From 3ce6f35df23772519be800952ba4ce99679abbad Mon Sep 17 00:00:00 2001 From: YuQing Date: Thu, 29 Dec 2022 18:12:45 +0800 Subject: [PATCH] Add product for Anolis8 Signed-off-by: YuQing --- ...-0.1.65-supports_anolis_os_8-PR_9770.patch | 2957 +++++++++++++++++ scap-security-guide.spec | 8 +- 2 files changed, 2964 insertions(+), 1 deletion(-) create mode 100644 scap-security-guide-0.1.65-supports_anolis_os_8-PR_9770.patch diff --git a/scap-security-guide-0.1.65-supports_anolis_os_8-PR_9770.patch b/scap-security-guide-0.1.65-supports_anolis_os_8-PR_9770.patch new file mode 100644 index 0000000..7cd6a2d --- /dev/null +++ b/scap-security-guide-0.1.65-supports_anolis_os_8-PR_9770.patch @@ -0,0 +1,2957 @@ +From b9a5b670570ad914167f4f5efb85f2f9e3e7479e Mon Sep 17 00:00:00 2001 +From: YuQing +Date: Thu, 29 Dec 2022 16:57:11 +0800 +Subject: [PATCH] support anolis8 + +--- + CMakeLists.txt | 5 + + build_product | 1 + + .../service_avahi-daemon_disabled/rule.yml | 2 +- + .../base/service_abrtd_disabled/rule.yml | 2 +- + .../base/service_qpidd_disabled/rule.yml | 2 +- + .../base/service_rdisc_disabled/rule.yml | 2 +- + .../file_groupowner_cron_d/rule.yml | 2 +- + .../file_groupowner_cron_daily/rule.yml | 2 +- + .../file_groupowner_cron_hourly/rule.yml | 2 +- + .../file_groupowner_cron_monthly/rule.yml | 2 +- + .../file_groupowner_cron_weekly/rule.yml | 2 +- + .../file_groupowner_crontab/rule.yml | 2 +- + .../cron_and_at/file_owner_cron_d/rule.yml | 2 +- + .../file_owner_cron_daily/rule.yml | 2 +- + .../file_owner_cron_hourly/rule.yml | 2 +- + .../file_owner_cron_monthly/rule.yml | 2 +- + .../file_owner_cron_weekly/rule.yml | 2 +- + .../cron_and_at/file_owner_crontab/rule.yml | 2 +- + .../file_permissions_cron_d/rule.yml | 2 +- + .../file_permissions_cron_daily/rule.yml | 2 +- + .../file_permissions_cron_hourly/rule.yml | 2 +- + .../file_permissions_cron_monthly/rule.yml | 2 +- + .../file_permissions_cron_weekly/rule.yml | 2 +- + .../file_permissions_crontab/rule.yml | 2 +- + .../file_at_deny_not_exist/rule.yml | 2 +- + .../file_cron_deny_not_exist/rule.yml | 2 +- + .../file_groupowner_at_allow/rule.yml | 2 +- + .../file_groupowner_cron_allow/rule.yml | 2 +- + .../file_owner_at_allow/rule.yml | 2 +- + .../file_owner_cron_allow/rule.yml | 2 +- + .../file_permissions_at_allow/rule.yml | 2 +- + .../file_permissions_cron_allow/rule.yml | 2 +- + .../cron_and_at/service_atd_disabled/rule.yml | 2 +- + .../service_crond_enabled/rule.yml | 2 +- + .../service_dhcpd_disabled/rule.yml | 2 +- + .../package_bind_removed/rule.yml | 2 +- + .../service_named_disabled/rule.yml | 2 +- + .../service_vsftpd_disabled/rule.yml | 2 +- + .../service_httpd_disabled/rule.yml | 2 +- + .../service_dovecot_disabled/rule.yml | 2 +- + .../service_slapd_disabled/rule.yml | 2 +- + .../service_rpcbind_disabled/rule.yml | 2 +- + .../service_nfs_disabled/rule.yml | 2 +- + .../nis/service_ypserv_disabled/rule.yml | 2 +- + .../obsolete/service_rsyncd_disabled/rule.yml | 2 +- + .../printing/service_cups_disabled/rule.yml | 2 +- + .../service_squid_disabled/rule.yml | 2 +- + .../service_smb_disabled/rule.yml | 2 +- + .../service_snmpd_disabled/rule.yml | 2 +- + .../ssh/file_groupowner_sshd_config/rule.yml | 2 +- + .../ssh/file_owner_sshd_config/rule.yml | 2 +- + .../ssh/file_permissions_sshd_config/rule.yml | 2 +- + .../banner_etc_issue/rule.yml | 2 +- + .../accounts-banners/banner_etc_motd/rule.yml | 2 +- + .../file_groupowner_etc_issue/rule.yml | 2 +- + .../file_groupowner_etc_motd/rule.yml | 2 +- + .../file_owner_etc_issue/rule.yml | 2 +- + .../file_owner_etc_motd/rule.yml | 2 +- + .../file_permissions_etc_issue/rule.yml | 2 +- + .../file_permissions_etc_motd/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../accounts_password_pam_minclass/rule.yml | 2 +- + .../accounts_password_pam_minlen/rule.yml | 2 +- + .../accounts_password_pam_retry/rule.yml | 2 +- + .../rule.yml | 2 +- + .../require_emergency_target_auth/rule.yml | 2 +- + .../require_singleuser_auth/rule.yml | 2 +- + .../rule.yml | 2 +- + .../account_unique_id/rule.yml | 2 +- + .../group_unique_id/rule.yml | 2 +- + .../group_unique_name/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../no_shelllogin_for_systemaccounts/rule.yml | 2 +- + .../root_logins/use_pam_wheel_for_su/rule.yml | 2 +- + .../accounts-session/accounts_tmout/rule.yml | 2 +- + .../rule.yml | 2 +- + .../file_ownership_home_directories/rule.yml | 2 +- + .../accounts_umask_etc_bashrc/rule.yml | 2 +- + .../audit_rules_file_deletion_events/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../file_groupowner_grub2_cfg/rule.yml | 2 +- + .../non-uefi/file_owner_grub2_cfg/rule.yml | 2 +- + .../file_permissions_grub2_cfg/rule.yml | 2 +- + .../non-uefi/grub2_password/rule.yml | 2 +- + .../file_groupowner_efi_grub2_cfg/rule.yml | 2 +- + .../uefi/file_owner_efi_grub2_cfg/rule.yml | 2 +- + .../file_permissions_efi_grub2_cfg/rule.yml | 2 +- + .../uefi/grub2_uefi_password/rule.yml | 2 +- + .../journald/journald_compress/rule.yml | 2 +- + .../journald_forward_to_syslog/rule.yml | 2 +- + .../journald/journald_storage/rule.yml | 2 +- + .../package_firewalld_installed/rule.yml | 2 +- + .../service_firewalld_enabled/rule.yml | 2 +- + .../package_libreswan_installed/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_net_ipv4_ip_forward/rule.yml | 2 +- + .../kernel_module_dccp_disabled/rule.yml | 2 +- + .../kernel_module_sctp_disabled/rule.yml | 2 +- + .../wireless_disable_interfaces/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../file_permissions_ungroupowned/rule.yml | 2 +- + .../mounting/service_autofs_disabled/rule.yml | 2 +- + .../disable_users_coredumps/rule.yml | 2 +- + .../configure_bind_crypto_policy/rule.yml | 2 +- + .../crypto/configure_crypto_policy/rule.yml | 2 +- + .../configure_kerberos_crypto_policy/rule.yml | 2 +- + .../rule.yml | 2 +- + .../configure_openssl_crypto_policy/rule.yml | 2 +- + .../configure_ssh_crypto_policy/rule.yml | 2 +- + .../aide/aide_periodic_cron_checking/rule.yml | 2 +- + .../aide/package_aide_installed/rule.yml | 2 +- + .../rpm_verify_hashes/rule.yml | 2 +- + .../rpm_verify_permissions/rule.yml | 2 +- + .../rule.yml | 2 +- + .../ensure_redhat_gpgkey_installed/rule.yml | 2 +- + .../security_patches_up_to_date/rule.yml | 2 +- + products/anolis8/CMakeLists.txt | 6 + + products/anolis8/overlays/.gitkeep | 0 + products/anolis8/product.yml | 23 + + products/anolis8/profiles/standard.profile | 728 ++++++++++++++++++ + products/anolis8/transforms/constants.xslt | 10 + + products/anolis8/transforms/table-style.xslt | 5 + + .../transforms/xccdf-apply-overlay-stig.xslt | 8 + + .../anolis8/transforms/xccdf2table-cce.xslt | 9 + + .../xccdf2table-profileccirefs.xslt | 9 + + .../checks/oval/installed_OS_is_anolis8.xml | 28 + + .../oval/sysctl_kernel_ipv6_disable.xml | 1 + + ssg/constants.py | 6 +- + tests/unit/ssg-module/test_utils.py | 2 +- + 163 files changed, 987 insertions(+), 150 deletions(-) + create mode 100644 products/anolis8/CMakeLists.txt + create mode 100644 products/anolis8/overlays/.gitkeep + create mode 100644 products/anolis8/product.yml + create mode 100644 products/anolis8/profiles/standard.profile + create mode 100644 products/anolis8/transforms/constants.xslt + create mode 100644 products/anolis8/transforms/table-style.xslt + create mode 100644 products/anolis8/transforms/xccdf-apply-overlay-stig.xslt + create mode 100644 products/anolis8/transforms/xccdf2table-cce.xslt + create mode 100644 products/anolis8/transforms/xccdf2table-profileccirefs.xslt + create mode 100644 shared/checks/oval/installed_OS_is_anolis8.xml + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index e7a1ee7f1b..b25c043536 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -69,6 +69,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui + # unless explicitly asked for. + option(SSG_PRODUCT_ALINUX2 "If enabled, the Alinux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ALINUX3 "If enabled, the Alinux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) ++option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN9 "If enabled, the Debian 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +@@ -274,6 +275,7 @@ message(STATUS " ") + message(STATUS "Products:") + message(STATUS "Alinux 2: ${SSG_PRODUCT_ALINUX2}") + message(STATUS "Alinux 3: ${SSG_PRODUCT_ALINUX3}") ++message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}") + message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") + message(STATUS "Debian 9: ${SSG_PRODUCT_DEBIAN9}") + message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") +@@ -345,6 +347,9 @@ endif() + if (SSG_PRODUCT_ALINUX3) + add_subdirectory("products/alinux3" "alinux3") + endif() ++if (SSG_PRODUCT_ANOLIS8) ++ add_subdirectory("products/anolis8" "anolis8") ++endif() + if (SSG_PRODUCT_CHROMIUM) + add_subdirectory("products/chromium" "chromium") + endif() +diff --git a/build_product b/build_product +index 24ca39b408..011d23afc4 100755 +--- a/build_product ++++ b/build_product +@@ -299,6 +299,7 @@ set_explict_build_targets() { + all_cmake_products=( + ALINUX2 + ALINUX3 ++ ANOLIS8 + CHROMIUM + DEBIAN9 + DEBIAN10 +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +index a8c094ecb2..0ff67a5f08 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Disable Avahi Server Software' + +diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +index 6abe7b263b..38557afea1 100644 +--- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,uos20 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,uos20 + + title: 'Disable Automatic Bug Reporting Tool (abrtd)' + +diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +index e33eba2efa..c71ce1b230 100644 +--- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 + + title: 'Disable Apache Qpid (qpidd)' + +diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +index 75e2ada151..7ca16e3864 100644 +--- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 + + title: 'Disable Network Router Discovery Daemon (rdisc)' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +index 908087499e..9916a189e6 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +index 821cd13890..100b65a4fd 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +index ab2a16f811..f82f02dd85 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +index 0716370105..c0e0d5c9a6 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,rhel7,anolis8,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +index 32c5f6f8f8..f8f0ec7b2a 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +index 2865d54d83..49eab068de 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns Crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +index 68ad645a56..46dcd7834d 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +index 371fc9d396..8276930669 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +index f24897bdad..2d440fb041 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +index 187eec8edb..3f67f4460f 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +index f1d67d9bd9..815e388dd0 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +index da2c8fad6d..17f6ad6104 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +index a9130cefd5..8739f52446 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +index 514ec15e05..787c56cd04 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +index 1a7934b24a..969c1d5e3a 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +index b05c8eab1b..3b3b0eb0ee 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +index d5d4e8db18..112e429da4 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +index ffa87a2702..044c6c4ac9 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +index 31a2180bcb..677d75d666 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9 + + title: 'Ensure that /etc/at.deny does not exist' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +index 9fb0d5b39d..8c79dfde16 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle15 + + title: 'Ensure that /etc/cron.deny does not exist' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +index ae516b961a..d78a713258 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +index 8879c0fa2b..58df895763 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml +index c8d7092226..f9b421a587 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,sle12,sle15,ubuntu2004 + + title: 'Verify User Who Owns /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +index 9e6670911d..cc75d54f87 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify User Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +index 279d36347e..776c0db6cf 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +index adb16ec6b8..ef366a7927 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle15,ubuntu2004 + + title: 'Verify Permissions on /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +index de88deaa2a..91f458db00 100644 +--- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 + + title: 'Disable At Service (atd)' + +diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +index dbb7c7a06b..ace9ba592f 100644 +--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Enable cron Service' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +index 0eb3829b17..fb9629af78 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle15 + + title: 'Disable DHCP Service' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +index bc2e7411cf..d0a4064ce3 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,uos20 ++prodtype: anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,uos20 + + title: 'Uninstall bind Package' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +index 2acaf85bec..e0cf2d773e 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle15 + + title: 'Disable named Service' + +diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +index 1b723ce761..dc2813b11d 100644 +--- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle15 + + title: 'Disable vsftpd Service' + +diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +index ade2d740c2..27cbd7418f 100644 +--- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle15 + + title: 'Disable httpd Service' + +diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +index 920de88bd0..ef3e17c687 100644 +--- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml ++++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle15 + + title: 'Disable Dovecot Service' + +diff --git a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml +index 9780397e50..8501b6286f 100644 +--- a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,rhel8,rhel9 + + title: 'Disable LDAP Server (slapd)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +index 222dafa3ef..13a1224483 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable rpcbind Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +index ed3d8881db..42cc6befde 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9 + + title: 'Disable Network File System (nfs)' + +diff --git a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml +index 99e527ef10..4f414d3af1 100644 +--- a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,rhel8,rhel9 + + title: 'Disable ypserv Service' + +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +index e3e56f5ea1..cac6fe082b 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure rsyncd service is diabled' + +diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +index bf9ddbb5f3..dfd5918cf2 100644 +--- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml ++++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle15,ubuntu2004 + + title: 'Disable the CUPS Service' + +diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +index 3e3f0f4f26..23d21f512a 100644 +--- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml ++++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,sle15 + + title: 'Disable Squid' + +diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +index ee7b76b185..4aaeec5dc1 100644 +--- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle15 + + title: 'Disable Samba' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +index 0bd8a0129b..fec9e270f3 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,debian9,rhel7,rhel8,rhel9,sle15 + + title: 'Disable snmpd Service' + +diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +index feed2148e2..ae9297fb43 100644 +--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +index f04aa5563c..6b34f4e3de 100644 +--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +index ddad4da469..895528c371 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on SSH Server config file' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +index bbb16cd644..ab5eff0320 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Modify the System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +index cdc981fc3d..3d318ef46b 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Modify the System Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +index 66a7f83077..f0fd86e8e3 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +index 4be94f2b2c..ebcb659853 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +index a3d6b97b56..0b6012d2a9 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +index d42b843421..5701faa68d 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +index 2b9349f75b..111143de2e 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify permissions on System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +index f5d9279b90..8043b9c07e 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify permissions on Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +index 73f2afff87..b4972e25e6 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 + + title: 'Limit Password Reuse: password-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +index fd85b25e98..2bb70d9762 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 + + title: 'Limit Password Reuse: system-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +index 37bd49f696..31327aa03f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +index 3dc5600b26..267c81b5ae 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Length' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +index 4d1b5ebe4a..733777d0ce 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +index b35b01c467..4aaf3ff64f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: "Set PAM''s Password Hashing Algorithm" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +index 1a247ecfb9..a8445adbf7 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Require Authentication for Emergency Systemd Target' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +index 932d76c36d..318e9c862d 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Require Authentication for Single User Mode' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +index 0cb369e82f..01767ce542 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Account Expiration Following Inactivity' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +index de96fd58c4..3469cbf01c 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Ensure All Accounts on the System Have Unique User IDs' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +index 42a5c3a7b3..4a660ab92e 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle15 + + title: 'Ensure All Groups on the System Have Unique Group ID' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +index 756b2ae5bf..33554937a0 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,sle15 + + title: 'Ensure All Groups on the System Have Unique Group Names' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +index 9384d5a981..ccb42a9749 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Existing Passwords Maximum Age' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +index 8e4beddc05..378e2f4c49 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Existing Passwords Minimum Age' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +index af6e93ebf7..bc6e82e93d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +index 9213cc472d..f9a2464f92 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004 + + title: 'Enforce usage of pam_wheel for su authentication' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +index 978ddff0ca..f4e0dee229 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Interactive Session Timeout' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +index 2bd171f3fd..ee8ce9a668 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +index 4ed84ef0a8..827bb124f4 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 + + title: 'All Interactive User Home Directories Must Be Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +index a1e472043f..fd8fcebe81 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Ensure the Default Bash Umask is Set Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +index 14e3d2e07b..406b78f8c9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Ensure auditd Collects File Deletion Events by User' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +index ab60d66375..63028b39ec 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +index 3e28446e61..2e2b31ec06 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - creat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +index 32ef125722..7f22f2cee8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - ftruncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +index 1587662730..3e0220853d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - open' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +index 3738f202fc..e44c876b23 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +index 61f278a9f2..c8552433d3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - openat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +index 0a1e39df2e..4e245ab020 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - truncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +index ac639d5b31..247e9a1aa5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +index 56463078fc..aaaf635cd0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +index c3e5d7a702..46065fc27a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +index 334165f75e..4d4e1338c4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +index ca391cc112..099414f33f 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +index 40a8b787af..fab8602f08 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +index e4a08f5876..c1c793e73b 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Permissions' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +index 28adf2303e..9472bbe292 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Boot Loader Password in grub2' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml +index a7fb015139..4b12d06e13 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8 + + title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml +index f8f91f2a49..f577dc1d5a 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8 + + title: 'Verify the UEFI Boot Loader grub.cfg User Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +index 348a0fe243..9b1ea037e6 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9 + + + title: 'Verify the UEFI Boot Loader grub.cfg Permissions' +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +index ecfee6ada4..35d0c8ca45 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set the UEFI Boot Loader Password' + +diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml +index 39d727ba86..5e192bbabf 100644 +--- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle15 + + title: Ensure journald is configured to compress large log files + +diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml +index ca35dd9370..8bac5b49e8 100644 +--- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9 ++prodtype: alinux3,anolis8,rhel7,rhel8,rhel9 + + title: Ensure journald is configured to send logs to rsyslog + +diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml +index 8176701520..3a5c5e460b 100644 +--- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle15 + + title: Ensure journald is configured to write log files to persistent disk + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +index 10750e14ae..bd7a2fbb09 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Install firewalld Package' + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +index 5b43737544..e3d443f584 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Verify firewalld Enabled' + +diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +index 6f110d679b..705c47a4d8 100644 +--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml ++++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Install libreswan Package' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +index 6118cd929d..bd47636f77 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +index 777bd7c7a1..7a4411d128 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +index ce64d6e653..be86a4e56e 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +index b4c1f42b68..eaa6b55d20 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for IPv6 Forwarding' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +index d45ca63c8d..158f1b9773 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +index a42ca1890b..6723e8ab3b 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +index 49d059ccf5..c2f7d5ef7f 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +index 9a2c88cde5..29fb46c2f8 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +index e4e87ff110..3e9d8eef15 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +index aeecbae5fb..1ebf98a487 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +index 4d31c6c3eb..5a00b590b5 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +index abe92e65a5..5dce2c1517 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +index 47abcc223b..6e0281ea25 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +index 043f16e26e..1882f1a3eb 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +index 38602c00b1..6d4a4225c9 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +index 09ff60235f..2d5b22ec63 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +index f21dfa912a..bea8153427 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +index d45ebce67f..983ea889e8 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +index 4f552dfce9..b841e4e302 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +index e87793d5f6..0292844c8a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +index e44509ea33..96fe691e3e 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +index b3534eb737..9a1049f59a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +index 7acfc0b05b..bebb4df43e 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +index 2087834007..2820608fce 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable DCCP Support' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +index f8b020fc5a..2a95c3a1df 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable SCTP Support' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +index b3e20e7b0d..31ed5d33c0 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Deactivate Wireless Network Interfaces' + +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +index f23bcd31d8..bc87146694 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SGID Executables Are Authorized' + +-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 + + description: |- + The SGID (set group id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +index 73d98ee1fc..f6c7ef7e4e 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SUID Executables Are Authorized' + +-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 + + description: |- + The SUID (set user id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +index 123f967db0..18c6b37409 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure All Files Are Owned by a Group' + +diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +index c774309fca..0cca02ba0b 100644 +--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,uos20 + + title: 'Disable the Automounter' + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +index c2c0f05d40..989ad0629f 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Disable Core Dumps for All Users' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +index 870150aadf..03e830776f 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 + + title: 'Configure BIND to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +index de186e7684..92769e5110 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Configure System Cryptography Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +index 68f748ebf5..3a2df056e7 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 + + title: 'Configure Kerberos to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +index e769599ae5..09745c9e50 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Configure Libreswan to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +index 49b35d058d..db7866bdd8 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Configure OpenSSL library to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +index ab9408af96..573983212d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Configure SSH to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +index 3b70a5979c..d5abd91d1c 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure Periodic Execution of AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +index 287ac5575e..66720c2c09 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Install AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +index d3d3224739..94a08024d2 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Verify File Hashes with RPM' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +index c51b054612..2c9d3e65d4 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Verify and Correct File Permissions with RPM' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +index 17fe909be2..22c1776a19 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' + +diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml +index 58ae682542..42d87f4c66 100644 +--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhcos4,rhel7,rhel8,rhel9,rhv4,uos20 ++prodtype: alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,uos20 + + title: 'Ensure Red Hat GPG Key Installed' + +diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +index 607846e10f..ac623b8b78 100644 +--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml ++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 + + title: 'Ensure Software Patches Installed' + +diff --git a/products/anolis8/CMakeLists.txt b/products/anolis8/CMakeLists.txt +new file mode 100644 +index 0000000000..5e1cfa01ad +--- /dev/null ++++ b/products/anolis8/CMakeLists.txt +@@ -0,0 +1,6 @@ ++# Sometimes our users will try to do: "cd anolis8; cmake ." That needs to error in a nice way. ++if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") ++ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") ++endif() ++ ++ssg_build_product("anolis8") +diff --git a/products/anolis8/overlays/.gitkeep b/products/anolis8/overlays/.gitkeep +new file mode 100644 +index 0000000000..e69de29bb2 +diff --git a/products/anolis8/product.yml b/products/anolis8/product.yml +new file mode 100644 +index 0000000000..b81bb76575 +--- /dev/null ++++ b/products/anolis8/product.yml +@@ -0,0 +1,23 @@ ++product: anolis8 ++full_name: Anolis OS 8 ++type: platform ++ ++benchmark_id: ANOLIS-8 ++benchmark_root: "../../linux_os/guide" ++ ++profiles_root: "./profiles" ++ ++pkg_manager: "yum" ++ ++init_system: "systemd" ++ ++cpes_root: "../../shared/applicability" ++cpes: ++ - anolis8: ++ name: "cpe:/o:anolis:anolis_os:8" ++ title: "Anolis OS 8" ++ check_id: installed_OS_is_anolis8 ++ ++# Mapping of CPE platform to package ++platform_package_overrides: ++ login_defs: "shadow-utils" +diff --git a/products/anolis8/profiles/standard.profile b/products/anolis8/profiles/standard.profile +new file mode 100644 +index 0000000000..a9f86ca49b +--- /dev/null ++++ b/products/anolis8/profiles/standard.profile +@@ -0,0 +1,728 @@ ++documentation_complete: true ++ ++title: 'Standard System Security Profile for Anolis OS 8' ++ ++description: |- ++ This profile contains rules to ensure standard security baseline ++ of a Anolis OS 8 system. ++ ++selections: ++ # 1 access-and-control ++ ## 1.1-ensure-cron-daemon-is-enabled ++ ### Level 1 ++ - service_crond_enabled ++ ++ ## 1.2-ensure-permissions-on-etc-crontab-are-configured ++ ### Level 1 ++ - file_groupowner_crontab ++ - file_owner_crontab ++ - file_permissions_crontab ++ ++ ## 1.3-ensure-permissions-on-etc-cron.hourly-are-configured ++ ### Level 1 ++ - file_groupowner_cron_hourly ++ - file_owner_cron_hourly ++ - file_permissions_cron_hourly ++ ++ ## 1.4-ensure-permissions-on-etc-cron.daily-are-configured ++ ### Level 1 ++ - file_groupowner_cron_daily ++ - file_owner_cron_daily ++ - file_permissions_cron_daily ++ ++ ## 1.5-ensure-permissions-on-etc-cron.weekly-are-configured ++ ### Level 1 ++ - file_groupowner_cron_weekly ++ - file_owner_cron_weekly ++ - file_permissions_cron_weekly ++ ++ ## 1.6-ensure-permissions-on-etc-cron.monthly-are-configured ++ ### Level 1 ++ - file_groupowner_cron_monthly ++ - file_owner_cron_monthly ++ - file_permissions_cron_monthly ++ ++ ## 1.7-ensure-permissions-on-etc-cron.d-are-configured ++ ### Level 1 ++ - file_groupowner_cron_d ++ - file_owner_cron_d ++ - file_permissions_cron_d ++ ++ ## 1.8-ensure-at-cron-is-restricted-to-authorized-users ++ ### Level 1 ++ - file_groupowner_cron_allow ++ - file_owner_cron_allow ++ - file_cron_deny_not_exist ++ - file_groupowner_at_allow ++ - file_owner_at_allow ++ - file_at_deny_not_exist ++ - file_permissions_at_allow ++ - file_permissions_cron_allow ++ ++ ## 1.9-ensure-permissions-on-etc-ssh-sshd_config-are-configured ++ ### Level 1 ++ - file_groupowner_sshd_config ++ - file_owner_sshd_config ++ - file_permissions_sshd_config ++ ++ ## 1.10-ensure-ssh-access-is-limited ++ ### Level 2 ++ # Needs rule ++ ++ ## 1.11-ensure-permissions-on-ssh-private-host-key-files-are-configured ++ ### Level 1 ++ - file_permissions_sshd_private_key ++ ++ ## 1.12-ensure-permissions-on-ssh-public-host-key-files-are-configured ++ ### Level 1 ++ - file_permissions_sshd_pub_key ++ ++ ## 1.13-ensure-ssh-loglevel-is-appropriate ++ ### Level 1 ++ - sshd_set_loglevel_verbose ++ # or ++ - sshd_set_loglevel_info ++ ++ ## 1.14-ensure-ssh-maxauthtries-is-set-to-4-or-less ++ ### Level 1 ++ - sshd_max_auth_tries_value=4 ++ - sshd_set_max_auth_tries ++ ++ ## 1.15-ensure-ssh-ignorerhosts-is-enabled ++ ### Level 1 ++ - sshd_disable_rhosts ++ ++ ## 1.16-ensure-ssh-hostbasedauthentication-is-disabled ++ ### Level 1 ++ - disable_host_auth ++ ++ ## 1.17-ensure-ssh-root-login-is-disabled ++ ### Level 1 ++ - sshd_disable_root_login ++ ++ ## 1.18-ensure-ssh-permitemptypasswords-is-disabled ++ ### Level 1 ++ - sshd_disable_empty_passwords ++ ++ ## 1.19-ensure-ssh-permituserenvironment-is-disabled ++ ### Level 1 ++ - sshd_do_not_permit_user_env ++ ++ ## 1.20-ensure-ssh-idle-timeout-interval-is-configured ++ ### Level 1 ++ - sshd_idle_timeout_value=15_minutes ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - var_sshd_set_keepalive=0 ++ ++ ## 1.21-ensure-ssh-logingracetime-is-set-to-one-minute-or-less ++ ### Level 1 ++ - sshd_set_login_grace_time ++ - var_sshd_set_login_grace_time=60 ++ ++ ## 1.22-ensure-ssh-warning-banner-is-configured ++ ### Level 1 ++ - sshd_enable_warning_banner ++ ++ ## 1.23-ensure-ssh-pam-is-enabled ++ ### Level 1 ++ - sshd_enable_pam ++ ++ ## 1.24-ensure-ssh-maxstartups-is-configured ++ ### Level 1 ++ - sshd_set_maxstartups ++ - var_sshd_set_maxstartups=10:30:60 ++ ++ ## 1.25-ensure-ssh-maxsessions-is-set-to-10-or-less ++ ### Level 1 ++ - sshd_set_max_sessions ++ - var_sshd_max_sessions=10 ++ ++ ## 1.26-ensure-system-wide-crypto-policy-is-not-over-ridden ++ ### Level 1 ++ # Needs rule ++ ++ ## 1.27-ensure-password-creation-requirements-are-configured ++ ### Level 1 ++ - accounts_password_pam_minclass ++ - accounts_password_pam_minlen ++ - accounts_password_pam_retry ++ - var_password_pam_minclass=4 ++ - var_password_pam_minlen=14 ++ ++ ## 1.28-ensure-lockout-for-failed-password-attempts-is-configured ++ ### Level 1 ++ - locking_out_password_attempts ++ ++ ## 1.29-ensure-password-reuse-is-limited ++ ### Level 1 ++ - accounts_password_pam_pwhistory_remember_password_auth ++ - accounts_password_pam_pwhistory_remember_system_auth ++ - var_password_pam_remember_control_flag=required ++ - var_password_pam_remember=5 ++ ++ ## 1.30-ensure-password-hashing-algorithm-is-sha-512 ++ ### Level 1 ++ - set_password_hashing_algorithm_systemauth ++ ++ ## 1.31-ensure-password-expiration-is-365-days-or-less ++ ### Level 1 ++ - accounts_maximum_age_login_defs ++ - var_accounts_maximum_age_login_defs=365 ++ - accounts_password_set_max_life_existing ++ ++ ## 1.32-ensure-minimum-days-between-password-changes-is-7-or-more ++ ### Level 1 ++ - accounts_minimum_age_login_defs ++ - var_accounts_minimum_age_login_defs=7 ++ - accounts_password_set_min_life_existing ++ ++ ## 1.33-ensure-password-expiration-warning-days-is-7-or-more ++ ### Level 1 ++ - accounts_password_warn_age_login_defs ++ - var_accounts_password_warn_age_login_defs=7 ++ ++ ## 1.34-ensure-inactive-password-lock-is-30-days-or-less ++ ### Level 1 ++ - account_disable_post_pw_expiration ++ - var_account_disable_post_pw_expiration=30 ++ ++ ## 1.35-ensure-all-users-last-password-change-date-is-in-the-past ++ ### Level 2 ++ # Needs rule ++ ++ ## 1.36-ensure-system-accounts-are-secured ++ ### Level 1 ++ - no_shelllogin_for_systemaccounts ++ ++ ## 1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less ++ ### Level 1 ++ - accounts_tmout ++ - var_accounts_tmout=15_min ++ ++ ## 1.38-ensure-default-group-for-the-root-account-is-gid-0 ++ ### Level 1 ++ - accounts_root_gid_zero ++ ++ ## 1.39-ensure-default-user-umask-is-027-or-more-restrictive ++ ### Level 1 ++ - accounts_umask_etc_bashrc ++ - accounts_umask_etc_login_defs ++ - accounts_umask_etc_profile ++ - var_accounts_user_umask=027 ++ ++ ## 1.40-ensure-access-to-the-su-command-is-restricted ++ ### Level 1 ++ - use_pam_wheel_for_su ++ ++ ## 1.41-ensure-ssh-server-use-protocol_2 ++ ### Level 1 ++ - sshd_allow_only_protocol2 ++ ++ ## 2.1-ensure-audit-log-files-are-not-read-or-write-accessible-by-unauthorized-users ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.2-ensure-only-authorized-users-own-audit-log-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.3-ensure-only-authorized-groups-ownership-of-audit-log-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.4-ensure-the-audit-log-directory-is-0750-or-more-restrictive ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.5-ensure-audit-configuration-files-are-0640-or-more-restrictive ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.6-ensure-only-authorized-accounts-own-the-audit-configuration-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.7-ensure-only-authorized-groups-own-the-audit-configuration-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.8-ensure-audit-tools-are-mode-of-0755-or-more-restrictive ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.9-ensure-audit-tools-are-owned-by-root ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.10-ensure-audit-tools-are-group-owned-by-root ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.11-ensure-cryptographic-mechanisms-are-used-to-protect-the-integrity-of-audit-tools ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.12-ensure-rsyslog-is-installed ++ ### Level 1 ++ - package_rsyslog_installed ++ ++ ## 2.13-ensure-rsyslog-service-is-enabled ++ ### Level 1 ++ - service_rsyslog_enabled ++ ++ ## 2.14-ensure-rsyslog-default-file-permissions-configured ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.15-ensure-rsyslog-is-configured-to-send-logs-to-a-remote-log-host ++ ### Level 2 ++ - rsyslog_remote_loghost ++ ++ ## 2.16-ensure-journald-is-configured-to-send-logs-to-rsyslog ++ ### Level 1 ++ - journald_forward_to_syslog ++ ++ ## 2.17-ensure-journald-is-configured-to-compress-large-log-files ++ ### Level 1 ++ - journald_compress ++ ++ ## 2.18-ensure-journald-is-configured-to-write-logfiles-to-persistent-disk ++ ### Level 1 ++ - journald_storage ++ ++ ## 2.19-ensure-audit-is-installed ++ ### Level 1 ++ - package_audit_installed ++ ++ ## 2.20-ensure-audit-service-is-enabled ++ ### Level 3 ++ - service_auditd_enabled ++ ++ ## 3.1-disable-http-server ++ ### Level 1 ++ - service_httpd_disabled ++ ++ ## 3.2-disable-ftp-server ++ ### Level 1 ++ - service_vsftpd_disabled ++ ++ ## 3.3-disable-dns-server ++ ### Level 1 ++ - service_named_disabled ++ ++ ## 3.4-disable-nfs ++ ### Level 1 ++ - service_nfs_disabled ++ ++ ## 3.5-disable-rpc ++ ### Level 1 ++ - service_rpcbind_disabled ++ ++ ## 3.6-disable-ldap-server ++ ### Level 1 ++ - service_slapd_disabled ++ ++ ## 3.7-disable-dhcp-server ++ ### Level 1 ++ - service_dhcpd_disabled ++ ++ ## 3.8-disable-cups ++ ### Level 1 ++ - service_cups_disabled ++ ++ ## 3.9-disable-nis-server ++ ### Level 1 ++ - service_ypserv_disabled ++ ++ ## 3.10-disable-rsync-server ++ ### Level 1 ++ - service_rsyncd_disabled ++ ++ ## 3.11-disable-avahi-server ++ ### Level 1 ++ - service_avahi-daemon_disabled ++ ++ ## 3.12-disable-snmp-server ++ ### Level 1 ++ - service_snmpd_disabled ++ ++ ## 3.13-disable-http-proxy-server ++ ### Level 1 ++ - service_squid_disabled ++ ++ ## 3.14-disable-samba ++ ### Level 1 ++ - service_smb_disabled ++ ++ ## 3.15-disable-imap-and-pop3-server ++ ### Level 1 ++ - service_dovecot_disabled ++ ++ ## 3.16-disable-smtp-protocol ++ ### Level 1 ++ # Needs rule ++ ++ ## 3.17-disable-telnet-port-23 ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.1-ensure-message-of-the-day-is-configured-properly ++ ### Level 1 ++ - banner_etc_motd ++ - login_banner_text=cis_banners ++ ++ ## 4.2-ensure-local-login-warning-banner-is-configured-properly ++ ### Level 1 ++ - banner_etc_issue ++ - login_banner_text=cis_banners ++ ++ ## 4.3-ensure-remote-login-warning-banner-is-configured-properly ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.4-ensure-permissions-on-etc-motd-are-configured ++ ### Level 1 ++ - file_groupowner_etc_motd ++ - file_owner_etc_motd ++ - file_permissions_etc_motd ++ ++ ## 4.5-ensure-permissions-on-etc-issue-are-configured ++ ### Level 1 ++ - file_groupowner_etc_issue ++ - file_owner_etc_issue ++ - file_permissions_etc_issue ++ ++ ## 4.6-ensure-permissions-on-etc-issue.net-are-configured ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.7-ensure-gpgcheck-is-globally-activated ++ ### Level 1 ++ - ensure_gpgcheck_globally_activated ++ ++ ## 4.8-ensure-aide-is-installed ++ ### Level 1 ++ - package_aide_installed ++ ++ ## 4.9-ensure-filesystem-integrity-is-regularly-checked ++ ### Level 1 ++ - aide_periodic_cron_checking ++ ++ ## 4.10-ensure-bootloader-password-is-set ++ ### Level 2 ++ - grub2_password ++ ++ ## 4.11-ensure-permissions-on-bootloader-config-are-configured ++ ### Level 1 ++ #- file_groupowner_efi_grub2_cfg ++ - file_groupowner_grub2_cfg ++ #- file_owner_efi_grub2_cfg ++ - file_owner_grub2_cfg ++ #- file_permissions_efi_grub2_cfg ++ - file_permissions_grub2_cfg ++ ++ ## 4.12-ensure-authentication-required-for-single-user-mode ++ ### Level 1 ++ - require_singleuser_auth ++ - require_emergency_target_auth ++ ++ ## 4.13-ensure-core-dumps-are-restricted ++ ### Level 1 ++ - disable_users_coredumps ++ - sysctl_fs_suid_dumpable ++ - coredump_disable_backtraces ++ - coredump_disable_storage ++ ++ ## 4.14-ensure-address-space-layout-randomization-(ASLR)-is-enabled ++ ### Level 1 ++ - sysctl_kernel_randomize_va_space ++ ++ ## 4.15-ensure-system-wide-crypto-policy-is-not-legacy ++ ### Level 1 ++ - configure_crypto_policy ++ - var_system_crypto_policy=default_policy ++ ++ ## 4.16-ensure-sticky-bit-is-set-on-all-world-writable-directories ++ ### Level 1 ++ - dir_perms_world_writable_sticky_bits ++ ++ ## 4.17-ensure-permissions-on-etc-passwd-are-configured ++ ### Level 1 ++ - file_permissions_etc_passwd ++ ++ ## 4.18-ensure-permissions-on-etc-shadow-are-configured ++ ### Level 1 ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_permissions_etc_shadow ++ ++ ## 4.19-ensure-permissions-on-etc-group-are-configured ++ ### Level 1 ++ - file_groupowner_etc_group ++ - file_owner_etc_group ++ - file_permissions_etc_group ++ ++ ## 4.20-ensure-permissions-on-etc-gshadow-are-configured ++ ### Level 1 ++ - file_groupowner_etc_gshadow ++ - file_owner_etc_gshadow ++ - file_permissions_etc_gshadow ++ ++ ## 4.21-ensure-permissions-on-etc-passwd--are-configured ++ ### Level 1 ++ - file_groupowner_backup_etc_passwd ++ - file_owner_backup_etc_passwd ++ - file_permissions_backup_etc_passwd ++ ++ ## 4.22-ensure-permissions-on-etc-shadow--are-configured ++ ### Level 1 ++ - file_groupowner_backup_etc_shadow ++ - file_owner_backup_etc_shadow ++ - file_permissions_backup_etc_shadow ++ ++ ## 4.23-ensure-permissions-on-etc-group--are-configured ++ ### Level 1 ++ - file_groupowner_backup_etc_group ++ - file_owner_backup_etc_group ++ - file_permissions_backup_etc_group ++ ++ ## 4.24-ensure-permissions-on-etc-gshadow--are-configured ++ ### Level 1 ++ - file_groupowner_backup_etc_gshadow ++ - file_owner_backup_etc_gshadow ++ - file_permissions_backup_etc_gshadow ++ ++ ## 4.25-ensure-no-world-writable-files-exist ++ ### Level 2 ++ - file_permissions_unauthorized_world_writable ++ ++ ## 4.26-ensure-no-unowned-files-or-directories-exist ++ ### Level 2 ++ # Needs rule ++ ++ ## 4.27-ensure-no-ungrouped-files-or-directories-exist ++ ### Level 2 ++ - file_permissions_ungroupowned ++ ++ ## 4.28-ensure-no-password-fields-are-not-empty ++ ### Level 2 ++ # Needs rule ++ ++ ## 4.29-ensure-root-path-integrity ++ ### Level 2 ++ - accounts_root_path_dirs_no_write ++ - root_path_no_dot ++ ++ ## 4.30-ensure-root-is-the-only-uid-0-account ++ ### Level 2 ++ - accounts_no_uid_except_zero ++ ++ ## 4.31-ensure-users-home-directories-permissions-are-750-or-more-restrictive ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.32-ensure-users-own-their-home-directories ++ ### Level 1 ++ - file_ownership_home_directories ++ - file_groupownership_home_directories ++ ++ ## 4.33-ensure-users-dot-files-are-not-group-or-world-writable ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.34-ensure-no-users-have-.forward-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.35-ensure-no-users-have-.netrc-files ++ ### Level 1 ++ - no_netrc_files ++ ++ ## 4.36-ensure-users-.netrc-files-are-not-group-or-world-accessible ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.37-ensure-no-users-have-.rhosts-files ++ ### Level 1 ++ - no_rsh_trust_files ++ ++ ## 4.38-ensure-all-groups-in-etc-passwd-exist-in-etc-group ++ ### Level 2 ++ # Needs rule ++ ++ ## 4.39-ensure-no-duplicate-uids-exist ++ ### Level 2 ++ - account_unique_id ++ ++ ## 4.40-ensure-no-duplicate-gids-exist ++ ### Level 2 ++ - group_unique_id ++ ++ ## 4.41-ensure-no-duplicate-user-names-exist ++ ### Level 2 ++ # Needs rule ++ ++ ## 4.42-ensure-no-duplicate-group-names-exist ++ ### Level 2 ++ - group_unique_name ++ ++ ## 4.43-ensure-all-users-home-directories-exist ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.44-ensure-sctp-is-disabled ++ ### Level 1 ++ - kernel_module_sctp_disabled ++ ++ ## 4.45-ensure-dccp-is-disabled ++ ### Level 1 ++ - kernel_module_dccp_disabled ++ ++ ## 4.46-ensure-wireless-interfaces-are-disabled ++ ### Level 1 ++ - wireless_disable_interfaces ++ ++ ## 4.47-ensure-ip-forwarding-is-disabled ++ ### Level 1 ++ - sysctl_net_ipv4_ip_forward ++ - sysctl_net_ipv6_conf_all_forwarding ++ - sysctl_net_ipv6_conf_all_forwarding_value=disabled ++ ++ ## 4.48-ensure-packet-redirect-sending-is-disabled ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_conf_default_send_redirects ++ ++ ## 4.49-ensure-source-routed-packets-are-not-accepted ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ - sysctl_net_ipv4_conf_all_accept_source_route_value=disabled ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv4_conf_default_accept_source_route_value=disabled ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ - sysctl_net_ipv6_conf_all_accept_source_route_value=disabled ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ - sysctl_net_ipv6_conf_default_accept_source_route_value=disabled ++ ++ ## 4.50-ensure-icmp-redirects-are-not-accepted ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled ++ ++ ## 4.51-ensure-secure-icmp-redirects-are-not-accepted ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_secure_redirects ++ - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled ++ - sysctl_net_ipv4_conf_default_secure_redirects ++ - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled ++ ++ ## 4.52-ensure-suspicious-packets-are-logged ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_log_martians ++ - sysctl_net_ipv4_conf_all_log_martians_value=enabled ++ - sysctl_net_ipv4_conf_default_log_martians ++ - sysctl_net_ipv4_conf_default_log_martians_value=enabled ++ ++ ## 4.53-ensure-broadcast-icmp-requests-are-ignored ++ ### Level 1 ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled ++ ++ ## 4.54-ensure-bogus-icmp-responses-are-ignored ++ ### Level 1 ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled ++ ++ ## 4.55-ensure-reverse-path-filtering-is-enabled ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_rp_filter ++ - sysctl_net_ipv4_conf_all_rp_filter_value=enabled ++ - sysctl_net_ipv4_conf_default_rp_filter ++ - sysctl_net_ipv4_conf_default_rp_filter_value=enabled ++ ++ ## 4.56-ensure-tcp-syn-cookies-is-enabled ++ ### Level 1 ++ - sysctl_net_ipv4_tcp_syncookies ++ - sysctl_net_ipv4_tcp_syncookies_value=enabled ++ ++ ## 4.57-ensure-ipv6-router-advertisements-are-not-accepted ++ ### Level 1 ++ - sysctl_net_ipv6_conf_all_accept_ra ++ - sysctl_net_ipv6_conf_all_accept_ra_value=disabled ++ - sysctl_net_ipv6_conf_default_accept_ra ++ - sysctl_net_ipv6_conf_default_accept_ra_value=disabled ++ ++ ## 4.58-ensure-a-firewall-package-is-installed ++ ### Level 1 ++ - package_firewalld_installed ++ ++ ## 4.59-ensure-firewalld-service-is-enabled-and-running ++ ### Level 1 ++ - service_firewalld_enabled ++ ++ ## 4.60-ensure-iptables-is-not-enabled ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.61-ensure-nftables-is-not-enabled ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.62-ensure-nftables-service-is-enabled ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.63-ensure-iptables-packages-are-installed ++ ### Level 1 ++ - package_iptables_installed ++ ++ ## 4.64-ensure-nftables-is-not-installed ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.65-ensure-firewalld-is-not-installed-or-stopped-and-masked ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.66-ensure-system-histsize-as-100-or-other ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.67-ensure-system-histfilesize-100 ++ ### Level 1 ++ # Needs rule ++ ++ ## 5.1-ensure-selinux-is-installed ++ ### Level 1 ++ # Needs rule ++ ++ ## 5.2-ensure-selinux-policy-is-configured ++ ### Level 3 ++ # Needs rule ++ ++ ## 5.3-ensure-the-selinux-mode-is-enabled ++ ### Level 3 ++ # Needs rule ++ ++ ## 5.4-ensure-the-selinux-mode-is-enforcing ++ ### Level 3 ++ # Needs rule ++ ++ ## 5.5-ensure-no-unconfined-services-exist ++ ### Level 4 ++ # Needs rule ++ ++ ## 5.6-use-selinux-for-separation-of-powers-user-created ++ ### Level 4 ++ # Needs rule ++ ++ ## 5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration ++ ### Level 4 ++ # Needs rule +\ No newline at end of file +diff --git a/products/anolis8/transforms/constants.xslt b/products/anolis8/transforms/constants.xslt +new file mode 100644 +index 0000000000..c3323b4a52 +--- /dev/null ++++ b/products/anolis8/transforms/constants.xslt +@@ -0,0 +1,10 @@ ++ ++ ++ ++ ++Anolis OS 8 ++Anolis 8 ++empty ++anolis ++ ++ +diff --git a/products/anolis8/transforms/table-style.xslt b/products/anolis8/transforms/table-style.xslt +new file mode 100644 +index 0000000000..218d0f7542 +--- /dev/null ++++ b/products/anolis8/transforms/table-style.xslt +@@ -0,0 +1,5 @@ ++ ++ ++ ++ ++ +diff --git a/products/anolis8/transforms/xccdf-apply-overlay-stig.xslt b/products/anolis8/transforms/xccdf-apply-overlay-stig.xslt +new file mode 100644 +index 0000000000..4789419b80 +--- /dev/null ++++ b/products/anolis8/transforms/xccdf-apply-overlay-stig.xslt +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/anolis8/transforms/xccdf2table-cce.xslt b/products/anolis8/transforms/xccdf2table-cce.xslt +new file mode 100644 +index 0000000000..1ffb22215c +--- /dev/null ++++ b/products/anolis8/transforms/xccdf2table-cce.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/anolis8/transforms/xccdf2table-profileccirefs.xslt b/products/anolis8/transforms/xccdf2table-profileccirefs.xslt +new file mode 100644 +index 0000000000..5a104d956f +--- /dev/null ++++ b/products/anolis8/transforms/xccdf2table-profileccirefs.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/shared/checks/oval/installed_OS_is_anolis8.xml b/shared/checks/oval/installed_OS_is_anolis8.xml +new file mode 100644 +index 0000000000..c662d8c960 +--- /dev/null ++++ b/shared/checks/oval/installed_OS_is_anolis8.xml +@@ -0,0 +1,28 @@ ++ ++ ++ ++ Anolis OS 8 ++ ++ multi_platform_all ++ ++ ++ The operating system installed on the system is Anolis OS 8 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ^8.*$ ++ ++ ++ anolis-release ++ ++ ++ +diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +index f971d28a04..94967843fa 100644 +--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml ++++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +@@ -3,6 +3,7 @@ + + Kernel Runtime Parameter IPv6 Check + ++ multi_platform_anolis + multi_platform_debian + multi_platform_example + multi_platform_fedora +diff --git a/ssg/constants.py b/ssg/constants.py +index d73c6012f3..1c01f6fead 100644 +--- a/ssg/constants.py ++++ b/ssg/constants.py +@@ -41,6 +41,7 @@ SSG_REF_URIS = { + product_directories = [ + 'alinux2', + 'alinux3', ++ 'anolis8', + 'chromium', + 'debian9', 'debian10', 'debian11', + 'example', +@@ -195,6 +196,7 @@ PKG_MANAGER_TO_CONFIG_FILE = { + FULL_NAME_TO_PRODUCT_MAPPING = { + "Alinux 2": "alinux2", + "Alinux 3": "alinux3", ++ "Anolis OS 8": "anolis8", + "Chromium": "chromium", + "Debian 9": "debian9", + "Debian 10": "debian10", +@@ -266,11 +268,12 @@ REFERENCES = dict( + + MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu", + "opensuse", "sle", "ol", "ocp", "rhcos", +- "example", "eks", "alinux", "uos"] ++ "example", "eks", "alinux", "uos", "anolis"] + + MULTI_PLATFORM_MAPPING = { + "multi_platform_alinux": ["alinux2"], + "multi_platform_alinux": ["alinux3"], ++ "multi_platform_anolis": ["anolis8"], + "multi_platform_debian": ["debian9", "debian10", "debian11"], + "multi_platform_example": ["example"], + "multi_platform_eks": ["eks"], +@@ -436,6 +439,7 @@ XCCDF_PLATFORM_TO_PACKAGE = { + # _version_name_map = { + MAKEFILE_ID_TO_PRODUCT_MAP = { + 'alinux': 'Alibaba Cloud Linux', ++ 'anolis': 'Anolis OS', + 'chromium': 'Google Chromium Browser', + 'fedora': 'Fedora', + 'firefox': 'Mozilla Firefox', +diff --git a/tests/unit/ssg-module/test_utils.py b/tests/unit/ssg-module/test_utils.py +index 095191dd2d..b55a217ab7 100644 +--- a/tests/unit/ssg-module/test_utils.py ++++ b/tests/unit/ssg-module/test_utils.py +@@ -12,7 +12,7 @@ def test_is_applicable(): + + assert not ssg.utils.is_applicable('fedora,multi_platform_ubuntu', 'rhel7') + assert not ssg.utils.is_applicable('ol7', 'rhel7') +- assert not ssg.utils.is_applicable('alinux2,alinux3,fedora,debian9,debian10,debian11,uos20', ++ assert not ssg.utils.is_applicable('alinux2,alinux3,anolis8,fedora,debian9,debian10,debian11,uos20', + 'rhel7') + + +-- +2.31.1 + diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 5c690a0..1e71b56 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.1 +%define anolis_release .0.2 # Base name of static rhel6 content tarball %global _static_rhel6_content %{name}-0.1.52-2.el7_9-rhel6 # https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds @@ -41,6 +41,8 @@ Patch10: scap-security-guide-0.1.64-add_platform_partition_exists-PR_9204.patch Patch11: scap-security-guide-0.1.64-add_partition_platform_to_relevant_rules-PR_9324.path # Fix ansible partition conditionals Patch12: scap-security-guide-0.1.64-fix_ansible_partition_conditional-PR_9339.patch +# supports Anolis OS 8 +Patch13: scap-security-guide-0.1.65-supports_anolis_os_8-PR_9770.patch BuildArch: noarch @@ -112,6 +114,7 @@ cd build -DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \ -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \ -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \ +-DSSG_PRODUCT_ANOLIS8:BOOLEAN=TRUE \ %if %{defined centos} -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \ %else @@ -170,6 +173,9 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name %endif %changelog +* Fri Dec 30 2022 Yuqing - 0.1.63-1.0.2 +- Add product for Anolis8 (#9770) + * Thu Nov 10 2022 Chang Gao - 0.1.63-1.0.1 - Add extra package -- Gitee