From 9d8cc465bc3e9bb735d453973a1c1de4d2b7a845 Mon Sep 17 00:00:00 2001 From: Gabe Date: Tue, 29 Sep 2020 13:09:27 -0600 Subject: [PATCH] Enable rules and fix zipl template for RHCOS --- linux_os/guide/services/mail/package_sendmail_removed/rule.yml | 2 +- linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml | 2 +- .../guide/services/sssd/sssd_offline_cred_expiration/rule.yml | 2 +- .../console_screen_locking/configure_bashrc_exec_tmux/rule.yml | 2 +- .../configure_tmux_lock_after_time/rule.yml | 2 +- .../console_screen_locking/configure_tmux_lock_command/rule.yml | 2 +- .../console_screen_locking/package_tmux_installed/rule.yml | 2 +- .../system/accounts/accounts-session/accounts_tmout/rule.yml | 2 +- .../system/auditing/policy_rules/audit_access_failed/rule.yml | 2 +- .../system/auditing/policy_rules/audit_access_success/rule.yml | 2 +- .../auditing/policy_rules/audit_basic_configuration/rule.yml | 2 +- .../system/auditing/policy_rules/audit_create_failed/rule.yml | 2 +- .../system/auditing/policy_rules/audit_create_success/rule.yml | 2 +- .../system/auditing/policy_rules/audit_delete_failed/rule.yml | 2 +- .../system/auditing/policy_rules/audit_delete_success/rule.yml | 2 +- .../auditing/policy_rules/audit_immutable_login_uids/rule.yml | 2 +- .../system/auditing/policy_rules/audit_modify_failed/rule.yml | 2 +- .../system/auditing/policy_rules/audit_modify_success/rule.yml | 2 +- .../system/auditing/policy_rules/audit_module_load/rule.yml | 2 +- .../system/auditing/policy_rules/audit_ospp_general/rule.yml | 2 +- .../auditing/policy_rules/audit_owner_change_failed/rule.yml | 2 +- .../auditing/policy_rules/audit_owner_change_success/rule.yml | 2 +- .../auditing/policy_rules/audit_perm_change_failed/rule.yml | 2 +- .../auditing/policy_rules/audit_perm_change_success/rule.yml | 2 +- .../system/auditing/policy_rules/audit_rules_for_ospp/rule.yml | 2 +- .../guide/system/bootloader-zipl/zipl_audit_argument/rule.yml | 2 +- .../bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml | 2 +- .../guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml | 2 +- .../system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml | 2 +- .../guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml | 2 +- .../system/bootloader-zipl/zipl_page_poison_argument/rule.yml | 2 +- .../system/bootloader-zipl/zipl_slub_debug_argument/rule.yml | 2 +- .../system/bootloader-zipl/zipl_vsyscall_argument/rule.yml | 2 +- .../permissions/partitions/mount_option_boot_nodev/rule.yml | 2 +- .../permissions/partitions/mount_option_boot_nosuid/rule.yml | 2 +- .../permissions/partitions/mount_option_home_nosuid/rule.yml | 2 +- .../mount_option_nodev_nonroot_local_partitions/rule.yml | 2 +- .../permissions/partitions/mount_option_tmp_nodev/rule.yml | 2 +- .../permissions/partitions/mount_option_tmp_noexec/rule.yml | 2 +- .../permissions/partitions/mount_option_tmp_nosuid/rule.yml | 2 +- .../partitions/mount_option_var_log_audit_nodev/rule.yml | 2 +- .../partitions/mount_option_var_log_audit_noexec/rule.yml | 2 +- .../partitions/mount_option_var_log_audit_nosuid/rule.yml | 2 +- .../permissions/partitions/mount_option_var_log_nodev/rule.yml | 2 +- .../permissions/partitions/mount_option_var_log_noexec/rule.yml | 2 +- .../permissions/partitions/mount_option_var_log_nosuid/rule.yml | 2 +- .../permissions/partitions/mount_option_var_nodev/rule.yml | 2 +- .../permissions/partitions/mount_option_var_nosuid/rule.yml | 2 +- .../software/disk_partitioning/encrypt_partitions/rule.yml | 2 +- .../software/integrity/crypto/ssh_client_rekey_limit/rule.yml | 2 +- rhcos4/profiles/ospp.profile | 1 - 51 files changed, 50 insertions(+), 51 deletions(-) diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml index 05d7fcfb9b2..1b62fb49fb5 100644 --- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Uninstall Sendmail Package' diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml index fd63c8d46e9..7a51b3960f2 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4 title: 'Enable Smartcards in SSSD' diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml index 3f8dcc0cd89..b2c450b58e2 100644 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,rhcos4 title: 'Configure SSSD to Expire Offline Credentials' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml index 2536369ac20..21edfc9f0b7 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8 +prodtype: fedora,ol8,rhel8,rhcos4 title: 'Support session locking with tmux' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml index dd8d3cc665c..7816ebc8f91 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8 +prodtype: fedora,ol8,rhel8,rhcos4 title: 'Configure tmux to lock session after inactivity' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml index 9ec02f821a2..bf1ea79df99 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8 +prodtype: fedora,ol8,rhel8,rhcos4 title: 'Configure the tmux Lock Command' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml index 33fbe1bb11d..c900612b1bc 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8,rhv4 +prodtype: fedora,ol8,rhel8,rhv4,rhcos4 title: 'Install the tmux Package' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml index efe2bb6e937..895290d04ab 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,rhcos4 title: 'Set Interactive Session Timeout' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml index 1139b5ad9ef..458ac7e0ae6 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of unsuccessful file accesses' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml index 12a0bda54e5..064618716e8 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of successful file accesses' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml index 4c878aecefd..cce5e83fd6e 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhcos4 +prodtype: ol8,rhel8,rhcos4,rhcos4 title: 'Configure basic parameters of Audit system' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml index 07728afb71f..92800b472c7 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of unsuccessful file creations' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml index d81cd3ae86b..59db7b10073 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of successful file creations' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml index 4d8fc27b98c..2f67a150dc5 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of unsuccessful file deletions' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml index b42c69dc73f..f54899fb842 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of successful file deletions' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml index 1f9c237834d..e9b85f815b8 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure immutable Audit login UIDs' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml index fa91128194c..51f9d76f06d 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhcos4 +prodtype: ol8,rhel8,rhcos4,rhcos4 title: 'Configure auditing of unsuccessful file modifications' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml index 6ba53e816b5..b51acc04dcb 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of successful file modifications' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml index b38afedcfbf..20bfca83eee 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhcos4 +prodtype: ol8,rhel8,rhcos4,rhcos4 title: 'Configure auditing of loading and unloading of kernel modules' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml index 2e38bd8218d..fbf7473cc4c 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhcos4 +prodtype: ol8,rhel8,rhcos4,rhcos4 title: 'Perform general configuration of Audit for OSPP' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml index d9ca290b392..b0052f8b645 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of unsuccessful ownership changes' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml index e61b6c73f13..3657a32fc3a 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of successful ownership changes' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml index 960bdf94a12..477c74282d0 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of unsuccessful permission changes' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml index bf8340f0abc..53ecf9d589a 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,rhcos4 title: 'Configure auditing of successful permission changes' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml index 88281198ffe..26e7016c5b8 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,rhcos4 title: 'Configure audit according to OSPP requirements' diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml index 46705e77570..c2fb5ba678c 100644 --- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml +++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL' diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml index c7bb7f26190..6548c352acc 100644 --- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml +++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL' diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml index ae00dfedd70..c3f032d8cbb 100644 --- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml +++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Ensure all zIPL boot entries are BLS compliant' diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml index 90db3e98a29..13192cd8ca5 100644 --- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml +++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Ensure zIPL bootmap is up to date' diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml index b0bc0fc374f..261b227dd58 100644 --- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml +++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Ensure SELinux Not Disabled in zIPL' diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml index 6bd785347a5..42c1c8aecd5 100644 --- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml +++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Enable page allocator poisoning in zIPL' diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml index 8cbc46eab98..2f9b04f7a27 100644 --- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml +++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Enable SLUB/SLAB allocator poisoning in zIPL' diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml index 82f109ccc5f..f90a0fb4141 100644 --- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml +++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Disable vsyscalls in zIPL' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml index ac37b3f9529..52561195737 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add nodev Option to /boot' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml index ab2711f4831..ebf09614ac4 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add nosuid Option to /boot' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml index 4d514d06822..dadd3fa3e97 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,rhcos4 title: 'Add nosuid Option to /home' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml index 4ca394f2235..15b54df2174 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add nodev Option to Non-Root Local Partitions' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml index 9a3a4352237..bcd15e15965 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804 +prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804,rhcos4 title: 'Add nodev Option to /tmp' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml index 42ccba3bce6..7c8bf290fe1 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,rhcos4 title: 'Add noexec Option to /tmp' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml index 87bbbc312cd..0f4a0288340 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804 +prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15,ubuntu1804,rhcos4 title: 'Add nosuid Option to /tmp' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml index 93c7c67bd1b..c2765b6c619 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add nodev Option to /var/log/audit' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml index 3d66e72c696..820c8385b3f 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add noexec Option to /var/log/audit' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml index 7754082d029..344bafd252a 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add nosuid Option to /var/log/audit' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml index 702d6325fa4..4647f2e1c0d 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add nodev Option to /var/log' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml index 8bb1004d670..91fe9594ff0 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add noexec Option to /var/log' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml index 2e183ea39aa..7c11a923def 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add nosuid Option to /var/log' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml index 030c0f9df4b..fe4aaae5028 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhcos4 title: 'Add nodev Option to /var' diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml index 436da278d2c..14ee493fbee 100644 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,rhcos4 title: 'Add nosuid Option to /var' diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml index de2cbae9a82..80d1856778a 100644 --- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4 +prodtype: ol7,ol8,rhel7,rhel8,rhv4,rhcos4 title: 'Encrypt Partitions' diff --git a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml index 1ff99481d22..e9112161016 100644 --- a/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml +++ b/linux_os/guide/system/software/integrity/crypto/ssh_client_rekey_limit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8 +prodtype: rhel8,rhcos4 title: 'Configure session renegotiation for SSH client' diff --git a/rhcos4/profiles/ospp.profile b/rhcos4/profiles/ospp.profile index 5db9a88168d..4d44176bb74 100644 --- a/rhcos4/profiles/ospp.profile +++ b/rhcos4/profiles/ospp.profile @@ -308,4 +308,3 @@ selections: - zipl_vsyscall_argument - zipl_vsyscall_argument.role=unscored - zipl_vsyscall_argument.severity=info - - zipl_pti_argument