From 6c5c3aab284dcb7bd9d9ad63b0dcae184d5a35c7 Mon Sep 17 00:00:00 2001
From: Gabe <redhatrises@gmail.com>
Date: Tue, 29 Sep 2020 13:09:27 -0600
Subject: [PATCH] Enable rules and fix zipl template for RHCOS

---
 .../mail/package_sendmail_removed/rule.yml         |  2 +-
 .../services/sssd/sssd_enable_smartcards/rule.yml  |  2 +-
 .../sssd/sssd_offline_cred_expiration/rule.yml     |  2 +-
 .../configure_bashrc_exec_tmux/rule.yml            |  2 +-
 .../configure_tmux_lock_after_time/rule.yml        |  2 +-
 .../configure_tmux_lock_command/rule.yml           |  2 +-
 .../package_tmux_installed/rule.yml                |  2 +-
 .../accounts-session/accounts_tmout/rule.yml       |  2 +-
 .../policy_rules/audit_access_failed/rule.yml      |  2 +-
 .../policy_rules/audit_access_success/rule.yml     |  2 +-
 .../audit_basic_configuration/rule.yml             |  2 +-
 .../policy_rules/audit_create_failed/rule.yml      |  2 +-
 .../policy_rules/audit_create_success/rule.yml     |  2 +-
 .../policy_rules/audit_delete_failed/rule.yml      |  2 +-
 .../policy_rules/audit_delete_success/rule.yml     |  2 +-
 .../audit_immutable_login_uids/rule.yml            |  2 +-
 .../policy_rules/audit_modify_failed/rule.yml      |  2 +-
 .../policy_rules/audit_modify_success/rule.yml     |  2 +-
 .../policy_rules/audit_module_load/rule.yml        |  2 +-
 .../policy_rules/audit_ospp_general/rule.yml       |  2 +-
 .../audit_owner_change_failed/rule.yml             |  2 +-
 .../audit_owner_change_success/rule.yml            |  2 +-
 .../policy_rules/audit_perm_change_failed/rule.yml |  2 +-
 .../audit_perm_change_success/rule.yml             |  2 +-
 .../policy_rules/audit_rules_for_ospp/rule.yml     |  2 +-
 .../bootloader-zipl/zipl_audit_argument/rule.yml   |  2 +-
 .../zipl_audit_backlog_limit_argument/rule.yml     |  2 +-
 .../bootloader-zipl/zipl_bls_entries_only/rule.yml |  2 +-
 .../zipl_bootmap_is_up_to_date/rule.yml            |  2 +-
 .../bootloader-zipl/zipl_enable_selinux/rule.yml   |  2 +-
 .../zipl_page_poison_argument/rule.yml             |  2 +-
 .../zipl_slub_debug_argument/rule.yml              |  2 +-
 .../zipl_vsyscall_argument/rule.yml                |  2 +-
 .../partitions/mount_option_boot_nodev/rule.yml    |  2 +-
 .../partitions/mount_option_boot_nosuid/rule.yml   |  2 +-
 .../partitions/mount_option_home_nosuid/rule.yml   |  2 +-
 .../rule.yml                                       |  2 +-
 .../partitions/mount_option_tmp_nodev/rule.yml     |  2 +-
 .../partitions/mount_option_tmp_noexec/rule.yml    |  2 +-
 .../partitions/mount_option_tmp_nosuid/rule.yml    |  2 +-
 .../mount_option_var_log_audit_nodev/rule.yml      |  2 +-
 .../mount_option_var_log_audit_noexec/rule.yml     |  2 +-
 .../mount_option_var_log_audit_nosuid/rule.yml     |  2 +-
 .../partitions/mount_option_var_log_nodev/rule.yml |  2 +-
 .../mount_option_var_log_noexec/rule.yml           |  2 +-
 .../mount_option_var_log_nosuid/rule.yml           |  2 +-
 .../partitions/mount_option_var_nodev/rule.yml     |  2 +-
 .../partitions/mount_option_var_nosuid/rule.yml    |  2 +-
 .../disk_partitioning/encrypt_partitions/rule.yml  |  2 +-
 .../crypto/ssh_client_rekey_limit/rule.yml         |  2 +-
 rhcos4/profiles/ospp.profile                       |  1 -
 .../template_OVAL_zipl_bls_entries_option          | 14 +++++++-------
 52 files changed, 57 insertions(+), 58 deletions(-)

diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
index 8bcde0d9c3d8..79155af68d29 100644
--- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
+++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Uninstall Sendmail Package'
 
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
index d61dcd32d916..a4ae31348d61 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4
 
 title: 'Enable Smartcards in SSSD'
 
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
index 241c10aad345..f125653e11fb 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,rhcos4
 
 title: 'Configure SSSD to Expire Offline Credentials'
 
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
index 2536369ac207..21edfc9f0b7a 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhcos4
 
 title: 'Support session locking with tmux'
 
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
index dd8d3cc665c1..7816ebc8f915 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhcos4
 
 title: 'Configure tmux to lock session after inactivity'
 
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
index 9ec02f821a2b..bf1ea79df99d 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhcos4
 
 title: 'Configure the tmux Lock Command'
 
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
index c819453054f2..fa2c1cd02888 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhv4
+prodtype: fedora,ol8,rhel8,rhv4,rhcos4
 
 title: 'Install the tmux Package'
 
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index ef067352831d..fcac79a4c4a8 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4
 
 title: 'Set Interactive Session Timeout'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
index a9f50243cc27..3c1a7a82baf0 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of unsuccessful file accesses'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
index fbac235cb96a..37ba82c16fc5 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of successful file accesses'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
index 4c878aecefd4..cce5e83fd6ea 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhel8,rhcos4,rhcos4
 
 title: 'Configure basic parameters of Audit system'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
index 07728afb71f3..92800b472c7b 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of unsuccessful file creations'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
index d81cd3ae86b0..59db7b10073e 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of successful file creations'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
index 4d8fc27b98ca..2f67a150dc59 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of unsuccessful file deletions'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
index b42c69dc73fc..f54899fb842c 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of successful file deletions'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
index 1f9c237834db..e9b85f815b8c 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure immutable Audit login UIDs'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
index fa91128194c7..51f9d76f06d9 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhel8,rhcos4,rhcos4
 
 title: 'Configure auditing of unsuccessful file modifications'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
index 6ba53e816b58..b51acc04dcbb 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of successful file modifications'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
index b38afedcfbfc..20bfca83eee3 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhel8,rhcos4,rhcos4
 
 title: 'Configure auditing of loading and unloading of kernel modules'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
index 2e38bd8218db..fbf7473cc4c5 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhel8,rhcos4,rhcos4
 
 title: 'Perform general configuration of Audit for OSPP'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
index d9ca290b3929..b0052f8b645c 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of unsuccessful ownership changes'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
index e61b6c73f135..3657a32fc3a0 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of successful ownership changes'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
index 960bdf94a121..477c74282d0e 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of unsuccessful permission changes'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
index bf8340f0abc7..53ecf9d589a4 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhcos4
 
 title: 'Configure auditing of successful permission changes'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
index 88281198ffe0..26e7016c5b8f 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,rhcos4
 
 title: 'Configure audit according to OSPP requirements'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
index 46705e77570b..c2fb5ba678c3 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
index c7bb7f261900..6548c352acc6 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
index ae00dfedd706..c3f032d8cbb2 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Ensure all zIPL boot entries are BLS compliant'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
index 90db3e98a29e..13192cd8ca50 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Ensure zIPL bootmap is up to date'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
index b0bc0fc374f0..261b227dd584 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Ensure SELinux Not Disabled in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
index 6bd785347a56..42c1c8aecd52 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Enable page allocator poisoning in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
index 8cbc46eab984..2f9b04f7a270 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Enable SLUB/SLAB allocator poisoning in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
index 82f109ccc5f5..f90a0fb41419 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Disable vsyscalls in zIPL'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
index 6c1bc531055a..b1ab3be02ebd 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nodev Option to /boot'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
index a67c90df4c11..9a56a16ce1bc 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nosuid Option to /boot'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
index a1995408358d..b7533806b67f 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,rhcos4
 
 title: 'Add nosuid Option to /home'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
index 936c67db4784..1367ebe562b8 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nodev Option to Non-Root Local Partitions'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
index 66cfdc0d0451..4d5c01fc1cda 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,ubuntu1804,rhcos4
 
 title: 'Add nodev Option to /tmp'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
index f57cdcdbe9c2..0ecfa66aab65 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,rhcos4
 
 title: 'Add noexec Option to /tmp'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
index ba9b2e4d2ea3..d7b7ae2bd91b 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,sle15,ubuntu1804,rhcos4
 
 title: 'Add nosuid Option to /tmp'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
index dcda85d73d13..5bde848671ab 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nodev Option to /var/log/audit'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
index 33c49cbb9693..98d2e66fbe5a 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add noexec Option to /var/log/audit'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
index bde1ab38236c..33621bdb1a64 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nosuid Option to /var/log/audit'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
index 2f517a7e8816..86385b8a8930 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nodev Option to /var/log'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
index d6720398c3e6..3091c8195d78 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add noexec Option to /var/log'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
index 2a533dfdaa94..7f68bed0547f 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nosuid Option to /var/log'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
index 268647a34396..24cce815d262 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nodev Option to /var'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
index 195a61e170e5..084385e1a8a0 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel6,rhel7,rhel8
+prodtype: fedora,rhel6,rhel7,rhel8,rhcos4
 
 title: 'Add nosuid Option to /var'
 
diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
index 98c4df67add7..ff64ae8966bc 100644
--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: ol7,ol8,rhel6,rhel7,rhel8,rhv4,rhcos4
 
 title: 'Encrypt Partitions'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
index 735a68b264d1..6ef2df99f33f 100644
--- a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,rhcos4
 
 title: 'Configure session renegotiation for SSH client'
 
diff --git a/rhcos4/profiles/ospp.profile b/rhcos4/profiles/ospp.profile
index 5db9a88168d4..4d44176bb740 100644
--- a/rhcos4/profiles/ospp.profile
+++ b/rhcos4/profiles/ospp.profile
@@ -308,4 +308,3 @@ selections:
     - zipl_vsyscall_argument
     - zipl_vsyscall_argument.role=unscored
     - zipl_vsyscall_argument.severity=info
-    - zipl_pti_argument
diff --git a/shared/templates/template_OVAL_zipl_bls_entries_option b/shared/templates/template_OVAL_zipl_bls_entries_option
index 8b786450f093..2c07412a02ec 100644
--- a/shared/templates/template_OVAL_zipl_bls_entries_option
+++ b/shared/templates/template_OVAL_zipl_bls_entries_option
@@ -2,21 +2,21 @@
   <definition class="compliance" id="{{{ _RULE_ID }}}" version="1">
     {{{ oval_metadata("Ensure " + ARG_NAME_VALUE + " option is configured in the 'options' line in /boot/loader/entries/*.conf.") }}}
     <criteria operator="AND">
-      <criterion test_ref="test_bls_{{{ SANITIZED_ARG_NAME }}}_options"
+      <criterion test_ref="test_bls_zipl_{{{ SANITIZED_ARG_NAME }}}_options"
       comment="Check if {{{ ARG_NAME_VALUE }}} is present in the 'options' line in /boot/loader/entries/*.conf" />
       <criterion test_ref="test_kernel_update_{{{ SANITIZED_ARG_NAME }}}_option"
       comment="Make sure that newly installed kernels will retain {{{ ARG_NAME_VALUE }}} option" />
     </criteria>
   </definition>
 
-  <ind:textfilecontent54_test id="test_bls_{{{ SANITIZED_ARG_NAME }}}_options"
+  <ind:textfilecontent54_test id="test_bls_zipl_{{{ SANITIZED_ARG_NAME }}}_options"
   comment="check for kernel option {{{ ARG_NAME_VALUE }}} for all snippets in /boot/loader/entries"
   check="all" check_existence="all_exist" version="1">
-    <ind:object object_ref="object_bls_{{{ SANITIZED_ARG_NAME }}}_options" />
-    <ind:state state_ref="state_bls_{{{ SANITIZED_ARG_NAME }}}_option" />
+    <ind:object object_ref="object_bls_zipl_{{{ SANITIZED_ARG_NAME }}}_options" />
+    <ind:state state_ref="state_bls_zipl_{{{ SANITIZED_ARG_NAME }}}_option" />
   </ind:textfilecontent54_test>
 
-  <ind:textfilecontent54_object id="object_bls_{{{ SANITIZED_ARG_NAME }}}_options"
+  <ind:textfilecontent54_object id="object_bls_zipl_{{{ SANITIZED_ARG_NAME }}}_options"
   version="1">
     <ind:filepath operation="pattern match">^/boot/loader/entries/.*\.conf$</ind:filepath>
     <ind:pattern operation="pattern match">^options (.*)$</ind:pattern>
@@ -27,7 +27,7 @@
   comment="Check for option {{{ ARG_NAME_VALUE }}} in /etc/kernel/cmdline"
   check="all" check_existence="all_exist" version="1">
     <ind:object object_ref="object_kernel_update_{{{ SANITIZED_ARG_NAME }}}_option" />
-    <ind:state state_ref="state_bls_{{{ SANITIZED_ARG_NAME }}}_option" />
+    <ind:state state_ref="state_bls_zipl_{{{ SANITIZED_ARG_NAME }}}_option" />
   </ind:textfilecontent54_test>
   <ind:textfilecontent54_object id="object_kernel_update_{{{ SANITIZED_ARG_NAME }}}_option"
   version="1">
@@ -36,7 +36,7 @@
     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
   </ind:textfilecontent54_object>
 
-  <ind:textfilecontent54_state id="state_bls_{{{ SANITIZED_ARG_NAME }}}_option"
+  <ind:textfilecontent54_state id="state_bls_zipl_{{{ SANITIZED_ARG_NAME }}}_option"
   version="1">
     <ind:subexpression datatype="string" operation="pattern match">^(?:.*\s)?{{{ ESCAPED_ARG_NAME_VALUE }}}(?:\s.*)?$</ind:subexpression>
   </ind:textfilecontent54_state>