ComplianceAsCode
diff --git a/‎tests/data/product_stability/al2023.yml‎
Lines changed: 106 additions & 0 deletions b/‎tests/data/product_stability/al2023.yml‎
Lines changed: 106 additions & 0 deletions
diff --git a/‎tests/data/product_stability/alinux2.yml‎
Lines changed: 8 additions & 7 deletions b/‎tests/data/product_stability/alinux2.yml‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎tests/data/product_stability/alinux3.yml‎
Lines changed: 8 additions & 7 deletions b/‎tests/data/product_stability/alinux3.yml‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎tests/data/product_stability/almalinux9.yml‎
Lines changed: 107 additions & 0 deletions b/‎tests/data/product_stability/almalinux9.yml‎
Lines changed: 107 additions & 0 deletions
diff --git a/‎tests/data/product_stability/anolis23.yml‎
Lines changed: 7 additions & 6 deletions b/‎tests/data/product_stability/anolis23.yml‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎tests/data/product_stability/anolis8.yml‎
Lines changed: 7 additions & 6 deletions b/‎tests/data/product_stability/anolis8.yml‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎tests/data/product_stability/debian11.yml‎
Lines changed: 8 additions & 7 deletions b/‎tests/data/product_stability/debian11.yml‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎tests/data/product_stability/debian12.yml‎
Lines changed: 8 additions & 7 deletions b/‎tests/data/product_stability/debian12.yml‎
Lines changed: 8 additions & 7 deletions
@@ -0,0 +1,106 @@
+aide_also_checks_audispd: 'yes'
+aide_also_checks_rsyslog: 'no'
+aide_bin_path: /usr/sbin/aide
+aide_conf_path: /etc/aide.conf
+audisp_conf_path: /etc/audit
+audit_binaries:
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
+audit_watches_style: legacy
+auid: 1000
+basic_properties_derived: true
+benchmark_id: AL-2023
+benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
+chrony_conf_path: /etc/chrony.conf
+chrony_d_path: /etc/chrony.d/
+components_root: ../../components
+cpes:
+- al2023:
+    check_id: installed_OS_is_al2023
+    name: cpe:/o:amazon:amazon_linux:2023
+    title: Amazon Linux 2023
+cpes_root: ../../shared/applicability
+dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
+faillock_path: /var/log/faillock
+full_name: Amazon Linux 2023
+gid_min: 1000
+groups:
+  dedicated_ssh_keyowner:
+    name: ssh_keys
+grub2_boot_path: /boot/grub2
+grub2_uefi_boot_path: /boot/grub2
+grub_helper_executable: grubby
+init_system: systemd
+journald_conf_dir_path: /etc/systemd/journald.conf.d
+login_defs_path: /etc/login.defs
+nobody_gid: 65534
+nobody_uid: 65534
+pkg_manager: dnf
+pkg_manager_config_file: /etc/dnf/dnf.conf
+pkg_system: rpm
+platform_package_overrides:
+  aarch64_arch: null
+  grub2: grub2-common
+  login_defs: shadow-utils
+  no_ovirt: null
+  non-uefi: null
+  not_aarch64_arch: null
+  not_s390x_arch: null
+  ovirt: null
+  s390x_arch: null
+  sssd: sssd-common
+  sssd-ldap: null
+  uefi: null
+  zipl: s390utils-base
+product: al2023
+profiles_root: ./profiles
+reference_uris:
+  anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf
+  app-srg: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers
+  app-srg-ctr: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
+  bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf
+  cis: https://www.cisecurity.org/benchmark/amazon_linux/
+  cis-csc: https://www.cisecurity.org/controls/
+  cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf
+  cobit5: https://www.isaca.org/resources/cobit
+  cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf
+  dcid: not_officially_available
+  disa: https://www.cyber.mil/stigs/cci/
+  hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf
+  isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat
+  isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu
+  ism: https://www.cyber.gov.au/acsc/view-all-content/ism
+  iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html
+  nerc-cip: https://www.nerc.com/pa/Stand/AlignRep/One%20Stop%20Shop.xlsx
+  nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
+  nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
+  os-srg: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os
+  ospp: https://www.niap-ccevs.org/Profile/PP.cfm
+  pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
+  pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
+  stigid: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+  stigref: https://www.cyber.mil/stigs/srg-stig-tools/
+release_key_fingerprint: B21C50FA44A99720EAA72F7FE951904AD832C631
+rsyslog_cafile: /etc/pki/tls/cert.pem
+sshd_distributed_config: 'true'
+sshd_runtime_check: 'false'
+sysctl_remediate_drop_in_file: 'false'
+target_oval_version:
+- 5
+- 11
+target_oval_version_str: '5.11'
+type: platform
+uid_min: 1000
+xwindows_packages:
+- xorg-x11-server-Xorg
+- xorg-x11-server-common
+- xorg-x11-server-utils
+- xorg-x11-server-Xwayland
@@ -4,13 +4,13 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
 basic_properties_derived: true
@@ -85,6 +85,7 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sshd_runtime_check: 'false'
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,13 +4,13 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
 basic_properties_derived: true
@@ -85,6 +85,7 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sshd_runtime_check: 'false'
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -0,0 +1,107 @@
+aide_also_checks_audispd: 'yes'
+aide_also_checks_rsyslog: 'no'
+aide_bin_path: /usr/sbin/aide
+aide_conf_path: /etc/aide.conf
+audisp_conf_path: /etc/audit
+audit_binaries:
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
+audit_watches_style: legacy
+auid: 1000
+basic_properties_derived: true
+benchmark_id: ALMALINUX-9
+benchmark_root: ../../linux_os/guide
+bootable_containers_supported: 'false'
+chrony_conf_path: /etc/chrony.conf
+chrony_d_path: /etc/chrony.d/
+components_root: ../../components
+cpes:
+- almalinux9:
+    check_id: installed_OS_is_almalinux9
+    name: cpe:/o:almalinux:almalinux:9
+    title: AlmaLinux OS 9
+cpes_root: ../../shared/applicability
+dconf_gdm_dir: gdm.d
+dynamic_uid_max: 65519
+dynamic_uid_min: 61184
+faillock_path: /var/run/faillock
+full_name: AlmaLinux OS 9
+gid_min: 1000
+groups: {}
+grub2_boot_path: /boot/grub2
+grub2_uefi_boot_path: /boot/grub2
+grub_helper_executable: grubby
+init_system: systemd
+login_defs_path: /etc/login.defs
+major_version_ordinal: 9
+nobody_gid: 65534
+nobody_uid: 65534
+oval_feed_url: https://security.almalinux.org/oval/org.almalinux.alsa-9.xml.bz2
+pkg_manager: dnf
+pkg_manager_config_file: /etc/dnf/dnf.conf
+pkg_release: 61e69f29
+pkg_system: rpm
+pkg_version: b86b3716
+platform_package_overrides:
+  aarch64_arch: null
+  grub2: grub2-common
+  login_defs: login
+  no_ovirt: null
+  non-uefi: null
+  not_aarch64_arch: null
+  not_s390x_arch: null
+  ovirt: null
+  s390x_arch: null
+  sssd: sssd-common
+  sssd-ldap: null
+  uefi: null
+  zipl: s390utils-base
+product: almalinux9
+profiles_root: ./profiles
+reference_uris:
+  anssi: https://cyber.gouv.fr/sites/default/files/document/linux_configuration-en-v2.pdf
+  app-srg: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=application-servers
+  app-srg-ctr: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=app-security
+  bsi: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf
+  cis: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+  cis-csc: https://www.cisecurity.org/controls/
+  cjis: https://www.fbi.gov/file-repository/cjis-security-policy-v5_5_20160601-2-1.pdf
+  cobit5: https://www.isaca.org/resources/cobit
+  cui: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-171.pdf
+  dcid: not_officially_available
+  disa: https://www.cyber.mil/stigs/cci/
+  hipaa: https://www.gpo.gov/fdsys/pkg/CFR-2007-title45-vol1/pdf/CFR-2007-title45-vol1-chapA-subchapC.pdf
+  isa-62443-2009: https://www.isa.org/products/isa-62443-2-1-2009-security-for-industrial-automat
+  isa-62443-2013: https://www.isa.org/products/ansi-isa-62443-3-3-99-03-03-2013-security-for-indu
+  ism: https://www.cyber.gov.au/acsc/view-all-content/ism
+  iso27001-2013: https://www.iso.org/contents/data/standard/05/45/54534.html
+  nerc-cip: https://www.nerc.com/pa/Stand/AlignRep/One%20Stop%20Shop.xlsx
+  nist: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf
+  nist-csf: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
+  os-srg: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os
+  ospp: https://www.niap-ccevs.org/Profile/PP.cfm
+  pcidss: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
+  pcidss4: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
+  stigid: https://www.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+  stigref: https://www.cyber.mil/stigs/srg-stig-tools/
+release_key_fingerprint: BF18AC2876178908D6E71267D36CB86CB86B3716
+rsyslog_cafile: /etc/pki/tls/cert.pem
+sshd_distributed_config: 'false'
+sshd_runtime_check: 'false'
+sysctl_remediate_drop_in_file: 'false'
+target_oval_version:
+- 5
+- 11
+target_oval_version_str: '5.11'
+type: platform
+uid_min: 1000
+xwindows_packages:
+- xorg-x11-server-Xorg
+- xorg-x11-server-common
+- xorg-x11-server-utils
+- xorg-x11-server-Xwayland
@@ -4,12 +4,12 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
 basic_properties_derived: true
@@ -84,6 +84,7 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sshd_runtime_check: 'false'
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,12 +4,12 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
 basic_properties_derived: true
@@ -84,6 +84,7 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sshd_runtime_check: 'false'
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,13 +4,13 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
 basic_properties_derived: true
@@ -94,6 +94,7 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sshd_runtime_check: 'false'
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5
 
@@ -4,13 +4,13 @@ aide_bin_path: /usr/sbin/aide
 aide_conf_path: /etc/aide/aide.conf
 audisp_conf_path: /etc/audit
 audit_binaries:
-  - /sbin/auditctl
-  - /sbin/aureport
-  - /sbin/ausearch
-  - /sbin/autrace
-  - /sbin/auditd
-  - /sbin/audispd
-  - /sbin/augenrules
+- /sbin/auditctl
+- /sbin/aureport
+- /sbin/ausearch
+- /sbin/autrace
+- /sbin/auditd
+- /sbin/audispd
+- /sbin/augenrules
 audit_watches_style: legacy
 auid: 1000
 basic_properties_derived: true
@@ -95,6 +95,7 @@ reference_uris:
   stigref: https://www.cyber.mil/stigs/srg-stig-tools/
 rsyslog_cafile: /etc/pki/tls/cert.pem
 sshd_distributed_config: 'false'
+sshd_runtime_check: 'false'
 sysctl_remediate_drop_in_file: 'false'
 target_oval_version:
 - 5