diff --git a/1001-add-anolis23-in-product-list.patch b/1001-add-anolis23-in-product-list.patch new file mode 100644 index 0000000000000000000000000000000000000000..b030b1fe31593282d8c2a34318e937a86c59711e --- /dev/null +++ b/1001-add-anolis23-in-product-list.patch @@ -0,0 +1,2918 @@ +From 05549c9471052f0d5d5fd98f2ae65563789e5c83 Mon Sep 17 00:00:00 2001 +From: happy_orange +Date: Thu, 16 Mar 2023 15:35:17 +0800 +Subject: [PATCH 1/1] add anolis23 in product list + +--- + CMakeLists.txt | 5 + + .../service_avahi-daemon_disabled/rule.yml | 2 +- + .../base/service_abrtd_disabled/rule.yml | 2 +- + .../base/service_qpidd_disabled/rule.yml | 2 +- + .../base/service_rdisc_disabled/rule.yml | 2 +- + .../file_groupowner_cron_d/rule.yml | 2 +- + .../file_groupowner_cron_daily/rule.yml | 2 +- + .../file_groupowner_cron_hourly/rule.yml | 2 +- + .../file_groupowner_cron_monthly/rule.yml | 2 +- + .../file_groupowner_cron_weekly/rule.yml | 2 +- + .../file_groupowner_crontab/rule.yml | 2 +- + .../cron_and_at/file_owner_cron_d/rule.yml | 2 +- + .../file_owner_cron_daily/rule.yml | 2 +- + .../file_owner_cron_hourly/rule.yml | 2 +- + .../file_owner_cron_monthly/rule.yml | 2 +- + .../file_owner_cron_weekly/rule.yml | 2 +- + .../cron_and_at/file_owner_crontab/rule.yml | 2 +- + .../file_permissions_cron_d/rule.yml | 2 +- + .../file_permissions_cron_daily/rule.yml | 2 +- + .../file_permissions_cron_hourly/rule.yml | 2 +- + .../file_permissions_cron_monthly/rule.yml | 2 +- + .../file_permissions_cron_weekly/rule.yml | 2 +- + .../file_permissions_crontab/rule.yml | 2 +- + .../file_at_deny_not_exist/rule.yml | 2 +- + .../file_cron_deny_not_exist/rule.yml | 2 +- + .../file_groupowner_at_allow/rule.yml | 2 +- + .../file_groupowner_cron_allow/rule.yml | 2 +- + .../file_owner_at_allow/rule.yml | 2 +- + .../file_owner_cron_allow/rule.yml | 2 +- + .../file_permissions_at_allow/rule.yml | 2 +- + .../file_permissions_cron_allow/rule.yml | 2 +- + .../cron_and_at/service_atd_disabled/rule.yml | 2 +- + .../service_crond_enabled/rule.yml | 2 +- + .../service_dhcpd_disabled/rule.yml | 2 +- + .../package_bind_removed/rule.yml | 2 +- + .../service_named_disabled/rule.yml | 2 +- + .../service_vsftpd_disabled/rule.yml | 2 +- + .../service_httpd_disabled/rule.yml | 2 +- + .../service_dovecot_disabled/rule.yml | 2 +- + .../service_slapd_disabled/rule.yml | 2 +- + .../service_rpcbind_disabled/rule.yml | 2 +- + .../service_nfs_disabled/rule.yml | 2 +- + .../nis/service_ypserv_disabled/rule.yml | 2 +- + .../obsolete/service_rsyncd_disabled/rule.yml | 2 +- + .../printing/service_cups_disabled/rule.yml | 2 +- + .../service_squid_disabled/rule.yml | 2 +- + .../service_smb_disabled/rule.yml | 2 +- + .../service_snmpd_disabled/rule.yml | 2 +- + .../ssh/file_groupowner_sshd_config/rule.yml | 2 +- + .../ssh/file_owner_sshd_config/rule.yml | 2 +- + .../ssh/file_permissions_sshd_config/rule.yml | 2 +- + .../banner_etc_issue/rule.yml | 2 +- + .../accounts-banners/banner_etc_motd/rule.yml | 2 +- + .../file_groupowner_etc_issue/rule.yml | 2 +- + .../file_groupowner_etc_motd/rule.yml | 2 +- + .../file_owner_etc_issue/rule.yml | 2 +- + .../file_owner_etc_motd/rule.yml | 2 +- + .../file_permissions_etc_issue/rule.yml | 2 +- + .../file_permissions_etc_motd/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../accounts_password_pam_minclass/rule.yml | 2 +- + .../accounts_password_pam_minlen/rule.yml | 2 +- + .../accounts_password_pam_retry/rule.yml | 2 +- + .../rule.yml | 2 +- + .../require_emergency_target_auth/rule.yml | 2 +- + .../require_singleuser_auth/rule.yml | 2 +- + .../rule.yml | 2 +- + .../account_unique_id/rule.yml | 2 +- + .../group_unique_id/rule.yml | 2 +- + .../group_unique_name/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../no_shelllogin_for_systemaccounts/rule.yml | 2 +- + .../root_logins/use_pam_wheel_for_su/rule.yml | 2 +- + .../accounts-session/accounts_tmout/rule.yml | 2 +- + .../rule.yml | 2 +- + .../file_ownership_home_directories/rule.yml | 2 +- + .../accounts_umask_etc_bashrc/rule.yml | 2 +- + .../audit_rules_file_deletion_events/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../file_groupowner_grub2_cfg/rule.yml | 2 +- + .../non-uefi/file_owner_grub2_cfg/rule.yml | 2 +- + .../file_permissions_grub2_cfg/rule.yml | 2 +- + .../non-uefi/grub2_password/rule.yml | 2 +- + .../file_groupowner_efi_grub2_cfg/rule.yml | 2 +- + .../uefi/file_owner_efi_grub2_cfg/rule.yml | 2 +- + .../file_permissions_efi_grub2_cfg/rule.yml | 2 +- + .../uefi/grub2_uefi_password/rule.yml | 2 +- + .../journald/journald_compress/rule.yml | 2 +- + .../journald_forward_to_syslog/rule.yml | 2 +- + .../journald/journald_storage/rule.yml | 2 +- + .../package_firewalld_installed/rule.yml | 2 +- + .../service_firewalld_enabled/rule.yml | 2 +- + .../package_libreswan_installed/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_net_ipv4_ip_forward/rule.yml | 2 +- + .../kernel_module_dccp_disabled/rule.yml | 2 +- + .../kernel_module_sctp_disabled/rule.yml | 2 +- + .../wireless_disable_interfaces/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../file_permissions_ungroupowned/rule.yml | 2 +- + .../mounting/service_autofs_disabled/rule.yml | 2 +- + .../disable_users_coredumps/rule.yml | 2 +- + .../configure_bind_crypto_policy/rule.yml | 2 +- + .../crypto/configure_crypto_policy/rule.yml | 2 +- + .../configure_kerberos_crypto_policy/rule.yml | 2 +- + .../rule.yml | 2 +- + .../configure_openssl_crypto_policy/rule.yml | 2 +- + .../configure_ssh_crypto_policy/rule.yml | 2 +- + .../aide/aide_periodic_cron_checking/rule.yml | 2 +- + .../aide/package_aide_installed/rule.yml | 2 +- + .../rpm_verify_hashes/rule.yml | 2 +- + .../rpm_verify_permissions/rule.yml | 2 +- + .../rule.yml | 2 +- + .../ensure_redhat_gpgkey_installed/rule.yml | 2 +- + .../security_patches_up_to_date/rule.yml | 2 +- + products/anolis23/CMakeLists.txt | 6 + + products/anolis23/overlays/.gitkeep | 0 + products/anolis23/product.yml | 23 + + products/anolis23/profiles/standard.profile | 728 ++++++++++++++++++ + products/anolis23/transforms/constants.xslt | 10 + + products/anolis23/transforms/table-style.xslt | 5 + + .../transforms/xccdf-apply-overlay-stig.xslt | 8 + + .../anolis23/transforms/xccdf2table-cce.xslt | 9 + + .../xccdf2table-profileccirefs.xslt | 9 + + .../checks/oval/installed_OS_is_anolis23.xml | 28 + + ssg/constants.py | 4 +- + tests/unit/ssg-module/test_utils.py | 2 +- + 161 files changed, 983 insertions(+), 150 deletions(-) + create mode 100644 products/anolis23/CMakeLists.txt + create mode 100644 products/anolis23/overlays/.gitkeep + create mode 100644 products/anolis23/product.yml + create mode 100644 products/anolis23/profiles/standard.profile + create mode 100644 products/anolis23/transforms/constants.xslt + create mode 100644 products/anolis23/transforms/table-style.xslt + create mode 100644 products/anolis23/transforms/xccdf-apply-overlay-stig.xslt + create mode 100644 products/anolis23/transforms/xccdf2table-cce.xslt + create mode 100644 products/anolis23/transforms/xccdf2table-profileccirefs.xslt + create mode 100644 shared/checks/oval/installed_OS_is_anolis23.xml + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index ab11e31..537f02b 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -70,6 +70,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui + option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) ++option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN11 "If enabled, the Debian 11 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +@@ -268,6 +269,7 @@ message(STATUS "Products:") + message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}") + message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}") + message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}") ++message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}") + message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") + message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") + message(STATUS "Debian 11: ${SSG_PRODUCT_DEBIAN11}") +@@ -336,6 +338,9 @@ endif() + if (SSG_PRODUCT_ANOLIS8) + add_subdirectory("products/anolis8" "anolis8") + endif() ++if (SSG_PRODUCT_ANOLIS23) ++ add_subdirectory("products/anolis23" "anolis23") ++endif() + if (SSG_PRODUCT_CHROMIUM) + add_subdirectory("products/chromium" "chromium") + endif() +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +index 6d5ebf5..305f579 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Avahi Server Software' + +diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +index 38557af..d9f132a 100644 +--- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,uos20 + + title: 'Disable Automatic Bug Reporting Tool (abrtd)' + +diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +index c71ce1b..9a8d38c 100644 +--- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 + + title: 'Disable Apache Qpid (qpidd)' + +diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +index 7ca16e3..3c11914 100644 +--- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 + + title: 'Disable Network Router Discovery Daemon (rdisc)' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +index b56d06e..6a806e8 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +index 909b417..f4ab6e9 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +index 16c7569..cd760c3 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +index 2840534..bbcc671 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +index c9e0391..9aa451d 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +index 277c9c9..51a6063 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns Crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +index c941caa..5107520 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +index d0a6675..7aebe01 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +index 65b3ba0..90061a9 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +index f72fb06..4445f07 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +index 80175dc..e4cc95a 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +index 3df7aba..69f84e2 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +index e15a2f6..05cbeb3 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +index ce3f09a..305651f 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +index fc59dfe..fadc7aa 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +index 1c78762..6dfac02 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +index 476a312..4eee225 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +index 9d344b6..11cbce7 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +index 51e2d97..30805ce 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 + + title: 'Ensure that /etc/at.deny does not exist' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +index 1322881..94739d3 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 + + title: 'Ensure that /etc/cron.deny does not exist' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +index 6a1eff2..24105d8 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +index a74bf11..507444b 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml +index ab77239..477f54f 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify User Who Owns /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +index ed08e64..bb7dbf2 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify User Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +index da7a228..087abec 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +index 42275f2..746775b 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +index 91f458d..2584e5d 100644 +--- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 + + title: 'Disable At Service (atd)' + +diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +index ec390e3..bc0733b 100644 +--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Enable cron Service' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +index 356f236..4ef1775 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable DHCP Service' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +index eed8c25..dec7290 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204,uos20 + + title: 'Uninstall bind Package' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +index ce858b1..e3660aa 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable named Service' + +diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +index bd77bb3..9a349ec 100644 +--- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable vsftpd Service' + +diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +index d71d600..d9fd9f4 100644 +--- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sel12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sel12,sle15 + + title: 'Disable httpd Service' + +diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +index b5abe51..e921cac 100644 +--- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml ++++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable Dovecot Service' + +diff --git a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml +index 8501b62..f655561 100644 +--- a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel8,rhel9 + + title: 'Disable LDAP Server (slapd)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +index 0b6c8d4..4941aef 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable rpcbind Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +index 91f73ab..0fae545 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable Network File System (nfs)' + +diff --git a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml +index 4f414d3..37d4382 100644 +--- a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel8,rhel9 + + title: 'Disable ypserv Service' + +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +index 315af39..4fb7174 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure rsyncd service is disabled' + +diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +index 1c9a75b..e3a6f0e 100644 +--- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml ++++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable the CUPS Service' + +diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +index 9321e66..72ffd5e 100644 +--- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml ++++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable Squid' + +diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +index 76303fa..3a4991b 100644 +--- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable Samba' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +index be039de..fad08f8 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable snmpd Service' + +diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +index e393c6c..cec6d36 100644 +--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +index fa43ddc..3257ed0 100644 +--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +index 3d00dec..b812aae 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on SSH Server config file' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +index 7585823..ab43db8 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 + + title: 'Modify the System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +index 08fbad4..a73daa1 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Modify the System Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +index 5e6d02f..72cd310 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +index 2e796ee..ca407d5 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +index 70b4f39..f22d9a5 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +index 16011b1..675826f 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +index 9968c5c..b553732 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify permissions on System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +index 339274b..e0cdf9a 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify permissions on Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +index c549de2..6fb8259 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 + + title: 'Limit Password Reuse: password-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +index 97f05f5..3733a83 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 + + title: 'Limit Password Reuse: system-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +index 45a8dfa..569e2fa 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +index bdd681d..c5f3235 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Length' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +index 113701f..cc0ed7b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +index 04854da..4ed5df8 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: "Set PAM''s Password Hashing Algorithm" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +index e3b3c18..d2baea5 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Require Authentication for Emergency Systemd Target' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +index 6e47912..fa257e0 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Require Authentication for Single User Mode' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +index 55d39e5..9de2425 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set Account Expiration Following Inactivity' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +index dc9ee17..6b28b99 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 + + title: 'Ensure All Accounts on the System Have Unique User IDs' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +index f523c43..3ca163b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 + + title: 'Ensure All Groups on the System Have Unique Group ID' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +index d401458..c00062e 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,sle12,sle15,ubuntu2204 + + title: 'Ensure All Groups on the System Have Unique Group Names' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +index 93fd76a..1daefa6 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set Existing Passwords Maximum Age' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +index a133b6e..0e1583d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set Existing Passwords Minimum Age' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +index 24d6983..c046879 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +index a8b964a..d74d4a2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enforce usage of pam_wheel for su authentication' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +index 335bb5d..ca51240 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set Interactive Session Timeout' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +index 0e45130..3cf9dbf 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 + + title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +index f76d670..dd7f173 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2204 + + title: 'All Interactive User Home Directories Must Be Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +index ceed76c..ce6b0a1 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure the Default Bash Umask is Set Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +index 6366b96..570f8d2 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Ensure auditd Collects File Deletion Events by User' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +index f4ad2ed..93cf5eb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +index 0755669..f877606 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - creat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +index a12fe0c..9d05301 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - ftruncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +index dbcad7d..68ce39d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - open' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +index 34f9b30..32de870 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +index eb74098..1933e32 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - openat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +index 043d5f7..9e12a7f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - truncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +index 0cf4bd9..f7760da 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +index e71d5bd..91a93a5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +index fa08613..8996d4e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +index 76c509d..15cbb3e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +index 2ee32d0..6a6bb10 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +index 5bf4ae3..4d8dec7 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +index 4917182..a239c9c 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Permissions' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +index 9acb58b..8fe56b5 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set Boot Loader Password in grub2' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml +index 9ff7042..a9c2d97 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9 + + title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml +index 2e51fbb..c1fd9a0 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9 + + title: 'Verify the UEFI Boot Loader grub.cfg User Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +index 3a23fba..3680a26 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9 + + + title: 'Verify the UEFI Boot Loader grub.cfg Permissions' +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +index 47c92fd..36c93f3 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set the UEFI Boot Loader Password' + +diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml +index 040db3d..5b66cc7 100644 +--- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 + + title: Ensure journald is configured to compress large log files + +diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml +index 4586e0d..18ffb90 100644 +--- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 + + title: Ensure journald is configured to send logs to rsyslog + +diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml +index 91cbbb6..dd08936 100644 +--- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 + + title: Ensure journald is configured to write log files to persistent disk + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +index 2b6853a..0a22534 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Install firewalld Package' + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +index cd22594..158da80 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Verify firewalld Enabled' + +diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +index 24cea91..94fd5bb 100644 +--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml ++++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Install libreswan Package' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +index 9481514..14eef55 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +index ae79bcb..3c80517 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +index 92d5ddb..f2b536e 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +index 2629d93..778cd1b 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for IPv6 Forwarding' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +index ee39a00..1461777 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +index 98f2787..63bb0a3 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +index bf84b2f..0852539 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +index 8756e21..8666c09 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +index 2ccc278..e0530e3 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +index 9d84eab..a5b26e9 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +index e3b2b18..80a2728 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +index 849ae47..394d25b 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +index 7bcccbb..bfd5366 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +index 9a54bbc..3b92c8b 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +index 6fa5a73..e971a2a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +index b688a15..2169e3f 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +index 90ef90f..d610ec2 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +index 5b12a1b..d4e89c9 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +index a5fb5f4..b23c602 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +index 31e76dd..6c071c2 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +index 5c4347b..11794ff 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +index fc30851..84a1895 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +index 55b91f1..8a1a8f8 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +index 8ca0279..3173ab0 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable DCCP Support' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +index 58260bb..9b4591e 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable SCTP Support' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +index fa61a92..d1ae43f 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Deactivate Wireless Network Interfaces' + +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +index 5683f30..b6ecb38 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SGID Executables Are Authorized' + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 ++prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 + + description: |- + The SGID (set group id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +index 249f971..632e432 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SUID Executables Are Authorized' + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 ++prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 + + description: |- + The SUID (set user id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +index 7ba3356..3165029 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 + + title: 'Ensure All Files Are Owned by a Group' + +diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +index 86c428a..f3d938e 100644 +--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204,uos20 + + title: 'Disable the Automounter' + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +index 96ccbe7..201d075 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Core Dumps for All Users' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +index 03e8307..0361260 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 + + title: 'Configure BIND to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +index e3b95bc..edd5353 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Configure System Cryptography Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +index 3a2df05..19c06d1 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 + + title: 'Configure Kerberos to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +index 5fe513b..3aa207f 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Configure Libreswan to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +index f914174..e9b4f57 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Configure OpenSSL library to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +index 0902a50..8148be3 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Configure SSH to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +index 1600478..22b84d6 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Configure Periodic Execution of AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +index f500f74..e61beb9 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Install AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +index 5c22b20..1c849aa 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Verify File Hashes with RPM' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +index 050bda6..4b5d8e1 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Verify and Correct File Permissions with RPM' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +index e5b41c4..1553673 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' + +diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml +index 520f74b..88f0763 100644 +--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,uos20 ++prodtype: alinux3,anolis8,anolis23,rhcos4,rhel7,rhel8,rhel9,rhv4,uos20 + + title: 'Ensure Red Hat GPG Key Installed' + +diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +index d114c32..b05900c 100644 +--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml ++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 ++prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 + + title: 'Ensure Software Patches Installed' + +diff --git a/products/anolis23/CMakeLists.txt b/products/anolis23/CMakeLists.txt +new file mode 100644 +index 0000000..231ecda +--- /dev/null ++++ b/products/anolis23/CMakeLists.txt +@@ -0,0 +1,6 @@ ++# Sometimes our users will try to do: "cd anolis23; cmake ." That needs to error in a nice way. ++if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") ++ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") ++endif() ++ ++ssg_build_product("anolis23") +diff --git a/products/anolis23/overlays/.gitkeep b/products/anolis23/overlays/.gitkeep +new file mode 100644 +index 0000000..e69de29 +diff --git a/products/anolis23/product.yml b/products/anolis23/product.yml +new file mode 100644 +index 0000000..5bf3914 +--- /dev/null ++++ b/products/anolis23/product.yml +@@ -0,0 +1,23 @@ ++product: anolis23 ++full_name: Anolis OS 23 ++type: platform ++ ++benchmark_id: ANOLIS-23 ++benchmark_root: "../../linux_os/guide" ++ ++profiles_root: "./profiles" ++ ++pkg_manager: "yum" ++ ++init_system: "systemd" ++ ++cpes_root: "../../shared/applicability" ++cpes: ++ - anolis23: ++ name: "cpe:/o:anolis:anolis_os:23" ++ title: "Anolis OS 23" ++ check_id: installed_OS_is_anolis23 ++ ++# Mapping of CPE platform to package ++platform_package_overrides: ++ login_defs: "shadow-utils" +diff --git a/products/anolis23/profiles/standard.profile b/products/anolis23/profiles/standard.profile +new file mode 100644 +index 0000000..a9f86ca +--- /dev/null ++++ b/products/anolis23/profiles/standard.profile +@@ -0,0 +1,728 @@ ++documentation_complete: true ++ ++title: 'Standard System Security Profile for Anolis OS 8' ++ ++description: |- ++ This profile contains rules to ensure standard security baseline ++ of a Anolis OS 8 system. ++ ++selections: ++ # 1 access-and-control ++ ## 1.1-ensure-cron-daemon-is-enabled ++ ### Level 1 ++ - service_crond_enabled ++ ++ ## 1.2-ensure-permissions-on-etc-crontab-are-configured ++ ### Level 1 ++ - file_groupowner_crontab ++ - file_owner_crontab ++ - file_permissions_crontab ++ ++ ## 1.3-ensure-permissions-on-etc-cron.hourly-are-configured ++ ### Level 1 ++ - file_groupowner_cron_hourly ++ - file_owner_cron_hourly ++ - file_permissions_cron_hourly ++ ++ ## 1.4-ensure-permissions-on-etc-cron.daily-are-configured ++ ### Level 1 ++ - file_groupowner_cron_daily ++ - file_owner_cron_daily ++ - file_permissions_cron_daily ++ ++ ## 1.5-ensure-permissions-on-etc-cron.weekly-are-configured ++ ### Level 1 ++ - file_groupowner_cron_weekly ++ - file_owner_cron_weekly ++ - file_permissions_cron_weekly ++ ++ ## 1.6-ensure-permissions-on-etc-cron.monthly-are-configured ++ ### Level 1 ++ - file_groupowner_cron_monthly ++ - file_owner_cron_monthly ++ - file_permissions_cron_monthly ++ ++ ## 1.7-ensure-permissions-on-etc-cron.d-are-configured ++ ### Level 1 ++ - file_groupowner_cron_d ++ - file_owner_cron_d ++ - file_permissions_cron_d ++ ++ ## 1.8-ensure-at-cron-is-restricted-to-authorized-users ++ ### Level 1 ++ - file_groupowner_cron_allow ++ - file_owner_cron_allow ++ - file_cron_deny_not_exist ++ - file_groupowner_at_allow ++ - file_owner_at_allow ++ - file_at_deny_not_exist ++ - file_permissions_at_allow ++ - file_permissions_cron_allow ++ ++ ## 1.9-ensure-permissions-on-etc-ssh-sshd_config-are-configured ++ ### Level 1 ++ - file_groupowner_sshd_config ++ - file_owner_sshd_config ++ - file_permissions_sshd_config ++ ++ ## 1.10-ensure-ssh-access-is-limited ++ ### Level 2 ++ # Needs rule ++ ++ ## 1.11-ensure-permissions-on-ssh-private-host-key-files-are-configured ++ ### Level 1 ++ - file_permissions_sshd_private_key ++ ++ ## 1.12-ensure-permissions-on-ssh-public-host-key-files-are-configured ++ ### Level 1 ++ - file_permissions_sshd_pub_key ++ ++ ## 1.13-ensure-ssh-loglevel-is-appropriate ++ ### Level 1 ++ - sshd_set_loglevel_verbose ++ # or ++ - sshd_set_loglevel_info ++ ++ ## 1.14-ensure-ssh-maxauthtries-is-set-to-4-or-less ++ ### Level 1 ++ - sshd_max_auth_tries_value=4 ++ - sshd_set_max_auth_tries ++ ++ ## 1.15-ensure-ssh-ignorerhosts-is-enabled ++ ### Level 1 ++ - sshd_disable_rhosts ++ ++ ## 1.16-ensure-ssh-hostbasedauthentication-is-disabled ++ ### Level 1 ++ - disable_host_auth ++ ++ ## 1.17-ensure-ssh-root-login-is-disabled ++ ### Level 1 ++ - sshd_disable_root_login ++ ++ ## 1.18-ensure-ssh-permitemptypasswords-is-disabled ++ ### Level 1 ++ - sshd_disable_empty_passwords ++ ++ ## 1.19-ensure-ssh-permituserenvironment-is-disabled ++ ### Level 1 ++ - sshd_do_not_permit_user_env ++ ++ ## 1.20-ensure-ssh-idle-timeout-interval-is-configured ++ ### Level 1 ++ - sshd_idle_timeout_value=15_minutes ++ - sshd_set_idle_timeout ++ - sshd_set_keepalive ++ - var_sshd_set_keepalive=0 ++ ++ ## 1.21-ensure-ssh-logingracetime-is-set-to-one-minute-or-less ++ ### Level 1 ++ - sshd_set_login_grace_time ++ - var_sshd_set_login_grace_time=60 ++ ++ ## 1.22-ensure-ssh-warning-banner-is-configured ++ ### Level 1 ++ - sshd_enable_warning_banner ++ ++ ## 1.23-ensure-ssh-pam-is-enabled ++ ### Level 1 ++ - sshd_enable_pam ++ ++ ## 1.24-ensure-ssh-maxstartups-is-configured ++ ### Level 1 ++ - sshd_set_maxstartups ++ - var_sshd_set_maxstartups=10:30:60 ++ ++ ## 1.25-ensure-ssh-maxsessions-is-set-to-10-or-less ++ ### Level 1 ++ - sshd_set_max_sessions ++ - var_sshd_max_sessions=10 ++ ++ ## 1.26-ensure-system-wide-crypto-policy-is-not-over-ridden ++ ### Level 1 ++ # Needs rule ++ ++ ## 1.27-ensure-password-creation-requirements-are-configured ++ ### Level 1 ++ - accounts_password_pam_minclass ++ - accounts_password_pam_minlen ++ - accounts_password_pam_retry ++ - var_password_pam_minclass=4 ++ - var_password_pam_minlen=14 ++ ++ ## 1.28-ensure-lockout-for-failed-password-attempts-is-configured ++ ### Level 1 ++ - locking_out_password_attempts ++ ++ ## 1.29-ensure-password-reuse-is-limited ++ ### Level 1 ++ - accounts_password_pam_pwhistory_remember_password_auth ++ - accounts_password_pam_pwhistory_remember_system_auth ++ - var_password_pam_remember_control_flag=required ++ - var_password_pam_remember=5 ++ ++ ## 1.30-ensure-password-hashing-algorithm-is-sha-512 ++ ### Level 1 ++ - set_password_hashing_algorithm_systemauth ++ ++ ## 1.31-ensure-password-expiration-is-365-days-or-less ++ ### Level 1 ++ - accounts_maximum_age_login_defs ++ - var_accounts_maximum_age_login_defs=365 ++ - accounts_password_set_max_life_existing ++ ++ ## 1.32-ensure-minimum-days-between-password-changes-is-7-or-more ++ ### Level 1 ++ - accounts_minimum_age_login_defs ++ - var_accounts_minimum_age_login_defs=7 ++ - accounts_password_set_min_life_existing ++ ++ ## 1.33-ensure-password-expiration-warning-days-is-7-or-more ++ ### Level 1 ++ - accounts_password_warn_age_login_defs ++ - var_accounts_password_warn_age_login_defs=7 ++ ++ ## 1.34-ensure-inactive-password-lock-is-30-days-or-less ++ ### Level 1 ++ - account_disable_post_pw_expiration ++ - var_account_disable_post_pw_expiration=30 ++ ++ ## 1.35-ensure-all-users-last-password-change-date-is-in-the-past ++ ### Level 2 ++ # Needs rule ++ ++ ## 1.36-ensure-system-accounts-are-secured ++ ### Level 1 ++ - no_shelllogin_for_systemaccounts ++ ++ ## 1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less ++ ### Level 1 ++ - accounts_tmout ++ - var_accounts_tmout=15_min ++ ++ ## 1.38-ensure-default-group-for-the-root-account-is-gid-0 ++ ### Level 1 ++ - accounts_root_gid_zero ++ ++ ## 1.39-ensure-default-user-umask-is-027-or-more-restrictive ++ ### Level 1 ++ - accounts_umask_etc_bashrc ++ - accounts_umask_etc_login_defs ++ - accounts_umask_etc_profile ++ - var_accounts_user_umask=027 ++ ++ ## 1.40-ensure-access-to-the-su-command-is-restricted ++ ### Level 1 ++ - use_pam_wheel_for_su ++ ++ ## 1.41-ensure-ssh-server-use-protocol_2 ++ ### Level 1 ++ - sshd_allow_only_protocol2 ++ ++ ## 2.1-ensure-audit-log-files-are-not-read-or-write-accessible-by-unauthorized-users ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.2-ensure-only-authorized-users-own-audit-log-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.3-ensure-only-authorized-groups-ownership-of-audit-log-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.4-ensure-the-audit-log-directory-is-0750-or-more-restrictive ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.5-ensure-audit-configuration-files-are-0640-or-more-restrictive ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.6-ensure-only-authorized-accounts-own-the-audit-configuration-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.7-ensure-only-authorized-groups-own-the-audit-configuration-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.8-ensure-audit-tools-are-mode-of-0755-or-more-restrictive ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.9-ensure-audit-tools-are-owned-by-root ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.10-ensure-audit-tools-are-group-owned-by-root ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.11-ensure-cryptographic-mechanisms-are-used-to-protect-the-integrity-of-audit-tools ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.12-ensure-rsyslog-is-installed ++ ### Level 1 ++ - package_rsyslog_installed ++ ++ ## 2.13-ensure-rsyslog-service-is-enabled ++ ### Level 1 ++ - service_rsyslog_enabled ++ ++ ## 2.14-ensure-rsyslog-default-file-permissions-configured ++ ### Level 1 ++ # Needs rule ++ ++ ## 2.15-ensure-rsyslog-is-configured-to-send-logs-to-a-remote-log-host ++ ### Level 2 ++ - rsyslog_remote_loghost ++ ++ ## 2.16-ensure-journald-is-configured-to-send-logs-to-rsyslog ++ ### Level 1 ++ - journald_forward_to_syslog ++ ++ ## 2.17-ensure-journald-is-configured-to-compress-large-log-files ++ ### Level 1 ++ - journald_compress ++ ++ ## 2.18-ensure-journald-is-configured-to-write-logfiles-to-persistent-disk ++ ### Level 1 ++ - journald_storage ++ ++ ## 2.19-ensure-audit-is-installed ++ ### Level 1 ++ - package_audit_installed ++ ++ ## 2.20-ensure-audit-service-is-enabled ++ ### Level 3 ++ - service_auditd_enabled ++ ++ ## 3.1-disable-http-server ++ ### Level 1 ++ - service_httpd_disabled ++ ++ ## 3.2-disable-ftp-server ++ ### Level 1 ++ - service_vsftpd_disabled ++ ++ ## 3.3-disable-dns-server ++ ### Level 1 ++ - service_named_disabled ++ ++ ## 3.4-disable-nfs ++ ### Level 1 ++ - service_nfs_disabled ++ ++ ## 3.5-disable-rpc ++ ### Level 1 ++ - service_rpcbind_disabled ++ ++ ## 3.6-disable-ldap-server ++ ### Level 1 ++ - service_slapd_disabled ++ ++ ## 3.7-disable-dhcp-server ++ ### Level 1 ++ - service_dhcpd_disabled ++ ++ ## 3.8-disable-cups ++ ### Level 1 ++ - service_cups_disabled ++ ++ ## 3.9-disable-nis-server ++ ### Level 1 ++ - service_ypserv_disabled ++ ++ ## 3.10-disable-rsync-server ++ ### Level 1 ++ - service_rsyncd_disabled ++ ++ ## 3.11-disable-avahi-server ++ ### Level 1 ++ - service_avahi-daemon_disabled ++ ++ ## 3.12-disable-snmp-server ++ ### Level 1 ++ - service_snmpd_disabled ++ ++ ## 3.13-disable-http-proxy-server ++ ### Level 1 ++ - service_squid_disabled ++ ++ ## 3.14-disable-samba ++ ### Level 1 ++ - service_smb_disabled ++ ++ ## 3.15-disable-imap-and-pop3-server ++ ### Level 1 ++ - service_dovecot_disabled ++ ++ ## 3.16-disable-smtp-protocol ++ ### Level 1 ++ # Needs rule ++ ++ ## 3.17-disable-telnet-port-23 ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.1-ensure-message-of-the-day-is-configured-properly ++ ### Level 1 ++ - banner_etc_motd ++ - login_banner_text=cis_banners ++ ++ ## 4.2-ensure-local-login-warning-banner-is-configured-properly ++ ### Level 1 ++ - banner_etc_issue ++ - login_banner_text=cis_banners ++ ++ ## 4.3-ensure-remote-login-warning-banner-is-configured-properly ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.4-ensure-permissions-on-etc-motd-are-configured ++ ### Level 1 ++ - file_groupowner_etc_motd ++ - file_owner_etc_motd ++ - file_permissions_etc_motd ++ ++ ## 4.5-ensure-permissions-on-etc-issue-are-configured ++ ### Level 1 ++ - file_groupowner_etc_issue ++ - file_owner_etc_issue ++ - file_permissions_etc_issue ++ ++ ## 4.6-ensure-permissions-on-etc-issue.net-are-configured ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.7-ensure-gpgcheck-is-globally-activated ++ ### Level 1 ++ - ensure_gpgcheck_globally_activated ++ ++ ## 4.8-ensure-aide-is-installed ++ ### Level 1 ++ - package_aide_installed ++ ++ ## 4.9-ensure-filesystem-integrity-is-regularly-checked ++ ### Level 1 ++ - aide_periodic_cron_checking ++ ++ ## 4.10-ensure-bootloader-password-is-set ++ ### Level 2 ++ - grub2_password ++ ++ ## 4.11-ensure-permissions-on-bootloader-config-are-configured ++ ### Level 1 ++ #- file_groupowner_efi_grub2_cfg ++ - file_groupowner_grub2_cfg ++ #- file_owner_efi_grub2_cfg ++ - file_owner_grub2_cfg ++ #- file_permissions_efi_grub2_cfg ++ - file_permissions_grub2_cfg ++ ++ ## 4.12-ensure-authentication-required-for-single-user-mode ++ ### Level 1 ++ - require_singleuser_auth ++ - require_emergency_target_auth ++ ++ ## 4.13-ensure-core-dumps-are-restricted ++ ### Level 1 ++ - disable_users_coredumps ++ - sysctl_fs_suid_dumpable ++ - coredump_disable_backtraces ++ - coredump_disable_storage ++ ++ ## 4.14-ensure-address-space-layout-randomization-(ASLR)-is-enabled ++ ### Level 1 ++ - sysctl_kernel_randomize_va_space ++ ++ ## 4.15-ensure-system-wide-crypto-policy-is-not-legacy ++ ### Level 1 ++ - configure_crypto_policy ++ - var_system_crypto_policy=default_policy ++ ++ ## 4.16-ensure-sticky-bit-is-set-on-all-world-writable-directories ++ ### Level 1 ++ - dir_perms_world_writable_sticky_bits ++ ++ ## 4.17-ensure-permissions-on-etc-passwd-are-configured ++ ### Level 1 ++ - file_permissions_etc_passwd ++ ++ ## 4.18-ensure-permissions-on-etc-shadow-are-configured ++ ### Level 1 ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_permissions_etc_shadow ++ ++ ## 4.19-ensure-permissions-on-etc-group-are-configured ++ ### Level 1 ++ - file_groupowner_etc_group ++ - file_owner_etc_group ++ - file_permissions_etc_group ++ ++ ## 4.20-ensure-permissions-on-etc-gshadow-are-configured ++ ### Level 1 ++ - file_groupowner_etc_gshadow ++ - file_owner_etc_gshadow ++ - file_permissions_etc_gshadow ++ ++ ## 4.21-ensure-permissions-on-etc-passwd--are-configured ++ ### Level 1 ++ - file_groupowner_backup_etc_passwd ++ - file_owner_backup_etc_passwd ++ - file_permissions_backup_etc_passwd ++ ++ ## 4.22-ensure-permissions-on-etc-shadow--are-configured ++ ### Level 1 ++ - file_groupowner_backup_etc_shadow ++ - file_owner_backup_etc_shadow ++ - file_permissions_backup_etc_shadow ++ ++ ## 4.23-ensure-permissions-on-etc-group--are-configured ++ ### Level 1 ++ - file_groupowner_backup_etc_group ++ - file_owner_backup_etc_group ++ - file_permissions_backup_etc_group ++ ++ ## 4.24-ensure-permissions-on-etc-gshadow--are-configured ++ ### Level 1 ++ - file_groupowner_backup_etc_gshadow ++ - file_owner_backup_etc_gshadow ++ - file_permissions_backup_etc_gshadow ++ ++ ## 4.25-ensure-no-world-writable-files-exist ++ ### Level 2 ++ - file_permissions_unauthorized_world_writable ++ ++ ## 4.26-ensure-no-unowned-files-or-directories-exist ++ ### Level 2 ++ # Needs rule ++ ++ ## 4.27-ensure-no-ungrouped-files-or-directories-exist ++ ### Level 2 ++ - file_permissions_ungroupowned ++ ++ ## 4.28-ensure-no-password-fields-are-not-empty ++ ### Level 2 ++ # Needs rule ++ ++ ## 4.29-ensure-root-path-integrity ++ ### Level 2 ++ - accounts_root_path_dirs_no_write ++ - root_path_no_dot ++ ++ ## 4.30-ensure-root-is-the-only-uid-0-account ++ ### Level 2 ++ - accounts_no_uid_except_zero ++ ++ ## 4.31-ensure-users-home-directories-permissions-are-750-or-more-restrictive ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.32-ensure-users-own-their-home-directories ++ ### Level 1 ++ - file_ownership_home_directories ++ - file_groupownership_home_directories ++ ++ ## 4.33-ensure-users-dot-files-are-not-group-or-world-writable ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.34-ensure-no-users-have-.forward-files ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.35-ensure-no-users-have-.netrc-files ++ ### Level 1 ++ - no_netrc_files ++ ++ ## 4.36-ensure-users-.netrc-files-are-not-group-or-world-accessible ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.37-ensure-no-users-have-.rhosts-files ++ ### Level 1 ++ - no_rsh_trust_files ++ ++ ## 4.38-ensure-all-groups-in-etc-passwd-exist-in-etc-group ++ ### Level 2 ++ # Needs rule ++ ++ ## 4.39-ensure-no-duplicate-uids-exist ++ ### Level 2 ++ - account_unique_id ++ ++ ## 4.40-ensure-no-duplicate-gids-exist ++ ### Level 2 ++ - group_unique_id ++ ++ ## 4.41-ensure-no-duplicate-user-names-exist ++ ### Level 2 ++ # Needs rule ++ ++ ## 4.42-ensure-no-duplicate-group-names-exist ++ ### Level 2 ++ - group_unique_name ++ ++ ## 4.43-ensure-all-users-home-directories-exist ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.44-ensure-sctp-is-disabled ++ ### Level 1 ++ - kernel_module_sctp_disabled ++ ++ ## 4.45-ensure-dccp-is-disabled ++ ### Level 1 ++ - kernel_module_dccp_disabled ++ ++ ## 4.46-ensure-wireless-interfaces-are-disabled ++ ### Level 1 ++ - wireless_disable_interfaces ++ ++ ## 4.47-ensure-ip-forwarding-is-disabled ++ ### Level 1 ++ - sysctl_net_ipv4_ip_forward ++ - sysctl_net_ipv6_conf_all_forwarding ++ - sysctl_net_ipv6_conf_all_forwarding_value=disabled ++ ++ ## 4.48-ensure-packet-redirect-sending-is-disabled ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_conf_default_send_redirects ++ ++ ## 4.49-ensure-source-routed-packets-are-not-accepted ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ - sysctl_net_ipv4_conf_all_accept_source_route_value=disabled ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv4_conf_default_accept_source_route_value=disabled ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ - sysctl_net_ipv6_conf_all_accept_source_route_value=disabled ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ - sysctl_net_ipv6_conf_default_accept_source_route_value=disabled ++ ++ ## 4.50-ensure-icmp-redirects-are-not-accepted ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled ++ ++ ## 4.51-ensure-secure-icmp-redirects-are-not-accepted ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_secure_redirects ++ - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled ++ - sysctl_net_ipv4_conf_default_secure_redirects ++ - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled ++ ++ ## 4.52-ensure-suspicious-packets-are-logged ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_log_martians ++ - sysctl_net_ipv4_conf_all_log_martians_value=enabled ++ - sysctl_net_ipv4_conf_default_log_martians ++ - sysctl_net_ipv4_conf_default_log_martians_value=enabled ++ ++ ## 4.53-ensure-broadcast-icmp-requests-are-ignored ++ ### Level 1 ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled ++ ++ ## 4.54-ensure-bogus-icmp-responses-are-ignored ++ ### Level 1 ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled ++ ++ ## 4.55-ensure-reverse-path-filtering-is-enabled ++ ### Level 1 ++ - sysctl_net_ipv4_conf_all_rp_filter ++ - sysctl_net_ipv4_conf_all_rp_filter_value=enabled ++ - sysctl_net_ipv4_conf_default_rp_filter ++ - sysctl_net_ipv4_conf_default_rp_filter_value=enabled ++ ++ ## 4.56-ensure-tcp-syn-cookies-is-enabled ++ ### Level 1 ++ - sysctl_net_ipv4_tcp_syncookies ++ - sysctl_net_ipv4_tcp_syncookies_value=enabled ++ ++ ## 4.57-ensure-ipv6-router-advertisements-are-not-accepted ++ ### Level 1 ++ - sysctl_net_ipv6_conf_all_accept_ra ++ - sysctl_net_ipv6_conf_all_accept_ra_value=disabled ++ - sysctl_net_ipv6_conf_default_accept_ra ++ - sysctl_net_ipv6_conf_default_accept_ra_value=disabled ++ ++ ## 4.58-ensure-a-firewall-package-is-installed ++ ### Level 1 ++ - package_firewalld_installed ++ ++ ## 4.59-ensure-firewalld-service-is-enabled-and-running ++ ### Level 1 ++ - service_firewalld_enabled ++ ++ ## 4.60-ensure-iptables-is-not-enabled ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.61-ensure-nftables-is-not-enabled ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.62-ensure-nftables-service-is-enabled ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.63-ensure-iptables-packages-are-installed ++ ### Level 1 ++ - package_iptables_installed ++ ++ ## 4.64-ensure-nftables-is-not-installed ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.65-ensure-firewalld-is-not-installed-or-stopped-and-masked ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.66-ensure-system-histsize-as-100-or-other ++ ### Level 1 ++ # Needs rule ++ ++ ## 4.67-ensure-system-histfilesize-100 ++ ### Level 1 ++ # Needs rule ++ ++ ## 5.1-ensure-selinux-is-installed ++ ### Level 1 ++ # Needs rule ++ ++ ## 5.2-ensure-selinux-policy-is-configured ++ ### Level 3 ++ # Needs rule ++ ++ ## 5.3-ensure-the-selinux-mode-is-enabled ++ ### Level 3 ++ # Needs rule ++ ++ ## 5.4-ensure-the-selinux-mode-is-enforcing ++ ### Level 3 ++ # Needs rule ++ ++ ## 5.5-ensure-no-unconfined-services-exist ++ ### Level 4 ++ # Needs rule ++ ++ ## 5.6-use-selinux-for-separation-of-powers-user-created ++ ### Level 4 ++ # Needs rule ++ ++ ## 5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration ++ ### Level 4 ++ # Needs rule +\ No newline at end of file +diff --git a/products/anolis23/transforms/constants.xslt b/products/anolis23/transforms/constants.xslt +new file mode 100644 +index 0000000..c3323b4 +--- /dev/null ++++ b/products/anolis23/transforms/constants.xslt +@@ -0,0 +1,10 @@ ++ ++ ++ ++ ++Anolis OS 8 ++Anolis 8 ++empty ++anolis ++ ++ +diff --git a/products/anolis23/transforms/table-style.xslt b/products/anolis23/transforms/table-style.xslt +new file mode 100644 +index 0000000..218d0f7 +--- /dev/null ++++ b/products/anolis23/transforms/table-style.xslt +@@ -0,0 +1,5 @@ ++ ++ ++ ++ ++ +diff --git a/products/anolis23/transforms/xccdf-apply-overlay-stig.xslt b/products/anolis23/transforms/xccdf-apply-overlay-stig.xslt +new file mode 100644 +index 0000000..4789419 +--- /dev/null ++++ b/products/anolis23/transforms/xccdf-apply-overlay-stig.xslt +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/anolis23/transforms/xccdf2table-cce.xslt b/products/anolis23/transforms/xccdf2table-cce.xslt +new file mode 100644 +index 0000000..1ffb222 +--- /dev/null ++++ b/products/anolis23/transforms/xccdf2table-cce.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/anolis23/transforms/xccdf2table-profileccirefs.xslt b/products/anolis23/transforms/xccdf2table-profileccirefs.xslt +new file mode 100644 +index 0000000..5a104d9 +--- /dev/null ++++ b/products/anolis23/transforms/xccdf2table-profileccirefs.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/shared/checks/oval/installed_OS_is_anolis23.xml b/shared/checks/oval/installed_OS_is_anolis23.xml +new file mode 100644 +index 0000000..7e93811 +--- /dev/null ++++ b/shared/checks/oval/installed_OS_is_anolis23.xml +@@ -0,0 +1,28 @@ ++ ++ ++ ++ Anolis OS 23 ++ ++ multi_platform_all ++ ++ ++ The operating system installed on the system is Anolis OS 23 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ^23.*$ ++ ++ ++ anolis-release ++ ++ ++ +diff --git a/ssg/constants.py b/ssg/constants.py +index 82520c3..c0b6196 100644 +--- a/ssg/constants.py ++++ b/ssg/constants.py +@@ -42,6 +42,7 @@ product_directories = [ + 'alinux2', + 'alinux3', + 'anolis8', ++ 'anolis23', + 'chromium', + 'debian10', 'debian11', + 'example', +@@ -198,6 +199,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = { + "Alibaba Cloud Linux 2": "alinux2", + "Alibaba Cloud Linux 3": "alinux3", + "Anolis OS 8": "anolis8", ++ "Anolis OS 23": "anolis23", + "Chromium": "chromium", + "Debian 10": "debian10", + "Debian 11": "debian11", +@@ -271,7 +273,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu", + + MULTI_PLATFORM_MAPPING = { + "multi_platform_alinux": ["alinux2", "alinux3"], +- "multi_platform_anolis": ["anolis8"], ++ "multi_platform_anolis": ["anolis8", "anolis23"], + "multi_platform_debian": ["debian10", "debian11"], + "multi_platform_example": ["example"], + "multi_platform_eks": ["eks"], +diff --git a/tests/unit/ssg-module/test_utils.py b/tests/unit/ssg-module/test_utils.py +index a869bc3..0231546 100644 +--- a/tests/unit/ssg-module/test_utils.py ++++ b/tests/unit/ssg-module/test_utils.py +@@ -12,7 +12,7 @@ def test_is_applicable(): + + assert not utils.is_applicable('fedora,multi_platform_ubuntu', 'rhel7') + assert not utils.is_applicable('ol7', 'rhel7') +- assert not utils.is_applicable('alinux2,alinux3,anolis8,fedora,debian10,debian11,uos20', ++ assert not utils.is_applicable('alinux2,alinux3,anolis8,anolis23,fedora,debian10,debian11,uos20', + 'rhel7') + + +-- +2.31.1 + diff --git a/scap-security-guide.spec b/scap-security-guide.spec new file mode 100644 index 0000000000000000000000000000000000000000..4c33bc58e1cd22bef3540ac0f3ee0cb778f0bb08 --- /dev/null +++ b/scap-security-guide.spec @@ -0,0 +1,72 @@ +%define anolis_release 1 +%global _vpath_builddir build + +Name: scap-security-guide +Version: 0.1.66 +Release: %{anolis_release}%{?dist} +Summary: Security guidance and baselines in SCAP formats +License: BSD +URL: https://github.com/ComplianceAsCode/content/ +Source0: https://github.com/ComplianceAsCode/content/archive/refs/tags/v0.1.66.tar.gz +Patch1001: 1001-add-anolis23-in-product-list.patch + +BuildArch: noarch + +BuildRequires: libxslt +BuildRequires: expat +BuildRequires: openscap-scanner >= 1.2.5 +BuildRequires: cmake >= 2.8 +BuildRequires: python3-devel +BuildRequires: python3-jinja2 +BuildRequires: python3-PyYAML +BuildRequires: python3-setuptools +Requires: xml-common, openscap-scanner >= 1.2.5 + +%description +The scap-security-guide project provides a guide for configuration of the +system from the final system's security point of view. The guidance is specified +in the Security Content Automation Protocol (SCAP) format and constitutes +a catalog of practical hardening advice, linked to government requirements +where applicable. The project bridges the gap between generalized policy +requirements and specific implementation guidelines. The system +administrator can use the oscap CLI tool from openscap-scanner package, or the +scap-workbench GUI tool from scap-workbench package to verify that the system +conforms to provided guideline. Refer to scap-security-guide(8) manual page for +further information. + +%package doc +Summary: HTML formatted security guides generated from XCCDF benchmarks +Requires: %{name} = %{version}-%{release} + +%description doc +The %{name}-doc package contains HTML formatted documents containing +hardening guidances that have been generated from XCCDF benchmarks +present in %{name} package. + +%prep +%autosetup -n content-%{version} -p1 + +%define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_BUILD_SCAP_12_DS=OFF +%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ANOLIS23:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON + +%build +%cmake %{cmake_defines_common} %{cmake_defines_specific} +%cmake_build + +%install +%cmake_install +rm %{buildroot}/%{_docdir}/%{name}/README.md +rm %{buildroot}/%{_docdir}/%{name}/Contributors.md + +%files +%{_datadir}/xml/scap/ssg/content +%{_datadir}/%{name}/ansible/*.yml +%lang(en) %{_mandir}/man8/scap-security-guide.8.* +%doc %{_docdir}/%{name}/LICENSE + +%files doc +%doc %{_docdir}/%{name}/guides/*.html + +%changelog +* Thu Mar 16 2023 happy_orange - 0.1.66-1 +- init package diff --git a/v0.1.66.tar.gz b/v0.1.66.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..8029e0613f12dcfe07db97164933544e9779a7f0 Binary files /dev/null and b/v0.1.66.tar.gz differ