_dracut_fips_module ++ ++ ####################################################### ++ ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE ++ ### FOR GENERAL PURPOSE OPERATING SYSTEMS ++ ### ANNEX RELEASE 1 ++ ### FOR PROTECTION PROFILE VERSIONS 4.2 ++ ### ++ ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/ ++ ####################################################### ++ ++ ## Configure Minimum Password Length to 12 Characters ++ ## IA-5 (1)(a) / FMT_MOF_EXT.1 ++ - var_accounts_password_minlen_login_defs=12 ++ - accounts_password_minlen_login_defs ++ - var_password_pam_minlen=12 ++ - accounts_password_pam_minlen ++ ++ ## Require at Least 1 Special Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 ++ - var_password_pam_ocredit=1 ++ - accounts_password_pam_ocredit ++ ++ ## Require at Least 1 Numeric Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 ++ - var_password_pam_dcredit=1 ++ - accounts_password_pam_dcredit ++ ++ ## Require at Least 1 Uppercase Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 ++ - var_password_pam_ucredit=1 ++ - accounts_password_pam_ucredit ++ ++ ## Require at Least 1 Lowercase Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 ++ - var_password_pam_lcredit=1 ++ - accounts_password_pam_lcredit ++ ++ ## Enable Screen Lock ++ ## FMT_MOF_EXT.1 ++ - package_tmux_installed ++ - configure_bashrc_exec_tmux ++ - no_tmux_in_shells ++ - configure_tmux_lock_command ++ - configure_tmux_lock_after_time ++ ++ ## Set Screen Lock Timeout Period to 30 Minutes or Less ++ ## AC-11(a) / FMT_MOF_EXT.1 ++ ## We deliberately set sshd timeout to 1 minute before tmux lock timeout ++ - sshd_idle_timeout_value=14_minutes ++ - sshd_set_idle_timeout ++ ++ ## Disable Unauthenticated Login (such as Guest Accounts) ++ ## FIA_UAU.1 ++ - require_singleuser_auth ++ - grub2_disable_interactive_boot ++ - grub2_uefi_password ++ - no_empty_passwords ++ ++ ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes ++ ## AC-7 / FIA_AFL.1 ++ - var_accounts_passwords_pam_faillock_deny=3 ++ - accounts_passwords_pam_faillock_deny ++ - var_accounts_passwords_pam_faillock_fail_interval=900 ++ - accounts_passwords_pam_faillock_interval ++ - var_accounts_passwords_pam_faillock_unlock_time=never ++ - accounts_passwords_pam_faillock_unlock_time ++ ++ ## Enable Host-Based Firewall ++ ## SC-7(12) / FMT_MOF_EXT.1 ++ - service_firewalld_enabled ++ ++ ## Configure Name/Addres of Remote Management Server ++ ## From Which to Receive Config Settings ++ ## CM-3(3) / FMT_MOF_EXT.1 ++ ++ ## Configure the System to Offload Audit Records to a Log ++ ## Server ++ ## AU-4(1) / FAU_GEN.1.1.c ++ # temporarily dropped ++ ++ ## Set Logon Warning Banner ++ ## AC-8(a) / FMT_MOF_EXT.1 ++ ++ ## Audit All Logons (Success/Failure) and Logoffs (Success) ++ ## CNSSI 1253 Value or DoD-Specific Values: ++ ## (1) Logons (Success/Failure) ++ ## (2) Logoffs (Success) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ++ ## Audit File and Object Events (Unsuccessful) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## (1) Create (Success/Failure) ++ ## (2) Access (Success/Failure) ++ ## (3) Delete (Sucess/Failure) ++ ## (4) Modify (Success/Failure) ++ ## (5) Permission Modification (Sucess/Failure) ++ ## (6) Ownership Modification (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## ++ ## ++ ## (1) Create (Success/Failure) ++ ## (open with O_CREAT) ++ ## (2) Access (Success/Failure) ++ ## (3) Delete (Success/Failure) ++ ## (4) Modify (Success/Failure) ++ ## (5) Permission Modification (Success/Failure) ++ ## (6) Ownership Modification (Success/Failure) ++ ++ ## Audit User and Group Management Events (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## (1) User add, delete, modify, disable, enable (Success/Failure) ++ ## (2) Group/Role add, delete, modify (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## ++ ## Generic User and Group Management Events (Success/Failure) ++ ## Selection of setuid programs that relate to ++ ## user accounts. ++ ## ++ ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure) ++ ## ++ ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure) ++ ## ++ ## Audit Privilege or Role Escalation Events (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Privilege/Role escalation (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit All Audit and Log Data Accesses (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Audit and log data access (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit Cryptographic Verification of Software (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Applications (e.g. Firefox, Internet Explorer, MS Office Suite, ++ ## etc) initialization (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit Kernel Module Loading and Unloading Events (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ - audit_basic_configuration ++ - audit_immutable_login_uids ++ - audit_create_failed ++ - audit_create_success ++ - audit_modify_failed ++ - audit_modify_success ++ - audit_access_failed ++ - audit_access_success ++ - audit_delete_failed ++ - audit_delete_success ++ - audit_perm_change_failed ++ - audit_perm_change_success ++ - audit_owner_change_failed ++ - audit_owner_change_success ++ - audit_ospp_general ++ - audit_module_load ++ ++ ## Enable Automatic Software Updates ++ ## SI-2 / FMT_MOF_EXT.1 ++ # Configure dnf-automatic to Install Only Security Updates ++ - dnf-automatic_security_updates_only ++ ++ # Configure dnf-automatic to Install Available Updates Automatically ++ - dnf-automatic_apply_updates ++ ++ # Enable dnf-automatic Timer ++ - timer_dnf-automatic_enabled ++ ++ # Configure TLS for remote logging ++ - rsyslog_remote_tls ++ - rsyslog_remote_tls_cacert ++ ++ # Prevent Kerberos use by system daemons ++ - kerberos_disable_no_keytab ++ ++ # set ssh client rekey limit ++ - ssh_client_rekey_limit ++ - var_ssh_client_rekey_limit_size=1G ++ - var_ssh_client_rekey_limit_time=1hour ++ ++# configure ssh client to use strong entropy ++ - ssh_client_use_strong_rng_sh ++ - ssh_client_use_strong_rng_csh ++ ++ # zIPl specific rules ++ - zipl_bls_entries_only ++ - zipl_bootmap_is_up_to_date ++ - zipl_audit_argument ++ - zipl_audit_backlog_limit_argument ++ - zipl_slub_debug_argument ++ - zipl_page_poison_argument ++ - zipl_vsyscall_argument ++ - zipl_vsyscall_argument.role=unscored ++ - zipl_vsyscall_argument.severity=info +diff -ruN scap-security-guide-0.1.54/rl8/profiles/pci-dss.profile b/rl8/profiles/pci-dss.profile +--- scap-security-guide-0.1.54/rl8/profiles/pci-dss.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/pci-dss.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,147 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - carlosmmatos ++ ++reference: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf ++ ++title: 'PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8' ++ ++description: |- ++ Ensures PCI-DSS v3.2.1 security configuration settings are applied. ++ ++selections: ++ - var_password_pam_unix_remember=4 ++ - var_account_disable_post_pw_expiration=90 ++ - var_accounts_passwords_pam_faillock_deny=6 ++ - var_accounts_passwords_pam_faillock_unlock_time=1800 ++ - sshd_idle_timeout_value=15_minutes ++ - var_password_pam_minlen=7 ++ - var_password_pam_minclass=2 ++ - var_accounts_maximum_age_login_defs=90 ++ - var_auditd_num_logs=5 ++ - service_auditd_enabled ++ - grub2_audit_argument ++ - auditd_data_retention_num_logs ++ - auditd_data_retention_max_log_file ++ - auditd_data_retention_max_log_file_action ++ - auditd_data_retention_space_left_action ++ - auditd_data_retention_admin_space_left_action ++ - auditd_data_retention_action_mail_acct ++ - package_audispd-plugins_installed ++ - auditd_audispd_syslog_plugin_activated ++ - audit_rules_time_adjtimex ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_usergroup_modification_group ++ - audit_rules_usergroup_modification_gshadow ++ - audit_rules_usergroup_modification_opasswd ++ - audit_rules_usergroup_modification_passwd ++ - audit_rules_usergroup_modification_shadow ++ - audit_rules_networkconfig_modification ++ - file_permissions_var_log_audit ++ - file_ownership_var_log_audit ++ - audit_rules_mac_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_login_events ++ - audit_rules_session_events ++ - audit_rules_unsuccessful_file_modification_creat ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_privileged_commands ++ - audit_rules_media_export ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_renameat ++ - audit_rules_file_deletion_events_rmdir ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_file_deletion_events_unlinkat ++ - audit_rules_sysadmin_actions ++ - audit_rules_kernel_module_loading_delete ++ - audit_rules_kernel_module_loading_finit ++ - audit_rules_kernel_module_loading_init ++ - audit_rules_immutable ++ - var_multiple_time_servers=rhel ++ - service_chronyd_or_ntpd_enabled ++ - chronyd_or_ntpd_specify_remote_server ++ - chronyd_or_ntpd_specify_multiple_servers ++ - rpm_verify_permissions ++ - rpm_verify_hashes ++ - install_hids ++ - rsyslog_files_permissions ++ - rsyslog_files_ownership ++ - rsyslog_files_groupownership ++ - ensure_logrotate_activated ++ - package_aide_installed ++ - aide_build_database ++ - aide_periodic_cron_checking ++ - account_unique_name ++ - gid_passwd_group_same ++ - accounts_password_all_shadowed ++ - no_empty_passwords ++ - display_login_attempts ++ - account_disable_post_pw_expiration ++ - accounts_passwords_pam_faillock_deny ++ - accounts_passwords_pam_faillock_unlock_time ++ - dconf_db_up_to_date ++ - dconf_gnome_screensaver_idle_delay ++ - dconf_gnome_screensaver_idle_activation_enabled ++ - dconf_gnome_screensaver_lock_enabled ++ - dconf_gnome_screensaver_mode_blank ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - accounts_password_pam_minlen ++ - accounts_password_pam_dcredit ++ - accounts_password_pam_ucredit ++ - accounts_password_pam_lcredit ++ - accounts_password_pam_unix_remember ++ - accounts_maximum_age_login_defs ++ - ensure_redhat_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - security_patches_up_to_date ++ - package_opensc_installed ++ - var_smartcard_drivers=cac ++ - configure_opensc_card_drivers ++ - force_opensc_card_drivers ++ - package_pcsc-lite_installed ++ - service_pcscd_enabled ++ - sssd_enable_smartcards ++ - set_password_hashing_algorithm_systemauth ++ - set_password_hashing_algorithm_logindefs ++ - set_password_hashing_algorithm_libuserconf ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_permissions_etc_shadow ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ - file_permissions_etc_group ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ - file_permissions_etc_passwd ++ - file_owner_grub2_cfg ++ - file_groupowner_grub2_cfg ++ - package_libreswan_installed ++ - configure_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_kerberos_crypto_policy +diff -ruN scap-security-guide-0.1.54/rl8/profiles/rhelh-stig.profile b/rl8/profiles/rhelh-stig.profile +--- scap-security-guide-0.1.54/rl8/profiles/rhelh-stig.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/rhelh-stig.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,13 @@ ++documentation_complete: false ++ ++title: '[DRAFT] DISA STIG for Red Hat Enterprise Linux Virtualization Host (RHELH)' ++ ++description: |- ++ This *draft* profile contains configuration checks that align to the ++ DISA STIG for Red Hat Enterprise Linux Virtualization Host (RHELH). ++ ++extends: stig ++ ++selections: ++ - sudo_vdsm_nopasswd ++ - package_gdm_removed +diff -ruN scap-security-guide-0.1.54/rl8/profiles/rhelh-vpp.profile b/rl8/profiles/rhelh-vpp.profile +--- scap-security-guide-0.1.54/rl8/profiles/rhelh-vpp.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/rhelh-vpp.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,35 @@ ++documentation_complete: false ++ ++title: 'VPP - Protection Profile for Virtualization v. 1.0 for Red Hat Enterprise Linux Hypervisor (RHELH)' ++ ++description: |- ++ This compliance profile reflects the core set of security ++ related configuration settings for deployment of Red Hat Enterprise ++ Linux Hypervisor (RHELH) 7.x into U.S. Defense, Intelligence, and Civilian agencies. ++ Development partners and sponsors include the U.S. National Institute ++ of Standards and Technology (NIST), U.S. Department of Defense, ++ the National Security Agency, and Red Hat. ++ ++ This baseline implements configuration requirements from the following ++ sources: ++ ++ - Committee on National Security Systems Instruction No. 1253 (CNSSI 1253) ++ - NIST 800-53 control selections for MODERATE impact systems (NIST 800-53) ++ - U.S. Government Configuration Baseline (USGCB) ++ - NIAP Protection Profile for Virtualization v1.0 (VPP v1.0) ++ ++ For any differing configuration requirements, e.g. password lengths, the stricter ++ security setting was chosen. Security Requirement Traceability Guides (RTMs) and ++ sample System Security Configuration Guides are provided via the ++ scap-security-guide-docs package. ++ ++ This profile reflects U.S. Government consensus content and is developed through ++ the ComplianceAsCode project, championed by the National ++ Security Agency. Except for differences in formatting to accommodate ++ publishing processes, this profile mirrors ComplianceAsCode ++ content as minor divergences, such as bugfixes, work through the ++ consensus and release processes. ++ ++extends: ospp ++ ++selections: [] +diff -ruN scap-security-guide-0.1.54/rl8/profiles/rht-ccp.profile b/rl8/profiles/rht-ccp.profile +--- scap-security-guide-0.1.54/rl8/profiles/rht-ccp.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/rht-ccp.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,100 @@ ++documentation_complete: false ++ ++title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)' ++ ++description: |- ++ This profile contains the minimum security relevant ++ configuration settings recommended by Red Hat, Inc for ++ Red Hat Enterprise Linux 8 instances deployed by Red Hat Certified ++ Cloud Providers. ++ ++selections: ++ - var_selinux_state=enforcing ++ - var_selinux_policy_name=targeted ++ - file_owner_logfiles_value=root ++ - file_groupowner_logfiles_value=root ++ - sshd_idle_timeout_value=5_minutes ++ - var_accounts_password_minlen_login_defs=6 ++ - var_accounts_minimum_age_login_defs=7 ++ - var_accounts_passwords_pam_faillock_deny=5 ++ - var_accounts_password_warn_age_login_defs=7 ++ - var_password_pam_retry=3 ++ - var_password_pam_dcredit=1 ++ - var_password_pam_ucredit=2 ++ - var_password_pam_ocredit=2 ++ - var_password_pam_lcredit=2 ++ - var_password_pam_difok=3 ++ - var_password_pam_unix_remember=5 ++ - var_accounts_user_umask=077 ++ - login_banner_text=usgcb_default ++ - partition_for_tmp ++ - partition_for_var ++ - partition_for_var_log ++ - partition_for_var_log_audit ++ - selinux_state ++ - selinux_policytype ++ - ensure_redhat_gpgkey_installed ++ - security_patches_up_to_date ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - package_aide_installed ++ - accounts_password_pam_unix_remember ++ - no_shelllogin_for_systemaccounts ++ - no_empty_passwords ++ - accounts_password_all_shadowed ++ - accounts_no_uid_except_zero ++ - accounts_password_minlen_login_defs ++ - accounts_minimum_age_login_defs ++ - accounts_password_warn_age_login_defs ++ - accounts_password_pam_retry ++ - accounts_password_pam_dcredit ++ - accounts_password_pam_ucredit ++ - accounts_password_pam_ocredit ++ - accounts_password_pam_lcredit ++ - accounts_password_pam_difok ++ - accounts_passwords_pam_faillock_deny ++ - set_password_hashing_algorithm_systemauth ++ - set_password_hashing_algorithm_logindefs ++ - set_password_hashing_algorithm_libuserconf ++ - require_singleuser_auth ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_permissions_etc_shadow ++ - file_owner_etc_gshadow ++ - file_groupowner_etc_gshadow ++ - file_permissions_etc_gshadow ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ - file_permissions_etc_passwd ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ - file_permissions_etc_group ++ - file_permissions_library_dirs ++ - file_ownership_library_dirs ++ - file_permissions_binary_dirs ++ - file_ownership_binary_dirs ++ - file_permissions_var_log_audit ++ - file_owner_grub2_cfg ++ - file_groupowner_grub2_cfg ++ - file_permissions_grub2_cfg ++ - grub2_password ++ - kernel_module_dccp_disabled ++ - kernel_module_sctp_disabled ++ - service_firewalld_enabled ++ - set_firewalld_default_zone ++ - firewalld_sshd_port_enabled ++ - service_abrtd_disabled ++ - service_telnet_disabled ++ - package_telnet-server_removed ++ - package_telnet_removed ++ - sshd_allow_only_protocol2 ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - disable_host_auth ++ - sshd_disable_root_login ++ - sshd_disable_empty_passwords ++ - sshd_enable_warning_banner ++ - sshd_do_not_permit_user_env ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy +diff -ruN scap-security-guide-0.1.54/rl8/profiles/standard.profile b/rl8/profiles/standard.profile +--- scap-security-guide-0.1.54/rl8/profiles/standard.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/standard.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,67 @@ ++documentation_complete: false ++ ++title: 'Standard System Security Profile for Red Hat Enterprise Linux 8' ++ ++description: |- ++ This profile contains rules to ensure standard security baseline ++ of a Red Hat Enterprise Linux 8 system. Regardless of your system's workload ++ all of these checks should pass. ++ ++selections: ++ - ensure_redhat_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - rpm_verify_permissions ++ - rpm_verify_hashes ++ - security_patches_up_to_date ++ - no_empty_passwords ++ - file_permissions_unauthorized_sgid ++ - file_permissions_unauthorized_suid ++ - file_permissions_unauthorized_world_writable ++ - accounts_root_path_dirs_no_write ++ - dir_perms_world_writable_sticky_bits ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_nosuid ++ - partition_for_var_log ++ - partition_for_var_log_audit ++ - package_rsyslog_installed ++ - service_rsyslog_enabled ++ - audit_rules_time_adjtimex ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_usergroup_modification ++ - audit_rules_networkconfig_modification ++ - audit_rules_mac_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_unsuccessful_file_modification ++ - audit_rules_privileged_commands ++ - audit_rules_media_export ++ - audit_rules_file_deletion_events ++ - audit_rules_sysadmin_actions ++ - audit_rules_kernel_module_loading ++ - service_abrtd_disabled ++ - service_atd_disabled ++ - service_autofs_disabled ++ - service_ntpdate_disabled ++ - service_oddjobd_disabled ++ - service_qpidd_disabled ++ - service_rdisc_disabled ++ - configure_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_kerberos_crypto_policy +diff -ruN scap-security-guide-0.1.54/rl8/profiles/stig.profile b/rl8/profiles/stig.profile +--- scap-security-guide-0.1.54/rl8/profiles/stig.profile 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/profiles/stig.profile 2021-08-21 16:38:56.445262464 -0400 +@@ -0,0 +1,338 @@ ++documentation_complete: true ++ ++metadata: ++ version: V1R1 ++ SMEs: ++ - carlosmmatos ++ ++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux ++ ++title: 'DISA STIG for Red Hat Enterprise Linux 8' ++ ++description: |- ++ This profile contains configuration checks that align to the ++ DISA STIG for Red Hat Enterprise Linux 8. ++ ++ In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this ++ configuration baseline as applicable to the operating system tier of ++ Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as: ++ ++ - Red Hat Enterprise Linux Server ++ - Red Hat Enterprise Linux Workstation and Desktop ++ - Red Hat Enterprise Linux for HPC ++ - Red Hat Storage ++ - Red Hat Containers with a Red Hat Enterprise Linux 8 image ++ ++selections: ++ # variables ++ - var_rekey_limit_size=1G ++ - var_rekey_limit_time=1hour ++ - var_accounts_user_umask=077 ++ - var_password_pam_difok=8 ++ - var_password_pam_maxrepeat=3 ++ - var_sshd_disable_compression=no ++ - var_password_pam_maxclassrepeat=4 ++ - var_password_pam_minclass=4 ++ - var_accounts_minimum_age_login_defs=1 ++ - var_accounts_max_concurrent_login_sessions=10 ++ - var_password_pam_unix_remember=5 ++ - var_selinux_state=enforcing ++ - var_selinux_policy_name=targeted ++ - var_accounts_password_minlen_login_defs=15 ++ - var_password_pam_minlen=15 ++ - var_password_pam_ocredit=1 ++ - var_password_pam_dcredit=1 ++ - var_password_pam_ucredit=1 ++ - var_password_pam_lcredit=1 ++ - var_password_pam_retry=3 ++ - var_password_pam_minlen=15 ++ - sshd_idle_timeout_value=10_minutes ++ - var_accounts_passwords_pam_faillock_deny=3 ++ - var_accounts_passwords_pam_faillock_fail_interval=900 ++ - var_accounts_passwords_pam_faillock_unlock_time=never ++ - var_ssh_client_rekey_limit_size=1G ++ - var_ssh_client_rekey_limit_time=1hour ++ - var_accounts_fail_delay=4 ++ - var_account_disable_post_pw_expiration=35 ++ - var_auditd_action_mail_acct=root ++ - var_time_service_set_maxpoll=18_hours ++ - var_password_hashing_algorithm=SHA512 ++ - var_accounts_maximum_age_login_defs=60 ++ - var_auditd_space_left=250MB ++ - var_auditd_space_left_action=email ++ - var_auditd_disk_error_action=halt ++ - var_auditd_max_log_file_action=syslog ++ - var_auditd_disk_full_action=halt ++ ++ ### Enable / Configure FIPS ++ - enable_fips_mode ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_kerberos_crypto_policy ++ - enable_dracut_fips_module ++ ++ # rules ++ - installed_OS_is_vendor_supported ++ - security_patches_up_to_date ++ ++ - sysctl_crypto_fips_enabled ++ - encrypt_partitions ++ - sshd_enable_warning_banner ++ - dconf_gnome_banner_enabled ++ - dconf_gnome_login_banner_text ++ - banner_etc_issue ++ - set_password_hashing_algorithm_logindefs ++ - grub2_uefi_password ++ - grub2_uefi_admin_username ++ - grub2_password ++ - grub2_admin_username ++ - kerberos_disable_no_keytab ++ - package_krb5-workstation_removed ++ - selinux_state ++ - package_policycoreutils_installed ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - sshd_use_strong_rng ++ - file_permissions_binary_dirs ++ - file_ownership_binary_dirs ++ - file_permissions_library_dirs ++ - file_ownership_library_dirs ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_local_packages ++ - sysctl_kernel_kexec_load_disabled ++ - sysctl_fs_protected_symlinks ++ - sysctl_fs_protected_hardlinks ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_perf_event_paranoid ++ - sudo_remove_nopasswd ++ - sudo_remove_no_authenticate ++ - package_opensc_installed ++ - grub2_page_poison_argument ++ - grub2_vsyscall_argument ++ - grub2_slub_debug_argument ++ - sysctl_kernel_randomize_va_space ++ - clean_components_post_updating ++ - selinux_policytype ++ - no_host_based_files ++ - no_user_host_based_files ++ - service_rngd_enabled ++ - package_rng-tools_installed ++ - file_permissions_sshd_pub_key ++ - file_permissions_sshd_private_key ++ - sshd_enable_strictmodes ++ - sshd_disable_compression ++ - sshd_disable_user_known_hosts ++ - partition_for_var ++ - partition_for_var_log ++ - partition_for_var_log_audit ++ - partition_for_tmp ++ - sshd_disable_root_login ++ - service_auditd_enabled ++ - service_rsyslog_enabled ++ - mount_option_home_nosuid ++ - mount_option_boot_nosuid ++ - mount_option_nodev_nonroot_local_partitions ++ - mount_option_nodev_removable_partitions ++ - mount_option_noexec_removable_partitions ++ - mount_option_nosuid_removable_partitions ++ - mount_option_noexec_remote_filesystems ++ - mount_option_nodev_remote_filesystems ++ - mount_option_nosuid_remote_filesystems ++ - service_kdump_disabled ++ - sysctl_kernel_core_pattern ++ - service_systemd-coredump_disabled ++ - disable_users_coredumps ++ - coredump_disable_storage ++ - coredump_disable_backtraces ++ - accounts_user_home_paths_only ++ - accounts_user_interactive_home_directory_defined ++ - file_permissions_home_directories ++ - file_groupownership_home_directories ++ - accounts_user_interactive_home_directory_exists ++ - accounts_have_homedir_login_defs ++ - file_permission_user_init_files ++ - no_files_unowned_by_user ++ - file_permissions_ungroupowned ++ - partition_for_home ++ - gnome_gdm_disable_automatic_login ++ - sshd_do_not_permit_user_env ++ - account_temp_expire_date ++ - accounts_passwords_pam_faillock_deny ++ - accounts_passwords_pam_faillock_interval ++ - accounts_passwords_pam_faillock_unlock_time ++ - accounts_passwords_pam_faillock_deny_root ++ - accounts_max_concurrent_login_sessions ++ - dconf_gnome_screensaver_lock_enabled ++ - configure_bashrc_exec_tmux ++ - no_tmux_in_shells ++ - dconf_gnome_screensaver_idle_delay ++ - configure_tmux_lock_after_time ++ - accounts_password_pam_ucredit ++ - accounts_password_pam_lcredit ++ - accounts_password_pam_dcredit ++ - accounts_password_pam_maxclassrepeat ++ - accounts_password_pam_maxrepeat ++ - accounts_password_pam_minclass ++ - accounts_password_pam_difok ++ - accounts_password_set_min_life_existing ++ - accounts_minimum_age_login_defs ++ - accounts_maximum_age_login_defs ++ - accounts_password_set_max_life_existing ++ - accounts_password_pam_unix_remember ++ - accounts_password_pam_minlen ++ - accounts_password_minlen_login_defs ++ - account_disable_post_pw_expiration ++ - accounts_password_pam_ocredit ++ - sssd_offline_cred_expiration ++ - accounts_logon_fail_delay ++ - display_login_attempts ++ - sshd_print_last_log ++ - accounts_umask_etc_login_defs ++ - accounts_umask_interactive_users ++ - accounts_umask_etc_bashrc ++ - rsyslog_cron_logging ++ - auditd_data_retention_action_mail_acct ++ - postfix_client_configure_mail_alias ++ - auditd_data_disk_error_action ++ - auditd_data_retention_max_log_file_action ++ - auditd_data_disk_full_action ++ - auditd_local_events ++ - auditd_name_format ++ - auditd_log_format ++ - file_permissions_var_log_audit ++ - directory_permissions_var_log_audit ++ # - audit_rules_immutable ++ # - audit_immutable_login_uids ++ # - audit_rules_usergroup_modification_shadow ++ # - audit_rules_usergroup_modification_opasswd ++ # - audit_rules_usergroup_modification_passwd ++ # - audit_rules_usergroup_modification_gshadow ++ # - audit_rules_usergroup_modification_group ++ # - audit_rules_login_events_lastlog ++ - grub2_audit_argument ++ - grub2_audit_backlog_limit_argument ++ - configure_usbguard_auditbackend ++ - package_rsyslog_installed ++ - package_rsyslog-gnutls_installed ++ - rsyslog_remote_loghost ++ # this rule expects configuration in MB instead percentage as how STIG demands ++ # - auditd_data_retention_space_left ++ - auditd_data_retention_space_left_action ++ # remediation fails because default configuration file contains pool instead of server keyword ++ - chronyd_or_ntpd_set_maxpoll ++ - chronyd_client_only ++ - chronyd_no_chronyc_network ++ - package_telnet-server_removed ++ - package_abrt_removed ++ - package_abrt-addon-ccpp_removed ++ - package_abrt-addon-kerneloops_removed ++ - package_abrt-addon-python_removed ++ - package_abrt-cli_removed ++ - package_abrt-plugin-logger_removed ++ - package_abrt-plugin-rhtsupport_removed ++ - package_abrt-plugin-sosreport_removed ++ - package_sendmail_removed ++ # - package_gssproxy_removed ++ - grub2_pti_argument ++ - package_rsh-server_removed ++ - kernel_module_atm_disabled ++ - kernel_module_can_disabled ++ - kernel_module_sctp_disabled ++ - kernel_module_tipc_disabled ++ - kernel_module_cramfs_disabled ++ - kernel_module_firewire-core_disabled ++ - configure_firewalld_ports ++ - service_autofs_disabled ++ - kernel_module_usb-storage_disabled ++ - service_firewalld_enabled ++ - package_firewalld_installed ++ - wireless_disable_interfaces ++ - kernel_module_bluetooth_disabled ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_nosuid ++ - mount_option_dev_shm_noexec ++ - mount_option_tmp_nodev ++ - mount_option_tmp_nosuid ++ - mount_option_tmp_noexec ++ - mount_option_var_log_nodev ++ - mount_option_var_log_nosuid ++ - mount_option_var_log_noexec ++ - mount_option_var_log_audit_nodev ++ - mount_option_var_log_audit_nosuid ++ - mount_option_var_log_audit_noexec ++ - mount_option_var_tmp_nodev ++ - mount_option_var_tmp_nosuid ++ - mount_option_var_tmp_noexec ++ - package_openssh-server_installed ++ - service_sshd_enabled ++ - sshd_rekey_limit ++ - ssh_client_rekey_limit ++ - disable_ctrlaltdel_reboot ++ - dconf_gnome_disable_ctrlaltdel_reboot ++ - disable_ctrlaltdel_burstaction ++ - service_debug-shell_disabled ++ - package_tftp-server_removed ++ - accounts_no_uid_except_zero ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ - sysctl_net_ipv4_ip_forward ++ - sysctl_net_ipv6_conf_all_accept_ra ++ - sysctl_net_ipv6_conf_default_accept_ra ++ - sysctl_net_ipv4_conf_default_send_redirects ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ - sysctl_kernel_unprivileged_bpf_disabled ++ - sysctl_kernel_yama_ptrace_scope ++ - sysctl_kernel_kptr_restrict ++ - sysctl_user_max_user_namespaces ++ - sysctl_net_ipv4_conf_all_rp_filter ++ # /etc/postfix/main.cf does not exist on default installation resulting in error during remediation ++ # there needs to be a new platform check to identify when postfix is installed or not ++ # - postfix_prevent_unrestricted_relay ++ - aide_verify_ext_attributes ++ - aide_verify_acls ++ # - package_xorg-x11-server-common_removed ++ - sshd_disable_x11_forwarding ++ - sshd_x11_use_localhost ++ - tftpd_uses_secure_mode ++ - package_vsftpd_removed ++ - package_iprutils_removed ++ - package_tuned_removed ++ - require_emergency_target_auth ++ - require_singleuser_auth ++ - set_password_hashing_algorithm_systemauth ++ - dir_perms_world_writable_sticky_bits ++ - package_aide_installed ++ - aide_scan_notification ++ - install_smartcard_packages ++ - sshd_disable_kerb_auth ++ - sshd_disable_gssapi_auth ++ - accounts_user_dot_no_world_writable_programs ++ - network_configure_name_resolution ++ - dir_perms_world_writable_root_owned ++ - package_tmux_installed ++ - configure_tmux_lock_command ++ - accounts_password_pam_retry ++ - sssd_enable_smartcards ++ - no_empty_passwords ++ - sshd_disable_empty_passwords ++ - file_ownership_var_log_audit ++ # - audit_rules_sysadmin_actions ++ - package_audit_installed ++ - service_auditd_enabled ++ - sshd_allow_only_protocol2 ++ - package_fapolicyd_installed ++ - service_fapolicyd_enabled ++ - package_usbguard_installed ++ - service_usbguard_enabled ++ - network_sniffer_disabled +diff -ruN scap-security-guide-0.1.54/rl8/transforms/cci2html.xsl b/rl8/transforms/cci2html.xsl +--- scap-security-guide-0.1.54/rl8/transforms/cci2html.xsl 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/cci2html.xsl 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/constants.xslt b/rl8/transforms/constants.xslt +--- scap-security-guide-0.1.54/rl8/transforms/constants.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/constants.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,21 @@ ++ ++ ++ ++ ++Red Hat Enterprise Linux 8 ++RHEL 8 ++RHEL_8_STIG ++rhel8 ++ ++https://www.cisecurity.org/benchmark/red_hat_linux/ ++RHEL-8 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/shorthand2xccdf.xslt b/rl8/transforms/shorthand2xccdf.xslt +--- scap-security-guide-0.1.54/rl8/transforms/shorthand2xccdf.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/shorthand2xccdf.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++unknown ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/table-add-srgitems.xslt b/rl8/transforms/table-add-srgitems.xslt +--- scap-security-guide-0.1.54/rl8/transforms/table-add-srgitems.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/table-add-srgitems.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,7 @@ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/table-sortbyref.xslt b/rl8/transforms/table-sortbyref.xslt +--- scap-security-guide-0.1.54/rl8/transforms/table-sortbyref.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/table-sortbyref.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/table-srgmap.xslt b/rl8/transforms/table-srgmap.xslt +--- scap-security-guide-0.1.54/rl8/transforms/table-srgmap.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/table-srgmap.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,11 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/table-style.xslt b/rl8/transforms/table-style.xslt +--- scap-security-guide-0.1.54/rl8/transforms/table-style.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/table-style.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,5 @@ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2stigformat.xslt b/rl8/transforms/xccdf2stigformat.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2stigformat.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2stigformat.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,7 @@ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2table-byref.xslt b/rl8/transforms/xccdf2table-byref.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2table-byref.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2table-byref.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2table-cce.xslt b/rl8/transforms/xccdf2table-cce.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2table-cce.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2table-cce.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profileanssirefs.xslt b/rl8/transforms/xccdf2table-profileanssirefs.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profileanssirefs.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2table-profileanssirefs.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profileccirefs.xslt b/rl8/transforms/xccdf2table-profileccirefs.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profileccirefs.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2table-profileccirefs.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profilecisrefs.xslt b/rl8/transforms/xccdf2table-profilecisrefs.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profilecisrefs.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2table-profilecisrefs.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profilenistrefs-cui.xslt b/rl8/transforms/xccdf2table-profilenistrefs-cui.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profilenistrefs-cui.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2table-profilenistrefs-cui.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profilenistrefs.xslt b/rl8/transforms/xccdf2table-profilenistrefs.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2table-profilenistrefs.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2table-profilenistrefs.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf2table-stig.xslt b/rl8/transforms/xccdf2table-stig.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf2table-stig.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf2table-stig.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/rl8/transforms/xccdf-apply-overlay-stig.xslt b/rl8/transforms/xccdf-apply-overlay-stig.xslt +--- scap-security-guide-0.1.54/rl8/transforms/xccdf-apply-overlay-stig.xslt 1969-12-31 19:00:00.000000000 -0500 ++++ b/rl8/transforms/xccdf-apply-overlay-stig.xslt 2021-08-21 16:45:20.986643319 -0400 +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff -ruN scap-security-guide-0.1.54/shared/checks/oval/installed_OS_is_rl8.xml b/shared/checks/oval/installed_OS_is_rl8.xml +--- scap-security-guide-0.1.54/shared/checks/oval/installed_OS_is_rl8.xml 1969-12-31 19:00:00.000000000 -0500 ++++ b/shared/checks/oval/installed_OS_is_rl8.xml 2021-08-21 15:15:07.317828328 -0400 +@@ -0,0 +1,47 @@ ++ ++ ++ ++ Rocky Linux 8 ++ ++ multi_platform_all ++ ++ ++ The operating system installed on the system is ++ Rocky Linux 8 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ /etc/os-release ++ ^ID="(\w+)"$ ++ 1 ++ ++ ++ rocky ++ ++ ++ ++ ++ ++ ++ ++ /etc/os-release ++ ^VERSION_ID="(\d.*)"$ ++ 1 ++ ++ ++ ^8.*$ ++ ++ +diff -ruN scap-security-guide-0.1.54/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml +--- scap-security-guide-0.1.54/shared/checks/oval/install_mcafee_hbss.xml 2021-02-03 05:54:10.000000000 -0500 ++++ b/shared/checks/oval/install_mcafee_hbss.xml 2021-08-21 16:30:17.561661782 -0400 +@@ -14,6 +14,7 @@ + multi_platform_sle + multi_platform_ubuntu + multi_platform_wrlinux ++ multi_platform_rl + + McAfee Host-Based Intrusion Detection Software (HBSS) software + should be installed. +diff -ruN scap-security-guide-0.1.54/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +--- scap-security-guide-0.1.54/shared/checks/oval/sysctl_kernel_ipv6_disable.xml 2021-02-03 05:54:10.000000000 -0500 ++++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml 2021-08-21 16:25:41.001077695 -0400 +@@ -8,11 +8,12 @@ + multi_platform_opensuse + multi_platform_ol + multi_platform_rhcos +- multi_platform_rhel ++ multi_platform_rhel,multi_platform_rocky,multi_platform_rl + multi_platform_rhv + multi_platform_sle + multi_platform_ubuntu + multi_platform_wrlinux ++ multi_platform_rl + + Disables IPv6 for all network interfaces. + +diff -ruN scap-security-guide-0.1.54/shared/references/disa-stig-rhel8-v1r1-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r1-xccdf-manual.xml +--- scap-security-guide-0.1.54/shared/references/disa-stig-rhel8-v1r1-xccdf-manual.xml 2021-02-03 05:54:10.000000000 -0500 ++++ b/shared/references/disa-stig-rhel8-v1r1-xccdf-manual.xml 2021-08-21 16:25:40.865075441 -0400 +@@ -1639,7 +1639,7 @@ + + If the "kdump" service is active, ask the System Administrator if the use of the service is required and documented with the Information System Security Officer (ISSO). + +-If the service is active and is not documented, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-010671RHEL 8 must disable the kernel.core_pattern.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000366Configure RHEL 8 to disable storing core dumps by adding the following line to a file in the "/etc/sysctl.d" directory: ++If the service is active and is not documented, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-010671RHEL 8 must disable the kernel.core_pattern.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8,multi_platform_rockyDISADPMS TargetRed Hat Enterprise Linux 8,multi_platform_rocky2921CCI-000366Configure RHEL 8 to disable storing core dumps by adding the following line to a file in the "/etc/sysctl.d" directory: + + kernel.core_pattern = |/bin/false + +@@ -6410,7 +6410,7 @@ + net.ipv4.conf.all.accept_redirects = 0 + net.ipv6.conf.all.accept_redirects = 0 + +-If both of the returned lines do not have a value of "0", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040281RHEL 8 must disable access to network bpf syscall from unprivileged processes.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000366Configure RHEL 8 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory: ++If both of the returned lines do not have a value of "0", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040281RHEL 8 must disable access to network bpf syscall from unprivileged processes.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8,multi_platform_rockyDISADPMS TargetRed Hat Enterprise Linux 8,multi_platform_rocky2921CCI-000366Configure RHEL 8 to prevent privilege escalation thru the kernel by disabling access to the bpf syscall by adding the following line to a file in the "/etc/sysctl.d" directory: + + kernel.unprivileged_bpf_disabled = 1 + +@@ -6422,7 +6422,7 @@ + + kernel.unprivileged_bpf_disabled = 1 + +-If the returned line does not have a value of "1", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040282RHEL 8 must restrict usage of ptrace to descendant processes.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000366Configure RHEL 8 to restrict usage of ptrace to descendant processes by adding the following line to a file in the "/etc/sysctl.d" directory: ++If the returned line does not have a value of "1", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040282RHEL 8 must restrict usage of ptrace to descendant processes.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8,multi_platform_rockyDISADPMS TargetRed Hat Enterprise Linux 8,multi_platform_rocky2921CCI-000366Configure RHEL 8 to restrict usage of ptrace to descendant processes by adding the following line to a file in the "/etc/sysctl.d" directory: + + kernel.yama.ptrace_scope = 1 + +@@ -6434,7 +6434,7 @@ + + kernel.yama.ptrace_scope = 1 + +-If the returned line does not have a value of "1", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040283RHEL 8 must restrict exposed kernel pointer addresses access.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000366Configure RHEL 8 to restrict exposed kernel pointer addresses access by adding the following line to a file in the "/etc/sysctl.d" directory: ++If the returned line does not have a value of "1", or a line is not returned, this is a finding.SRG-OS-000480-GPOS-00227<GroupDescription></GroupDescription>RHEL-08-040283RHEL 8 must restrict exposed kernel pointer addresses access.<VulnDiscussion>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8,multi_platform_rockyDISADPMS TargetRed Hat Enterprise Linux 8,multi_platform_rocky2921CCI-000366Configure RHEL 8 to restrict exposed kernel pointer addresses access by adding the following line to a file in the "/etc/sysctl.d" directory: + + kernel.kptr_restrict = 1 + +diff -ruN scap-security-guide-0.1.54/shared/references/disa-stig-rl8-v1r3-xccdf-manual.xml b/shared/references/disa-stig-rl8-v1r3-xccdf-manual.xml +--- scap-security-guide-0.1.54/shared/references/disa-stig-rl8-v1r3-xccdf-manual.xml 1969-12-31 19:00:00.000000000 -0500 ++++ b/shared/references/disa-stig-rl8-v1r3-xccdf-manual.xml 2021-08-21 15:19:13.180902065 -0400 +@@ -0,0 +1,6915 @@ ++acceptedRed Hat Enterprise Linux 8 Security Technical Implementation GuideThis Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.DISASTIG.DOD.MILRelease: 3 Benchmark Date: 23 Jul 20213.2.2.360791.10.01I - Mission Critical Classified<ProfileDescription></ProfileDescription>I - Mission Critical Sensitive<ProfileDescription></ProfileDescription>II - Mission Support Public<ProfileDescription></ProfileDescription>III - Administrative Classified<ProfileDescription></ProfileDescription>III - Administrative Sensitive<ProfileDescription></ProfileDescription>