diff --git a/1001-add-anolis23-in-product-list.patch b/1001-add-anolis23-in-product-list.patch deleted file mode 100644 index b030b1fe31593282d8c2a34318e937a86c59711e..0000000000000000000000000000000000000000 --- a/1001-add-anolis23-in-product-list.patch +++ /dev/null @@ -1,2918 +0,0 @@ -From 05549c9471052f0d5d5fd98f2ae65563789e5c83 Mon Sep 17 00:00:00 2001 -From: happy_orange -Date: Thu, 16 Mar 2023 15:35:17 +0800 -Subject: [PATCH 1/1] add anolis23 in product list - ---- - CMakeLists.txt | 5 + - .../service_avahi-daemon_disabled/rule.yml | 2 +- - .../base/service_abrtd_disabled/rule.yml | 2 +- - .../base/service_qpidd_disabled/rule.yml | 2 +- - .../base/service_rdisc_disabled/rule.yml | 2 +- - .../file_groupowner_cron_d/rule.yml | 2 +- - .../file_groupowner_cron_daily/rule.yml | 2 +- - .../file_groupowner_cron_hourly/rule.yml | 2 +- - .../file_groupowner_cron_monthly/rule.yml | 2 +- - .../file_groupowner_cron_weekly/rule.yml | 2 +- - .../file_groupowner_crontab/rule.yml | 2 +- - .../cron_and_at/file_owner_cron_d/rule.yml | 2 +- - .../file_owner_cron_daily/rule.yml | 2 +- - .../file_owner_cron_hourly/rule.yml | 2 +- - .../file_owner_cron_monthly/rule.yml | 2 +- - .../file_owner_cron_weekly/rule.yml | 2 +- - .../cron_and_at/file_owner_crontab/rule.yml | 2 +- - .../file_permissions_cron_d/rule.yml | 2 +- - .../file_permissions_cron_daily/rule.yml | 2 +- - .../file_permissions_cron_hourly/rule.yml | 2 +- - .../file_permissions_cron_monthly/rule.yml | 2 +- - .../file_permissions_cron_weekly/rule.yml | 2 +- - .../file_permissions_crontab/rule.yml | 2 +- - .../file_at_deny_not_exist/rule.yml | 2 +- - .../file_cron_deny_not_exist/rule.yml | 2 +- - .../file_groupowner_at_allow/rule.yml | 2 +- - .../file_groupowner_cron_allow/rule.yml | 2 +- - .../file_owner_at_allow/rule.yml | 2 +- - .../file_owner_cron_allow/rule.yml | 2 +- - .../file_permissions_at_allow/rule.yml | 2 +- - .../file_permissions_cron_allow/rule.yml | 2 +- - .../cron_and_at/service_atd_disabled/rule.yml | 2 +- - .../service_crond_enabled/rule.yml | 2 +- - .../service_dhcpd_disabled/rule.yml | 2 +- - .../package_bind_removed/rule.yml | 2 +- - .../service_named_disabled/rule.yml | 2 +- - .../service_vsftpd_disabled/rule.yml | 2 +- - .../service_httpd_disabled/rule.yml | 2 +- - .../service_dovecot_disabled/rule.yml | 2 +- - .../service_slapd_disabled/rule.yml | 2 +- - .../service_rpcbind_disabled/rule.yml | 2 +- - .../service_nfs_disabled/rule.yml | 2 +- - .../nis/service_ypserv_disabled/rule.yml | 2 +- - .../obsolete/service_rsyncd_disabled/rule.yml | 2 +- - .../printing/service_cups_disabled/rule.yml | 2 +- - .../service_squid_disabled/rule.yml | 2 +- - .../service_smb_disabled/rule.yml | 2 +- - .../service_snmpd_disabled/rule.yml | 2 +- - .../ssh/file_groupowner_sshd_config/rule.yml | 2 +- - .../ssh/file_owner_sshd_config/rule.yml | 2 +- - .../ssh/file_permissions_sshd_config/rule.yml | 2 +- - .../banner_etc_issue/rule.yml | 2 +- - .../accounts-banners/banner_etc_motd/rule.yml | 2 +- - .../file_groupowner_etc_issue/rule.yml | 2 +- - .../file_groupowner_etc_motd/rule.yml | 2 +- - .../file_owner_etc_issue/rule.yml | 2 +- - .../file_owner_etc_motd/rule.yml | 2 +- - .../file_permissions_etc_issue/rule.yml | 2 +- - .../file_permissions_etc_motd/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../accounts_password_pam_minclass/rule.yml | 2 +- - .../accounts_password_pam_minlen/rule.yml | 2 +- - .../accounts_password_pam_retry/rule.yml | 2 +- - .../rule.yml | 2 +- - .../require_emergency_target_auth/rule.yml | 2 +- - .../require_singleuser_auth/rule.yml | 2 +- - .../rule.yml | 2 +- - .../account_unique_id/rule.yml | 2 +- - .../group_unique_id/rule.yml | 2 +- - .../group_unique_name/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../no_shelllogin_for_systemaccounts/rule.yml | 2 +- - .../root_logins/use_pam_wheel_for_su/rule.yml | 2 +- - .../accounts-session/accounts_tmout/rule.yml | 2 +- - .../rule.yml | 2 +- - .../file_ownership_home_directories/rule.yml | 2 +- - .../accounts_umask_etc_bashrc/rule.yml | 2 +- - .../audit_rules_file_deletion_events/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../file_groupowner_grub2_cfg/rule.yml | 2 +- - .../non-uefi/file_owner_grub2_cfg/rule.yml | 2 +- - .../file_permissions_grub2_cfg/rule.yml | 2 +- - .../non-uefi/grub2_password/rule.yml | 2 +- - .../file_groupowner_efi_grub2_cfg/rule.yml | 2 +- - .../uefi/file_owner_efi_grub2_cfg/rule.yml | 2 +- - .../file_permissions_efi_grub2_cfg/rule.yml | 2 +- - .../uefi/grub2_uefi_password/rule.yml | 2 +- - .../journald/journald_compress/rule.yml | 2 +- - .../journald_forward_to_syslog/rule.yml | 2 +- - .../journald/journald_storage/rule.yml | 2 +- - .../package_firewalld_installed/rule.yml | 2 +- - .../service_firewalld_enabled/rule.yml | 2 +- - .../package_libreswan_installed/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../sysctl_net_ipv4_ip_forward/rule.yml | 2 +- - .../kernel_module_dccp_disabled/rule.yml | 2 +- - .../kernel_module_sctp_disabled/rule.yml | 2 +- - .../wireless_disable_interfaces/rule.yml | 2 +- - .../rule.yml | 2 +- - .../rule.yml | 2 +- - .../file_permissions_ungroupowned/rule.yml | 2 +- - .../mounting/service_autofs_disabled/rule.yml | 2 +- - .../disable_users_coredumps/rule.yml | 2 +- - .../configure_bind_crypto_policy/rule.yml | 2 +- - .../crypto/configure_crypto_policy/rule.yml | 2 +- - .../configure_kerberos_crypto_policy/rule.yml | 2 +- - .../rule.yml | 2 +- - .../configure_openssl_crypto_policy/rule.yml | 2 +- - .../configure_ssh_crypto_policy/rule.yml | 2 +- - .../aide/aide_periodic_cron_checking/rule.yml | 2 +- - .../aide/package_aide_installed/rule.yml | 2 +- - .../rpm_verify_hashes/rule.yml | 2 +- - .../rpm_verify_permissions/rule.yml | 2 +- - .../rule.yml | 2 +- - .../ensure_redhat_gpgkey_installed/rule.yml | 2 +- - .../security_patches_up_to_date/rule.yml | 2 +- - products/anolis23/CMakeLists.txt | 6 + - products/anolis23/overlays/.gitkeep | 0 - products/anolis23/product.yml | 23 + - products/anolis23/profiles/standard.profile | 728 ++++++++++++++++++ - products/anolis23/transforms/constants.xslt | 10 + - products/anolis23/transforms/table-style.xslt | 5 + - .../transforms/xccdf-apply-overlay-stig.xslt | 8 + - .../anolis23/transforms/xccdf2table-cce.xslt | 9 + - .../xccdf2table-profileccirefs.xslt | 9 + - .../checks/oval/installed_OS_is_anolis23.xml | 28 + - ssg/constants.py | 4 +- - tests/unit/ssg-module/test_utils.py | 2 +- - 161 files changed, 983 insertions(+), 150 deletions(-) - create mode 100644 products/anolis23/CMakeLists.txt - create mode 100644 products/anolis23/overlays/.gitkeep - create mode 100644 products/anolis23/product.yml - create mode 100644 products/anolis23/profiles/standard.profile - create mode 100644 products/anolis23/transforms/constants.xslt - create mode 100644 products/anolis23/transforms/table-style.xslt - create mode 100644 products/anolis23/transforms/xccdf-apply-overlay-stig.xslt - create mode 100644 products/anolis23/transforms/xccdf2table-cce.xslt - create mode 100644 products/anolis23/transforms/xccdf2table-profileccirefs.xslt - create mode 100644 shared/checks/oval/installed_OS_is_anolis23.xml - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index ab11e31..537f02b 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -70,6 +70,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui - option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -+option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_DEBIAN11 "If enabled, the Debian 11 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -@@ -268,6 +269,7 @@ message(STATUS "Products:") - message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}") - message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}") - message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}") -+message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}") - message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") - message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") - message(STATUS "Debian 11: ${SSG_PRODUCT_DEBIAN11}") -@@ -336,6 +338,9 @@ endif() - if (SSG_PRODUCT_ANOLIS8) - add_subdirectory("products/anolis8" "anolis8") - endif() -+if (SSG_PRODUCT_ANOLIS23) -+ add_subdirectory("products/anolis23" "anolis23") -+endif() - if (SSG_PRODUCT_CHROMIUM) - add_subdirectory("products/chromium" "chromium") - endif() -diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml -index 6d5ebf5..305f579 100644 ---- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml -+++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Avahi Server Software' - -diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml -index 38557af..d9f132a 100644 ---- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,uos20 - - title: 'Disable Automatic Bug Reporting Tool (abrtd)' - -diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml -index c71ce1b..9a8d38c 100644 ---- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml -@@ -1,7 +1,7 @@ - documentation_complete: true - - # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 - - title: 'Disable Apache Qpid (qpidd)' - -diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml -index 7ca16e3..3c11914 100644 ---- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml -+++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 - - title: 'Disable Network Router Discovery Daemon (rdisc)' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml -index b56d06e..6a806e8 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns cron.d' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml -index 909b417..f4ab6e9 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns cron.daily' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml -index 16c7569..cd760c3 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns cron.hourly' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml -index 2840534..bbcc671 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns cron.monthly' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml -index c9e0391..9aa451d 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns cron.weekly' - -diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml -index 277c9c9..51a6063 100644 ---- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns Crontab' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml -index c941caa..5107520 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Owner on cron.d' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml -index d0a6675..7aebe01 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Owner on cron.daily' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml -index 65b3ba0..90061a9 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Owner on cron.hourly' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml -index f72fb06..4445f07 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Owner on cron.monthly' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml -index 80175dc..e4cc95a 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Owner on cron.weekly' - -diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml -index 3df7aba..69f84e2 100644 ---- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Owner on crontab' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml -index e15a2f6..05cbeb3 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on cron.d' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml -index ce3f09a..305651f 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on cron.daily' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml -index fc59dfe..fadc7aa 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on cron.hourly' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml -index 1c78762..6dfac02 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on cron.monthly' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml -index 476a312..4eee225 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on cron.weekly' - -diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml -index 9d344b6..11cbce7 100644 ---- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml -+++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on crontab' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml -index 51e2d97..30805ce 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 - - title: 'Ensure that /etc/at.deny does not exist' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml -index 1322881..94739d3 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 - - title: 'Ensure that /etc/cron.deny does not exist' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml -index 6a1eff2..24105d8 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns /etc/at.allow file' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml -index a74bf11..507444b 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns /etc/cron.allow file' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml -index ab77239..477f54f 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify User Who Owns /etc/at.allow file' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml -index ed08e64..bb7dbf2 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify User Who Owns /etc/cron.allow file' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml -index da7a228..087abec 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on /etc/at.allow file' - -diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml -index 42275f2..746775b 100644 ---- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml -+++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on /etc/cron.allow file' - -diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml -index 91f458d..2584e5d 100644 ---- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml -+++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 - - title: 'Disable At Service (atd)' - -diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml -index ec390e3..bc0733b 100644 ---- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml -+++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Enable cron Service' - -diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml -index 356f236..4ef1775 100644 ---- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml -+++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable DHCP Service' - -diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml -index eed8c25..dec7290 100644 ---- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml -+++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204,uos20 - - title: 'Uninstall bind Package' - -diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml -index ce858b1..e3660aa 100644 ---- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml -+++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable named Service' - -diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml -index bd77bb3..9a349ec 100644 ---- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml -+++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable vsftpd Service' - -diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml -index d71d600..d9fd9f4 100644 ---- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml -+++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sel12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sel12,sle15 - - title: 'Disable httpd Service' - -diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml -index b5abe51..e921cac 100644 ---- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml -+++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable Dovecot Service' - -diff --git a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml -index 8501b62..f655561 100644 ---- a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml -+++ b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel8,rhel9 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel8,rhel9 - - title: 'Disable LDAP Server (slapd)' - -diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml -index 0b6c8d4..4941aef 100644 ---- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable rpcbind Service' - -diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml -index 91f73ab..0fae545 100644 ---- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml -+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable Network File System (nfs)' - -diff --git a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml -index 4f414d3..37d4382 100644 ---- a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel8,rhel9 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel8,rhel9 - - title: 'Disable ypserv Service' - -diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml -index 315af39..4fb7174 100644 ---- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml -+++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Ensure rsyncd service is disabled' - -diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml -index 1c9a75b..e3a6f0e 100644 ---- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml -+++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable the CUPS Service' - -diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml -index 9321e66..72ffd5e 100644 ---- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml -+++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable Squid' - -diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml -index 76303fa..3a4991b 100644 ---- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml -+++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable Samba' - -diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml -index be039de..fad08f8 100644 ---- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml -+++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Disable snmpd Service' - -diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml -index e393c6c..cec6d36 100644 ---- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml -+++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Who Owns SSH Server config file' - -diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml -index fa43ddc..3257ed0 100644 ---- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml -+++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Owner on SSH Server config file' - -diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml -index 3d00dec..b812aae 100644 ---- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml -+++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Permissions on SSH Server config file' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml -index 7585823..ab43db8 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 - - title: 'Modify the System Login Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml -index 08fbad4..a73daa1 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Modify the System Message of the Day Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml -index 5e6d02f..72cd310 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Ownership of System Login Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml -index 2e796ee..ca407d5 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify Group Ownership of Message of the Day Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml -index 70b4f39..f22d9a5 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify ownership of System Login Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml -index 16011b1..675826f 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify ownership of Message of the Day Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml -index 9968c5c..b553732 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify permissions on System Login Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml -index 339274b..e0cdf9a 100644 ---- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify permissions on Message of the Day Banner' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml -index c549de2..6fb8259 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 - - title: 'Limit Password Reuse: password-auth' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml -index 97f05f5..3733a83 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 - - title: 'Limit Password Reuse: system-auth' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml -index 45a8dfa..569e2fa 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml -index bdd681d..c5f3235 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Ensure PAM Enforces Password Requirements - Minimum Length' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml -index 113701f..cc0ed7b 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204 - - title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' - -diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml -index 04854da..4ed5df8 100644 ---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: "Set PAM''s Password Hashing Algorithm" - -diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml -index e3b3c18..d2baea5 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Require Authentication for Emergency Systemd Target' - -diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml -index 6e47912..fa257e0 100644 ---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Require Authentication for Single User Mode' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml -index 55d39e5..9de2425 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Set Account Expiration Following Inactivity' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml -index dc9ee17..6b28b99 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 - - title: 'Ensure All Accounts on the System Have Unique User IDs' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml -index f523c43..3ca163b 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 - - title: 'Ensure All Groups on the System Have Unique Group ID' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml -index d401458..c00062e 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,rhel7,rhel8,sle12,sle15,ubuntu2204 - - title: 'Ensure All Groups on the System Have Unique Group Names' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml -index 93fd76a..1daefa6 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Set Existing Passwords Maximum Age' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml -index a133b6e..0e1583d 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Set Existing Passwords Minimum Age' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml -index 24d6983..c046879 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' - -diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml -index a8b964a..d74d4a2 100644 ---- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Enforce usage of pam_wheel for su authentication' - -diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml -index 335bb5d..ca51240 100644 ---- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Set Interactive Session Timeout' - -diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml -index 0e45130..3cf9dbf 100644 ---- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 - - title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' - -diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml -index f76d670..dd7f173 100644 ---- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2204 - - title: 'All Interactive User Home Directories Must Be Owned By The Primary User' - -diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml -index ceed76c..ce6b0a1 100644 ---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml -+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Ensure the Default Bash Umask is Set Correctly' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml -index 6366b96..570f8d2 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 - - title: 'Ensure auditd Collects File Deletion Events by User' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml -index f4ad2ed..93cf5eb 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml -index 0755669..f877606 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Record Unsuccessful Access Attempts to Files - creat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml -index a12fe0c..9d05301 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Record Unsuccessful Access Attempts to Files - ftruncate' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml -index dbcad7d..68ce39d 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Record Unsuccessful Access Attempts to Files - open' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml -index 34f9b30..32de870 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml -index eb74098..1933e32 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Record Unsuccessful Access Attempts to Files - openat' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml -index 043d5f7..9e12a7f 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Record Unsuccessful Access Attempts to Files - truncate' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml -index 0cf4bd9..f7760da 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml -index e71d5bd..91a93a5 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml -index fa08613..8996d4e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' - -diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml -index 76c509d..15cbb3e 100644 ---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml -+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml -index 2ee32d0..6a6bb10 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml -index 5bf4ae3..4d8dec7 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml -index 4917182..a239c9c 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Permissions' - -diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml -index 9acb58b..8fe56b5 100644 ---- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Set Boot Loader Password in grub2' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml -index 9ff7042..a9c2d97 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9 - - title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml -index 2e51fbb..c1fd9a0 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9 - - title: 'Verify the UEFI Boot Loader grub.cfg User Ownership' - -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml -index 3a23fba..3680a26 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9 - - - title: 'Verify the UEFI Boot Loader grub.cfg Permissions' -diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml -index 47c92fd..36c93f3 100644 ---- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml -+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Set the UEFI Boot Loader Password' - -diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml -index 040db3d..5b66cc7 100644 ---- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml -+++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 - - title: Ensure journald is configured to compress large log files - -diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml -index 4586e0d..18ffb90 100644 ---- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml -+++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15 - - title: Ensure journald is configured to send logs to rsyslog - -diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml -index 91cbbb6..dd08936 100644 ---- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml -+++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 - - title: Ensure journald is configured to write log files to persistent disk - -diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml -index 2b6853a..0a22534 100644 ---- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml -+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 - - title: 'Install firewalld Package' - -diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml -index cd22594..158da80 100644 ---- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml -+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 - - title: 'Verify firewalld Enabled' - -diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml -index 24cea91..94fd5bb 100644 ---- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml -+++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 - - title: 'Install libreswan Package' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml -index 9481514..14eef55 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml -index ae79bcb..3c80517 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml -index 92d5ddb..f2b536e 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml -index 2629d93..778cd1b 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for IPv6 Forwarding' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml -index ee39a00..1461777 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml -index 98f2787..63bb0a3 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces' - -diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml -index bf84b2f..0852539 100644 ---- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml -+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml -index 8756e21..8666c09 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml -index 2ccc278..e0530e3 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml -index 9d84eab..a5b26e9 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml -index e3b2b18..80a2728 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml -index 849ae47..394d25b 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml -index 7bcccbb..bfd5366 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml -index 9a54bbc..3b92c8b 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml -index 6fa5a73..e971a2a 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml -index b688a15..2169e3f 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml -index 90ef90f..d610ec2 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml -index 5b12a1b..d4e89c9 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml -index a5fb5f4..b23c602 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml -index 31e76dd..6c071c2 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml -index 5c4347b..11794ff 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml -index fc30851..84a1895 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' - -diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml -index 55b91f1..8a1a8f8 100644 ---- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml -+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' - -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml -index 8ca0279..3173ab0 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable DCCP Support' - -diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml -index 58260bb..9b4591e 100644 ---- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml -+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable SCTP Support' - -diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml -index fa61a92..d1ae43f 100644 ---- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml -+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Deactivate Wireless Network Interfaces' - -diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml -index 5683f30..b6ecb38 100644 ---- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml -+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml -@@ -2,7 +2,7 @@ documentation_complete: true - - title: 'Ensure All SGID Executables Are Authorized' - --prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 -+prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 - - description: |- - The SGID (set group id) bit should be set only on files that were -diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml -index 249f971..632e432 100644 ---- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml -+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml -@@ -2,7 +2,7 @@ documentation_complete: true - - title: 'Ensure All SUID Executables Are Authorized' - --prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 -+prodtype: alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 - - description: |- - The SUID (set user id) bit should be set only on files that were -diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml -index 7ba3356..3165029 100644 ---- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml -+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204 - - title: 'Ensure All Files Are Owned by a Group' - -diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml -index 86c428a..f3d938e 100644 ---- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml -+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204,uos20 - - title: 'Disable the Automounter' - -diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml -index 96ccbe7..201d075 100644 ---- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml -+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Disable Core Dumps for All Users' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml -index 03e8307..0361260 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 - - title: 'Configure BIND to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml -index e3b95bc..edd5353 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 - - title: 'Configure System Cryptography Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml -index 3a2df05..19c06d1 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 - - title: 'Configure Kerberos to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml -index 5fe513b..3aa207f 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 - - title: 'Configure Libreswan to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml -index f914174..e9b4f57 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 - - title: 'Configure OpenSSL library to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml -index 0902a50..8148be3 100644 ---- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml -+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20 - - title: 'Configure SSH to use System Crypto Policy' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml -index 1600478..22b84d6 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml -@@ -4,7 +4,7 @@ - - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Configure Periodic Execution of AIDE' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml -index f500f74..e61beb9 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,anolis23,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 - - title: 'Install AIDE' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml -index 5c22b20..1c849aa 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 - - title: 'Verify File Hashes with RPM' - -diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml -index 050bda6..4b5d8e1 100644 ---- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml -+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 - - title: 'Verify and Correct File Permissions with RPM' - -diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml -index e5b41c4..1553673 100644 ---- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml -+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 - - title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' - -diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml -index 520f74b..88f0763 100644 ---- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml -+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,uos20 -+prodtype: alinux3,anolis8,anolis23,rhcos4,rhel7,rhel8,rhel9,rhv4,uos20 - - title: 'Ensure Red Hat GPG Key Installed' - -diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -index d114c32..b05900c 100644 ---- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml -@@ -1,6 +1,6 @@ - documentation_complete: true - --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 -+prodtype: alinux2,alinux3,anolis8,anolis23,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 - - title: 'Ensure Software Patches Installed' - -diff --git a/products/anolis23/CMakeLists.txt b/products/anolis23/CMakeLists.txt -new file mode 100644 -index 0000000..231ecda ---- /dev/null -+++ b/products/anolis23/CMakeLists.txt -@@ -0,0 +1,6 @@ -+# Sometimes our users will try to do: "cd anolis23; cmake ." That needs to error in a nice way. -+if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") -+ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") -+endif() -+ -+ssg_build_product("anolis23") -diff --git a/products/anolis23/overlays/.gitkeep b/products/anolis23/overlays/.gitkeep -new file mode 100644 -index 0000000..e69de29 -diff --git a/products/anolis23/product.yml b/products/anolis23/product.yml -new file mode 100644 -index 0000000..5bf3914 ---- /dev/null -+++ b/products/anolis23/product.yml -@@ -0,0 +1,23 @@ -+product: anolis23 -+full_name: Anolis OS 23 -+type: platform -+ -+benchmark_id: ANOLIS-23 -+benchmark_root: "../../linux_os/guide" -+ -+profiles_root: "./profiles" -+ -+pkg_manager: "yum" -+ -+init_system: "systemd" -+ -+cpes_root: "../../shared/applicability" -+cpes: -+ - anolis23: -+ name: "cpe:/o:anolis:anolis_os:23" -+ title: "Anolis OS 23" -+ check_id: installed_OS_is_anolis23 -+ -+# Mapping of CPE platform to package -+platform_package_overrides: -+ login_defs: "shadow-utils" -diff --git a/products/anolis23/profiles/standard.profile b/products/anolis23/profiles/standard.profile -new file mode 100644 -index 0000000..a9f86ca ---- /dev/null -+++ b/products/anolis23/profiles/standard.profile -@@ -0,0 +1,728 @@ -+documentation_complete: true -+ -+title: 'Standard System Security Profile for Anolis OS 8' -+ -+description: |- -+ This profile contains rules to ensure standard security baseline -+ of a Anolis OS 8 system. -+ -+selections: -+ # 1 access-and-control -+ ## 1.1-ensure-cron-daemon-is-enabled -+ ### Level 1 -+ - service_crond_enabled -+ -+ ## 1.2-ensure-permissions-on-etc-crontab-are-configured -+ ### Level 1 -+ - file_groupowner_crontab -+ - file_owner_crontab -+ - file_permissions_crontab -+ -+ ## 1.3-ensure-permissions-on-etc-cron.hourly-are-configured -+ ### Level 1 -+ - file_groupowner_cron_hourly -+ - file_owner_cron_hourly -+ - file_permissions_cron_hourly -+ -+ ## 1.4-ensure-permissions-on-etc-cron.daily-are-configured -+ ### Level 1 -+ - file_groupowner_cron_daily -+ - file_owner_cron_daily -+ - file_permissions_cron_daily -+ -+ ## 1.5-ensure-permissions-on-etc-cron.weekly-are-configured -+ ### Level 1 -+ - file_groupowner_cron_weekly -+ - file_owner_cron_weekly -+ - file_permissions_cron_weekly -+ -+ ## 1.6-ensure-permissions-on-etc-cron.monthly-are-configured -+ ### Level 1 -+ - file_groupowner_cron_monthly -+ - file_owner_cron_monthly -+ - file_permissions_cron_monthly -+ -+ ## 1.7-ensure-permissions-on-etc-cron.d-are-configured -+ ### Level 1 -+ - file_groupowner_cron_d -+ - file_owner_cron_d -+ - file_permissions_cron_d -+ -+ ## 1.8-ensure-at-cron-is-restricted-to-authorized-users -+ ### Level 1 -+ - file_groupowner_cron_allow -+ - file_owner_cron_allow -+ - file_cron_deny_not_exist -+ - file_groupowner_at_allow -+ - file_owner_at_allow -+ - file_at_deny_not_exist -+ - file_permissions_at_allow -+ - file_permissions_cron_allow -+ -+ ## 1.9-ensure-permissions-on-etc-ssh-sshd_config-are-configured -+ ### Level 1 -+ - file_groupowner_sshd_config -+ - file_owner_sshd_config -+ - file_permissions_sshd_config -+ -+ ## 1.10-ensure-ssh-access-is-limited -+ ### Level 2 -+ # Needs rule -+ -+ ## 1.11-ensure-permissions-on-ssh-private-host-key-files-are-configured -+ ### Level 1 -+ - file_permissions_sshd_private_key -+ -+ ## 1.12-ensure-permissions-on-ssh-public-host-key-files-are-configured -+ ### Level 1 -+ - file_permissions_sshd_pub_key -+ -+ ## 1.13-ensure-ssh-loglevel-is-appropriate -+ ### Level 1 -+ - sshd_set_loglevel_verbose -+ # or -+ - sshd_set_loglevel_info -+ -+ ## 1.14-ensure-ssh-maxauthtries-is-set-to-4-or-less -+ ### Level 1 -+ - sshd_max_auth_tries_value=4 -+ - sshd_set_max_auth_tries -+ -+ ## 1.15-ensure-ssh-ignorerhosts-is-enabled -+ ### Level 1 -+ - sshd_disable_rhosts -+ -+ ## 1.16-ensure-ssh-hostbasedauthentication-is-disabled -+ ### Level 1 -+ - disable_host_auth -+ -+ ## 1.17-ensure-ssh-root-login-is-disabled -+ ### Level 1 -+ - sshd_disable_root_login -+ -+ ## 1.18-ensure-ssh-permitemptypasswords-is-disabled -+ ### Level 1 -+ - sshd_disable_empty_passwords -+ -+ ## 1.19-ensure-ssh-permituserenvironment-is-disabled -+ ### Level 1 -+ - sshd_do_not_permit_user_env -+ -+ ## 1.20-ensure-ssh-idle-timeout-interval-is-configured -+ ### Level 1 -+ - sshd_idle_timeout_value=15_minutes -+ - sshd_set_idle_timeout -+ - sshd_set_keepalive -+ - var_sshd_set_keepalive=0 -+ -+ ## 1.21-ensure-ssh-logingracetime-is-set-to-one-minute-or-less -+ ### Level 1 -+ - sshd_set_login_grace_time -+ - var_sshd_set_login_grace_time=60 -+ -+ ## 1.22-ensure-ssh-warning-banner-is-configured -+ ### Level 1 -+ - sshd_enable_warning_banner -+ -+ ## 1.23-ensure-ssh-pam-is-enabled -+ ### Level 1 -+ - sshd_enable_pam -+ -+ ## 1.24-ensure-ssh-maxstartups-is-configured -+ ### Level 1 -+ - sshd_set_maxstartups -+ - var_sshd_set_maxstartups=10:30:60 -+ -+ ## 1.25-ensure-ssh-maxsessions-is-set-to-10-or-less -+ ### Level 1 -+ - sshd_set_max_sessions -+ - var_sshd_max_sessions=10 -+ -+ ## 1.26-ensure-system-wide-crypto-policy-is-not-over-ridden -+ ### Level 1 -+ # Needs rule -+ -+ ## 1.27-ensure-password-creation-requirements-are-configured -+ ### Level 1 -+ - accounts_password_pam_minclass -+ - accounts_password_pam_minlen -+ - accounts_password_pam_retry -+ - var_password_pam_minclass=4 -+ - var_password_pam_minlen=14 -+ -+ ## 1.28-ensure-lockout-for-failed-password-attempts-is-configured -+ ### Level 1 -+ - locking_out_password_attempts -+ -+ ## 1.29-ensure-password-reuse-is-limited -+ ### Level 1 -+ - accounts_password_pam_pwhistory_remember_password_auth -+ - accounts_password_pam_pwhistory_remember_system_auth -+ - var_password_pam_remember_control_flag=required -+ - var_password_pam_remember=5 -+ -+ ## 1.30-ensure-password-hashing-algorithm-is-sha-512 -+ ### Level 1 -+ - set_password_hashing_algorithm_systemauth -+ -+ ## 1.31-ensure-password-expiration-is-365-days-or-less -+ ### Level 1 -+ - accounts_maximum_age_login_defs -+ - var_accounts_maximum_age_login_defs=365 -+ - accounts_password_set_max_life_existing -+ -+ ## 1.32-ensure-minimum-days-between-password-changes-is-7-or-more -+ ### Level 1 -+ - accounts_minimum_age_login_defs -+ - var_accounts_minimum_age_login_defs=7 -+ - accounts_password_set_min_life_existing -+ -+ ## 1.33-ensure-password-expiration-warning-days-is-7-or-more -+ ### Level 1 -+ - accounts_password_warn_age_login_defs -+ - var_accounts_password_warn_age_login_defs=7 -+ -+ ## 1.34-ensure-inactive-password-lock-is-30-days-or-less -+ ### Level 1 -+ - account_disable_post_pw_expiration -+ - var_account_disable_post_pw_expiration=30 -+ -+ ## 1.35-ensure-all-users-last-password-change-date-is-in-the-past -+ ### Level 2 -+ # Needs rule -+ -+ ## 1.36-ensure-system-accounts-are-secured -+ ### Level 1 -+ - no_shelllogin_for_systemaccounts -+ -+ ## 1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less -+ ### Level 1 -+ - accounts_tmout -+ - var_accounts_tmout=15_min -+ -+ ## 1.38-ensure-default-group-for-the-root-account-is-gid-0 -+ ### Level 1 -+ - accounts_root_gid_zero -+ -+ ## 1.39-ensure-default-user-umask-is-027-or-more-restrictive -+ ### Level 1 -+ - accounts_umask_etc_bashrc -+ - accounts_umask_etc_login_defs -+ - accounts_umask_etc_profile -+ - var_accounts_user_umask=027 -+ -+ ## 1.40-ensure-access-to-the-su-command-is-restricted -+ ### Level 1 -+ - use_pam_wheel_for_su -+ -+ ## 1.41-ensure-ssh-server-use-protocol_2 -+ ### Level 1 -+ - sshd_allow_only_protocol2 -+ -+ ## 2.1-ensure-audit-log-files-are-not-read-or-write-accessible-by-unauthorized-users -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.2-ensure-only-authorized-users-own-audit-log-files -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.3-ensure-only-authorized-groups-ownership-of-audit-log-files -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.4-ensure-the-audit-log-directory-is-0750-or-more-restrictive -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.5-ensure-audit-configuration-files-are-0640-or-more-restrictive -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.6-ensure-only-authorized-accounts-own-the-audit-configuration-files -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.7-ensure-only-authorized-groups-own-the-audit-configuration-files -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.8-ensure-audit-tools-are-mode-of-0755-or-more-restrictive -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.9-ensure-audit-tools-are-owned-by-root -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.10-ensure-audit-tools-are-group-owned-by-root -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.11-ensure-cryptographic-mechanisms-are-used-to-protect-the-integrity-of-audit-tools -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.12-ensure-rsyslog-is-installed -+ ### Level 1 -+ - package_rsyslog_installed -+ -+ ## 2.13-ensure-rsyslog-service-is-enabled -+ ### Level 1 -+ - service_rsyslog_enabled -+ -+ ## 2.14-ensure-rsyslog-default-file-permissions-configured -+ ### Level 1 -+ # Needs rule -+ -+ ## 2.15-ensure-rsyslog-is-configured-to-send-logs-to-a-remote-log-host -+ ### Level 2 -+ - rsyslog_remote_loghost -+ -+ ## 2.16-ensure-journald-is-configured-to-send-logs-to-rsyslog -+ ### Level 1 -+ - journald_forward_to_syslog -+ -+ ## 2.17-ensure-journald-is-configured-to-compress-large-log-files -+ ### Level 1 -+ - journald_compress -+ -+ ## 2.18-ensure-journald-is-configured-to-write-logfiles-to-persistent-disk -+ ### Level 1 -+ - journald_storage -+ -+ ## 2.19-ensure-audit-is-installed -+ ### Level 1 -+ - package_audit_installed -+ -+ ## 2.20-ensure-audit-service-is-enabled -+ ### Level 3 -+ - service_auditd_enabled -+ -+ ## 3.1-disable-http-server -+ ### Level 1 -+ - service_httpd_disabled -+ -+ ## 3.2-disable-ftp-server -+ ### Level 1 -+ - service_vsftpd_disabled -+ -+ ## 3.3-disable-dns-server -+ ### Level 1 -+ - service_named_disabled -+ -+ ## 3.4-disable-nfs -+ ### Level 1 -+ - service_nfs_disabled -+ -+ ## 3.5-disable-rpc -+ ### Level 1 -+ - service_rpcbind_disabled -+ -+ ## 3.6-disable-ldap-server -+ ### Level 1 -+ - service_slapd_disabled -+ -+ ## 3.7-disable-dhcp-server -+ ### Level 1 -+ - service_dhcpd_disabled -+ -+ ## 3.8-disable-cups -+ ### Level 1 -+ - service_cups_disabled -+ -+ ## 3.9-disable-nis-server -+ ### Level 1 -+ - service_ypserv_disabled -+ -+ ## 3.10-disable-rsync-server -+ ### Level 1 -+ - service_rsyncd_disabled -+ -+ ## 3.11-disable-avahi-server -+ ### Level 1 -+ - service_avahi-daemon_disabled -+ -+ ## 3.12-disable-snmp-server -+ ### Level 1 -+ - service_snmpd_disabled -+ -+ ## 3.13-disable-http-proxy-server -+ ### Level 1 -+ - service_squid_disabled -+ -+ ## 3.14-disable-samba -+ ### Level 1 -+ - service_smb_disabled -+ -+ ## 3.15-disable-imap-and-pop3-server -+ ### Level 1 -+ - service_dovecot_disabled -+ -+ ## 3.16-disable-smtp-protocol -+ ### Level 1 -+ # Needs rule -+ -+ ## 3.17-disable-telnet-port-23 -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.1-ensure-message-of-the-day-is-configured-properly -+ ### Level 1 -+ - banner_etc_motd -+ - login_banner_text=cis_banners -+ -+ ## 4.2-ensure-local-login-warning-banner-is-configured-properly -+ ### Level 1 -+ - banner_etc_issue -+ - login_banner_text=cis_banners -+ -+ ## 4.3-ensure-remote-login-warning-banner-is-configured-properly -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.4-ensure-permissions-on-etc-motd-are-configured -+ ### Level 1 -+ - file_groupowner_etc_motd -+ - file_owner_etc_motd -+ - file_permissions_etc_motd -+ -+ ## 4.5-ensure-permissions-on-etc-issue-are-configured -+ ### Level 1 -+ - file_groupowner_etc_issue -+ - file_owner_etc_issue -+ - file_permissions_etc_issue -+ -+ ## 4.6-ensure-permissions-on-etc-issue.net-are-configured -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.7-ensure-gpgcheck-is-globally-activated -+ ### Level 1 -+ - ensure_gpgcheck_globally_activated -+ -+ ## 4.8-ensure-aide-is-installed -+ ### Level 1 -+ - package_aide_installed -+ -+ ## 4.9-ensure-filesystem-integrity-is-regularly-checked -+ ### Level 1 -+ - aide_periodic_cron_checking -+ -+ ## 4.10-ensure-bootloader-password-is-set -+ ### Level 2 -+ - grub2_password -+ -+ ## 4.11-ensure-permissions-on-bootloader-config-are-configured -+ ### Level 1 -+ #- file_groupowner_efi_grub2_cfg -+ - file_groupowner_grub2_cfg -+ #- file_owner_efi_grub2_cfg -+ - file_owner_grub2_cfg -+ #- file_permissions_efi_grub2_cfg -+ - file_permissions_grub2_cfg -+ -+ ## 4.12-ensure-authentication-required-for-single-user-mode -+ ### Level 1 -+ - require_singleuser_auth -+ - require_emergency_target_auth -+ -+ ## 4.13-ensure-core-dumps-are-restricted -+ ### Level 1 -+ - disable_users_coredumps -+ - sysctl_fs_suid_dumpable -+ - coredump_disable_backtraces -+ - coredump_disable_storage -+ -+ ## 4.14-ensure-address-space-layout-randomization-(ASLR)-is-enabled -+ ### Level 1 -+ - sysctl_kernel_randomize_va_space -+ -+ ## 4.15-ensure-system-wide-crypto-policy-is-not-legacy -+ ### Level 1 -+ - configure_crypto_policy -+ - var_system_crypto_policy=default_policy -+ -+ ## 4.16-ensure-sticky-bit-is-set-on-all-world-writable-directories -+ ### Level 1 -+ - dir_perms_world_writable_sticky_bits -+ -+ ## 4.17-ensure-permissions-on-etc-passwd-are-configured -+ ### Level 1 -+ - file_permissions_etc_passwd -+ -+ ## 4.18-ensure-permissions-on-etc-shadow-are-configured -+ ### Level 1 -+ - file_owner_etc_shadow -+ - file_groupowner_etc_shadow -+ - file_permissions_etc_shadow -+ -+ ## 4.19-ensure-permissions-on-etc-group-are-configured -+ ### Level 1 -+ - file_groupowner_etc_group -+ - file_owner_etc_group -+ - file_permissions_etc_group -+ -+ ## 4.20-ensure-permissions-on-etc-gshadow-are-configured -+ ### Level 1 -+ - file_groupowner_etc_gshadow -+ - file_owner_etc_gshadow -+ - file_permissions_etc_gshadow -+ -+ ## 4.21-ensure-permissions-on-etc-passwd--are-configured -+ ### Level 1 -+ - file_groupowner_backup_etc_passwd -+ - file_owner_backup_etc_passwd -+ - file_permissions_backup_etc_passwd -+ -+ ## 4.22-ensure-permissions-on-etc-shadow--are-configured -+ ### Level 1 -+ - file_groupowner_backup_etc_shadow -+ - file_owner_backup_etc_shadow -+ - file_permissions_backup_etc_shadow -+ -+ ## 4.23-ensure-permissions-on-etc-group--are-configured -+ ### Level 1 -+ - file_groupowner_backup_etc_group -+ - file_owner_backup_etc_group -+ - file_permissions_backup_etc_group -+ -+ ## 4.24-ensure-permissions-on-etc-gshadow--are-configured -+ ### Level 1 -+ - file_groupowner_backup_etc_gshadow -+ - file_owner_backup_etc_gshadow -+ - file_permissions_backup_etc_gshadow -+ -+ ## 4.25-ensure-no-world-writable-files-exist -+ ### Level 2 -+ - file_permissions_unauthorized_world_writable -+ -+ ## 4.26-ensure-no-unowned-files-or-directories-exist -+ ### Level 2 -+ # Needs rule -+ -+ ## 4.27-ensure-no-ungrouped-files-or-directories-exist -+ ### Level 2 -+ - file_permissions_ungroupowned -+ -+ ## 4.28-ensure-no-password-fields-are-not-empty -+ ### Level 2 -+ # Needs rule -+ -+ ## 4.29-ensure-root-path-integrity -+ ### Level 2 -+ - accounts_root_path_dirs_no_write -+ - root_path_no_dot -+ -+ ## 4.30-ensure-root-is-the-only-uid-0-account -+ ### Level 2 -+ - accounts_no_uid_except_zero -+ -+ ## 4.31-ensure-users-home-directories-permissions-are-750-or-more-restrictive -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.32-ensure-users-own-their-home-directories -+ ### Level 1 -+ - file_ownership_home_directories -+ - file_groupownership_home_directories -+ -+ ## 4.33-ensure-users-dot-files-are-not-group-or-world-writable -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.34-ensure-no-users-have-.forward-files -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.35-ensure-no-users-have-.netrc-files -+ ### Level 1 -+ - no_netrc_files -+ -+ ## 4.36-ensure-users-.netrc-files-are-not-group-or-world-accessible -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.37-ensure-no-users-have-.rhosts-files -+ ### Level 1 -+ - no_rsh_trust_files -+ -+ ## 4.38-ensure-all-groups-in-etc-passwd-exist-in-etc-group -+ ### Level 2 -+ # Needs rule -+ -+ ## 4.39-ensure-no-duplicate-uids-exist -+ ### Level 2 -+ - account_unique_id -+ -+ ## 4.40-ensure-no-duplicate-gids-exist -+ ### Level 2 -+ - group_unique_id -+ -+ ## 4.41-ensure-no-duplicate-user-names-exist -+ ### Level 2 -+ # Needs rule -+ -+ ## 4.42-ensure-no-duplicate-group-names-exist -+ ### Level 2 -+ - group_unique_name -+ -+ ## 4.43-ensure-all-users-home-directories-exist -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.44-ensure-sctp-is-disabled -+ ### Level 1 -+ - kernel_module_sctp_disabled -+ -+ ## 4.45-ensure-dccp-is-disabled -+ ### Level 1 -+ - kernel_module_dccp_disabled -+ -+ ## 4.46-ensure-wireless-interfaces-are-disabled -+ ### Level 1 -+ - wireless_disable_interfaces -+ -+ ## 4.47-ensure-ip-forwarding-is-disabled -+ ### Level 1 -+ - sysctl_net_ipv4_ip_forward -+ - sysctl_net_ipv6_conf_all_forwarding -+ - sysctl_net_ipv6_conf_all_forwarding_value=disabled -+ -+ ## 4.48-ensure-packet-redirect-sending-is-disabled -+ ### Level 1 -+ - sysctl_net_ipv4_conf_all_send_redirects -+ - sysctl_net_ipv4_conf_default_send_redirects -+ -+ ## 4.49-ensure-source-routed-packets-are-not-accepted -+ ### Level 1 -+ - sysctl_net_ipv4_conf_all_accept_source_route -+ - sysctl_net_ipv4_conf_all_accept_source_route_value=disabled -+ - sysctl_net_ipv4_conf_default_accept_source_route -+ - sysctl_net_ipv4_conf_default_accept_source_route_value=disabled -+ - sysctl_net_ipv6_conf_all_accept_source_route -+ - sysctl_net_ipv6_conf_all_accept_source_route_value=disabled -+ - sysctl_net_ipv6_conf_default_accept_source_route -+ - sysctl_net_ipv6_conf_default_accept_source_route_value=disabled -+ -+ ## 4.50-ensure-icmp-redirects-are-not-accepted -+ ### Level 1 -+ - sysctl_net_ipv4_conf_all_accept_redirects -+ - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled -+ - sysctl_net_ipv4_conf_default_accept_redirects -+ - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled -+ - sysctl_net_ipv6_conf_all_accept_redirects -+ - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled -+ - sysctl_net_ipv6_conf_default_accept_redirects -+ - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled -+ -+ ## 4.51-ensure-secure-icmp-redirects-are-not-accepted -+ ### Level 1 -+ - sysctl_net_ipv4_conf_all_secure_redirects -+ - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled -+ - sysctl_net_ipv4_conf_default_secure_redirects -+ - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled -+ -+ ## 4.52-ensure-suspicious-packets-are-logged -+ ### Level 1 -+ - sysctl_net_ipv4_conf_all_log_martians -+ - sysctl_net_ipv4_conf_all_log_martians_value=enabled -+ - sysctl_net_ipv4_conf_default_log_martians -+ - sysctl_net_ipv4_conf_default_log_martians_value=enabled -+ -+ ## 4.53-ensure-broadcast-icmp-requests-are-ignored -+ ### Level 1 -+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts -+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled -+ -+ ## 4.54-ensure-bogus-icmp-responses-are-ignored -+ ### Level 1 -+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses -+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled -+ -+ ## 4.55-ensure-reverse-path-filtering-is-enabled -+ ### Level 1 -+ - sysctl_net_ipv4_conf_all_rp_filter -+ - sysctl_net_ipv4_conf_all_rp_filter_value=enabled -+ - sysctl_net_ipv4_conf_default_rp_filter -+ - sysctl_net_ipv4_conf_default_rp_filter_value=enabled -+ -+ ## 4.56-ensure-tcp-syn-cookies-is-enabled -+ ### Level 1 -+ - sysctl_net_ipv4_tcp_syncookies -+ - sysctl_net_ipv4_tcp_syncookies_value=enabled -+ -+ ## 4.57-ensure-ipv6-router-advertisements-are-not-accepted -+ ### Level 1 -+ - sysctl_net_ipv6_conf_all_accept_ra -+ - sysctl_net_ipv6_conf_all_accept_ra_value=disabled -+ - sysctl_net_ipv6_conf_default_accept_ra -+ - sysctl_net_ipv6_conf_default_accept_ra_value=disabled -+ -+ ## 4.58-ensure-a-firewall-package-is-installed -+ ### Level 1 -+ - package_firewalld_installed -+ -+ ## 4.59-ensure-firewalld-service-is-enabled-and-running -+ ### Level 1 -+ - service_firewalld_enabled -+ -+ ## 4.60-ensure-iptables-is-not-enabled -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.61-ensure-nftables-is-not-enabled -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.62-ensure-nftables-service-is-enabled -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.63-ensure-iptables-packages-are-installed -+ ### Level 1 -+ - package_iptables_installed -+ -+ ## 4.64-ensure-nftables-is-not-installed -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.65-ensure-firewalld-is-not-installed-or-stopped-and-masked -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.66-ensure-system-histsize-as-100-or-other -+ ### Level 1 -+ # Needs rule -+ -+ ## 4.67-ensure-system-histfilesize-100 -+ ### Level 1 -+ # Needs rule -+ -+ ## 5.1-ensure-selinux-is-installed -+ ### Level 1 -+ # Needs rule -+ -+ ## 5.2-ensure-selinux-policy-is-configured -+ ### Level 3 -+ # Needs rule -+ -+ ## 5.3-ensure-the-selinux-mode-is-enabled -+ ### Level 3 -+ # Needs rule -+ -+ ## 5.4-ensure-the-selinux-mode-is-enforcing -+ ### Level 3 -+ # Needs rule -+ -+ ## 5.5-ensure-no-unconfined-services-exist -+ ### Level 4 -+ # Needs rule -+ -+ ## 5.6-use-selinux-for-separation-of-powers-user-created -+ ### Level 4 -+ # Needs rule -+ -+ ## 5.7-use-selinux-for-separation-of-powers-system-administrator-login-permission-configuration -+ ### Level 4 -+ # Needs rule -\ No newline at end of file -diff --git a/products/anolis23/transforms/constants.xslt b/products/anolis23/transforms/constants.xslt -new file mode 100644 -index 0000000..c3323b4 ---- /dev/null -+++ b/products/anolis23/transforms/constants.xslt -@@ -0,0 +1,10 @@ -+ -+ -+ -+ -+Anolis OS 8 -+Anolis 8 -+empty -+anolis -+ -+ -diff --git a/products/anolis23/transforms/table-style.xslt b/products/anolis23/transforms/table-style.xslt -new file mode 100644 -index 0000000..218d0f7 ---- /dev/null -+++ b/products/anolis23/transforms/table-style.xslt -@@ -0,0 +1,5 @@ -+ -+ -+ -+ -+ -diff --git a/products/anolis23/transforms/xccdf-apply-overlay-stig.xslt b/products/anolis23/transforms/xccdf-apply-overlay-stig.xslt -new file mode 100644 -index 0000000..4789419 ---- /dev/null -+++ b/products/anolis23/transforms/xccdf-apply-overlay-stig.xslt -@@ -0,0 +1,8 @@ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/products/anolis23/transforms/xccdf2table-cce.xslt b/products/anolis23/transforms/xccdf2table-cce.xslt -new file mode 100644 -index 0000000..1ffb222 ---- /dev/null -+++ b/products/anolis23/transforms/xccdf2table-cce.xslt -@@ -0,0 +1,9 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/products/anolis23/transforms/xccdf2table-profileccirefs.xslt b/products/anolis23/transforms/xccdf2table-profileccirefs.xslt -new file mode 100644 -index 0000000..5a104d9 ---- /dev/null -+++ b/products/anolis23/transforms/xccdf2table-profileccirefs.xslt -@@ -0,0 +1,9 @@ -+ -+ -+ -+ -+ -+ -+ -+ -+ -diff --git a/shared/checks/oval/installed_OS_is_anolis23.xml b/shared/checks/oval/installed_OS_is_anolis23.xml -new file mode 100644 -index 0000000..7e93811 ---- /dev/null -+++ b/shared/checks/oval/installed_OS_is_anolis23.xml -@@ -0,0 +1,28 @@ -+ -+ -+ -+ Anolis OS 23 -+ -+ multi_platform_all -+ -+ -+ The operating system installed on the system is Anolis OS 23 -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ ^23.*$ -+ -+ -+ anolis-release -+ -+ -+ -diff --git a/ssg/constants.py b/ssg/constants.py -index 82520c3..c0b6196 100644 ---- a/ssg/constants.py -+++ b/ssg/constants.py -@@ -42,6 +42,7 @@ product_directories = [ - 'alinux2', - 'alinux3', - 'anolis8', -+ 'anolis23', - 'chromium', - 'debian10', 'debian11', - 'example', -@@ -198,6 +199,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = { - "Alibaba Cloud Linux 2": "alinux2", - "Alibaba Cloud Linux 3": "alinux3", - "Anolis OS 8": "anolis8", -+ "Anolis OS 23": "anolis23", - "Chromium": "chromium", - "Debian 10": "debian10", - "Debian 11": "debian11", -@@ -271,7 +273,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu", - - MULTI_PLATFORM_MAPPING = { - "multi_platform_alinux": ["alinux2", "alinux3"], -- "multi_platform_anolis": ["anolis8"], -+ "multi_platform_anolis": ["anolis8", "anolis23"], - "multi_platform_debian": ["debian10", "debian11"], - "multi_platform_example": ["example"], - "multi_platform_eks": ["eks"], -diff --git a/tests/unit/ssg-module/test_utils.py b/tests/unit/ssg-module/test_utils.py -index a869bc3..0231546 100644 ---- a/tests/unit/ssg-module/test_utils.py -+++ b/tests/unit/ssg-module/test_utils.py -@@ -12,7 +12,7 @@ def test_is_applicable(): - - assert not utils.is_applicable('fedora,multi_platform_ubuntu', 'rhel7') - assert not utils.is_applicable('ol7', 'rhel7') -- assert not utils.is_applicable('alinux2,alinux3,anolis8,fedora,debian10,debian11,uos20', -+ assert not utils.is_applicable('alinux2,alinux3,anolis8,anolis23,fedora,debian10,debian11,uos20', - 'rhel7') - - --- -2.31.1 - diff --git a/README.md b/README.md deleted file mode 100644 index 7342728d557c602f51c6d278bba9f3dd9faaf356..0000000000000000000000000000000000000000 --- a/README.md +++ /dev/null @@ -1,11 +0,0 @@ -Anolis OS -======================================= -# 代码仓库说明 -## 分支说明 ->进行代码开发工作时,请注意选择当前版本对应的分支 -* aX分支为对应大版本的主分支,如a8分支对应当前最新版本 -* aX.Y分支为对应小版本的维护分支,如a8.2分支对应8.2版本 -## 开发流程 -1. 首先fork目标分支到自己的namespace -2. 在自己的fork分支上做出修改 -3. 向对应的仓库中提交merge request,源分支为fork分支 diff --git a/v0.1.66.tar.gz b/scap-security-guide-0.1.74.tar.bz2 similarity index 50% rename from v0.1.66.tar.gz rename to scap-security-guide-0.1.74.tar.bz2 index 8029e0613f12dcfe07db97164933544e9779a7f0..9cdb84445c3d4ac56666bc2ed9d8f99d864e8c67 100644 Binary files a/v0.1.66.tar.gz and b/scap-security-guide-0.1.74.tar.bz2 differ diff --git a/scap-security-guide.spec b/scap-security-guide.spec index 4c33bc58e1cd22bef3540ac0f3ee0cb778f0bb08..25880c8341e7f47df8b1a4a830c3bd4af1ec47c9 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -2,13 +2,12 @@ %global _vpath_builddir build Name: scap-security-guide -Version: 0.1.66 +Version: 0.1.74 Release: %{anolis_release}%{?dist} Summary: Security guidance and baselines in SCAP formats License: BSD URL: https://github.com/ComplianceAsCode/content/ -Source0: https://github.com/ComplianceAsCode/content/archive/refs/tags/v0.1.66.tar.gz -Patch1001: 1001-add-anolis23-in-product-list.patch +Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 BuildArch: noarch @@ -44,7 +43,7 @@ hardening guidances that have been generated from XCCDF benchmarks present in %{name} package. %prep -%autosetup -n content-%{version} -p1 +%autosetup -p1 %define cmake_defines_common -DSSG_SEPARATE_SCAP_FILES_ENABLED=OFF -DSSG_BASH_SCRIPTS_ENABLED=OFF -DSSG_BUILD_SCAP_12_DS=OFF %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ANOLIS23:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON @@ -68,5 +67,9 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md %doc %{_docdir}/%{name}/guides/*.html %changelog +* Wed Feb 19 2025 Chang Gao - 0.1.74-1 +- Update to 0.1.74 +- Remove patch which already exist in upstream + * Thu Mar 16 2023 happy_orange - 0.1.66-1 - init package