From 42db379a14127d358750c461106e7efbd790c278 Mon Sep 17 00:00:00 2001 From: "steven.y.gui" Date: Fri, 8 Sep 2023 11:48:42 +0800 Subject: [PATCH] add 103 openeuler rules policy --- add-103-openeuler-rules-policy.patch | 1842 ++++++++++++++++++++++++++ scap-security-guide.spec | 1 + 2 files changed, 1843 insertions(+) create mode 100644 add-103-openeuler-rules-policy.patch diff --git a/add-103-openeuler-rules-policy.patch b/add-103-openeuler-rules-policy.patch new file mode 100644 index 0000000..c073a74 --- /dev/null +++ b/add-103-openeuler-rules-policy.patch @@ -0,0 +1,1842 @@ +From 1dab132dc007a1a37ed0c204812ff5fff1b8dc30 Mon Sep 17 00:00:00 2001 +From: "steven.y.gui" +Date: Fri, 8 Sep 2023 10:27:38 +0800 +Subject: [PATCH] add 103 openeuler rules policy + +--- + controls/std_openeuler.yml | 849 +++++++++++++++++- + .../service_avahi-daemon_disabled/rule.yml | 2 +- + .../service_crond_enabled/rule.yml | 2 +- + .../package_openldap-clients_removed/rule.yml | 2 +- + .../package_openldap-servers_removed/rule.yml | 2 +- + .../ntp/ntpd_configure_restrictions/rule.yml | 2 +- + .../nis/package_ypbind_removed/rule.yml | 2 +- + .../nis/package_ypserv_removed/rule.yml | 2 +- + .../obsolete/service_rsyncd_disabled/rule.yml | 4 +- + .../printing/package_cups_removed/rule.yml | 2 +- + .../package_net-snmp_removed/rule.yml | 2 +- + .../sshd_use_strong_ciphers/rule.yml | 2 +- + .../ssh_server/sshd_use_strong_kex/rule.yml | 2 +- + .../ssh_server/sshd_use_strong_macs/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + ...nts_passwords_pam_faillock_unlock_time.var | 1 + + .../accounts_password_pam_dcredit/rule.yml | 2 +- + .../accounts_password_pam_dictcheck/rule.yml | 2 +- + .../rule.yml | 2 +- + .../accounts_password_pam_lcredit/rule.yml | 2 +- + .../accounts_password_pam_minclass/rule.yml | 2 +- + .../accounts_password_pam_minlen/rule.yml | 2 +- + .../accounts_password_pam_ocredit/rule.yml | 2 +- + .../accounts_password_pam_retry/rule.yml | 2 +- + .../accounts_password_pam_ucredit/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../oval/shared.xml | 2 +- + .../require_emergency_target_auth/rule.yml | 4 +- + .../service_debug-shell_disabled/rule.yml | 2 +- + .../account_temp_expire_date/rule.yml | 2 +- + .../account_unique_id/rule.yml | 2 +- + .../group_unique_id/rule.yml | 2 +- + .../group_unique_name/rule.yml | 2 +- + .../no_forward_files/rule.yml | 2 +- + .../rule.yml | 2 +- + .../accounts_umask_etc_bashrc/rule.yml | 2 +- + .../non-uefi/grub2_password/rule.yml | 2 +- + .../uefi/grub2_uefi_password/rule.yml | 2 +- + .../service_firewalld_enabled/rule.yml | 2 +- + .../set_firewalld_appropriate_zone/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_net_ipv4_ip_forward/rule.yml | 2 +- + .../rule.yml | 2 +- + .../service_nftables_enabled/rule.yml | 2 +- + .../set_nftables_loopback_traffic/rule.yml | 2 +- + .../set_nftables_new_connections/rule.yml | 2 +- + .../kernel_module_sctp_disabled/rule.yml | 2 +- + .../file_permissions_ungroupowned/rule.yml | 2 +- + .../files/no_files_unowned_by_user/rule.yml | 2 +- + .../sysctl_kernel_dmesg_restrict/rule.yml | 2 +- + .../rule.yml | 2 +- + .../ensure_gpgcheck_never_disabled/rule.yml | 2 +- + products/openeuler/product.yml | 1 + + products/openeuler2203/product.yml | 1 + + 73 files changed, 921 insertions(+), 73 deletions(-) + +diff --git a/controls/std_openeuler.yml b/controls/std_openeuler.yml +index 5599b04..463709e 100644 +--- a/controls/std_openeuler.yml ++++ b/controls/std_openeuler.yml +@@ -7,8 +7,46 @@ levels: + - id: base + + controls: ++ - id: 1.1.1_no_unowner_ungroup_files ++ title: Ensure All Files Have Owner And Group ++ levels: ++ - base ++ status: automated ++ rules: ++ - no_files_unowned_by_user ++ - file_permissions_ungroupowned ++ ++ - id: 1.1.2_no_empty_symlink ++ title: Ensure No Empty Symlink ++ levels: ++ - base ++ status: planned ++ ++ - id: 1.1.3_no_hidden_exec_files ++ title: Ensure No Hidden Executable Files ++ levels: ++ - base ++ status: planned ++ ++ - id: 1.1.4_global_writable_dir_sticky_set ++ title: Ensure Sticky Set On Global Writable Folder ++ levels: ++ - base ++ status: automated ++ rules: ++ - dir_perms_world_writable_sticky_bits ++ ++ - id: 1.1.5_umask_set_correct ++ title: Ensure UMASK Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_umask_etc_bashrc ++ - var_accounts_user_umask=077 ++ + - id: 1.2.1_ftp_not_installed +- title: Ensure FTP is not installed ++ title: Ensure FTP Not Installed + levels: + - base + status: automated +@@ -16,7 +54,7 @@ controls: + - package_ftp_removed + + - id: 1.2.2_tftp_server_not_installed +- title: Ensure TFTP Server is not installed ++ title: Ensure TFTP Server Not Installed + levels: + - base + status: automated +@@ -25,10 +63,815 @@ controls: + - package_tftp-server_removed + + - id: 1.2.3_telnet_server_not_installed +- title: Ensure Telnet Server is not installed ++ title: Ensure Telnet Server Not Installed + levels: + - base + status: automated + rules: + - package_telnet_removed + - package_telnet-server_removed ++ ++ - id: 1.2.4_snmp_not_installed ++ title: Ensure SNMP Not Installed ++ levels: ++ - base ++ status: automated ++ rules: ++ - package_net-snmp_removed ++ ++ - id: 1.2.5_python2_not_installed ++ title: Ensure Python2 Not Installed ++ levels: ++ - base ++ status: planned ++ ++ - id: 1.2.6_gpg_check_configured ++ title: Ensure GPG Check Configured ++ levels: ++ - base ++ status: automated ++ rules: ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ ++ - id: 1.2.7_debug-shell_disabled ++ title: Ensure Debug-Shell Disabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_debug-shell_disabled ++ ++ - id: 1.2.8_rsync_not_installed ++ title: Ensure Rsync Not Installed ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_rsyncd_disabled ++ ++ - id: 1.2.9_avahi_not_installed ++ title: Ensure Avahi Not Installed ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_avahi-daemon_disabled ++ ++ - id: 1.2.10_ldap_server_not_installed ++ title: Ensure LDAP Server Not Installed ++ levels: ++ - base ++ status: automated ++ rules: ++ - package_openldap-servers_removed ++ ++ - id: 1.2.11_cups_not_installed ++ title: Ensure CUPS Not Installed ++ levels: ++ - base ++ status: automated ++ rules: ++ - package_cups_removed ++ ++ - id: 1.2.12_nis_server_not_installed ++ title: Ensure NIS Server Not Installed ++ levels: ++ - base ++ status: automated ++ rules: ++ - package_ypserv_removed ++ ++ - id: 1.2.13_nis_client_not_installed ++ title: Ensure NIS Client Not Installed ++ levels: ++ - base ++ status: automated ++ rules: ++ - package_ypbind_removed ++ ++ - id: 1.2.14_ldap_client_not_installed ++ title: Ensure LDAP Client Not Installed ++ levels: ++ - base ++ status: automated ++ rules: ++ - package_openldap-clients_removed ++ ++ ++ - id: 2.1.1_login_accounts_are_necessary ++ title: Ensure All Login Accounts Are Necessary ++ levels: ++ - base ++ status: planned ++ ++ - id: 2.1.2_no_unused_accounts ++ title: Ensure No Unused Accounts ++ levels: ++ - base ++ status: planned ++ ++ - id: 2.1.3_different_accounts_have_different_groupid ++ title: Ensure Different Accounts Have Different GroupID ++ levels: ++ - base ++ status: planned ++ ++ - id: 2.1.4_no_uid_0_except_root ++ title: Ensure Only Root's UID Is 0 ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_no_uid_except_zero ++ ++ - id: 2.1.5_account_related_files_permission ++ title: Ensure Account Related Files Have Correct Permission ++ levels: ++ - base ++ status: automated ++ rules: ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ - file_owner_etc_gshadow ++ - file_groupowner_etc_gshadow ++ - file_owner_backup_etc_passwd ++ - file_groupowner_backup_etc_passwd ++ - file_owner_backup_etc_shadow ++ - file_groupowner_backup_etc_shadow ++ - file_owner_backup_etc_group ++ - file_groupowner_backup_etc_group ++ - file_owner_backup_etc_gshadow ++ - file_groupowner_backup_etc_gshadow ++ - file_permissions_etc_passwd ++ - file_permissions_etc_shadow ++ - file_permissions_etc_group ++ - file_permissions_etc_gshadow ++ - file_permissions_backup_etc_passwd ++ - file_permissions_backup_etc_shadow ++ - file_permissions_backup_etc_group ++ - file_permissions_backup_etc_gshadow ++ ++ - id: 2.1.6_account_has_home_dir ++ title: Ensure All Accounts Have Own Home Folder ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_user_interactive_home_directory_exists ++ ++ - id: 2.1.7_all_groups_existed ++ title: Ensure All Groups Existed ++ levels: ++ - base ++ status: automated ++ rules: ++ - gid_passwd_group_same ++ ++ - id: 2.1.8_unique_uid ++ title: Ensure UID Unique ++ levels: ++ - base ++ status: automated ++ rules: ++ - account_unique_id ++ ++ - id: 2.1.9_account_unique_name ++ title: Ensure Account Name Unique ++ levels: ++ - base ++ status: automated ++ rules: ++ - account_unique_name ++ ++ - id: 2.1.10_group_unique_id ++ title: Ensure Group Unique ID ++ levels: ++ - base ++ status: automated ++ rules: ++ - group_unique_id ++ ++ - id: 2.1.11_group_unique_name ++ title: Ensure Group Unique Name ++ levels: ++ - base ++ status: automated ++ rules: ++ - group_unique_name ++ ++ - id: 2.1.12_account_expire ++ title: Ensure Account Expire Date Correct ++ levels: ++ - base ++ status: manual ++ rules: ++ - account_temp_expire_date ++ ++ - id: 2.1.13_no_forward_in_home ++ title: Ensure No .forward Files In Home Folder ++ levels: ++ - base ++ status: automated ++ rules: ++ - no_forward_files ++ ++ - id: 2.1.14_no_netrc_in_home ++ title: Ensure No .netrc Files In Home Folder ++ levels: ++ - base ++ status: automated ++ rules: ++ - no_netrc_files ++ ++ - id: 2.2.1_password_complexity_correct ++ title: Ensure Set Correct Password Complexity ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_password_pam_minlen ++ - var_password_pam_minlen=8 ++ - accounts_password_pam_minclass ++ - var_password_pam_minclass=3 ++ - accounts_password_pam_retry ++ - var_password_pam_retry=3 ++ - accounts_password_pam_dcredit ++ - var_password_pam_dcredit=0 ++ - accounts_password_pam_ucredit ++ - var_password_pam_ucredit=0 ++ - accounts_password_pam_lcredit ++ - var_password_pam_lcredit=0 ++ - accounts_password_pam_ocredit ++ - var_password_pam_ocredit=0 ++ - accounts_password_pam_enforce_root ++ ++ - id: 2.2.2_history_password_not_used ++ title: Ensure No History Password Used ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_password_pam_unix_remember ++ - var_password_pam_unix_remember=5 ++ ++ - id: 2.2.3_verify_old_password ++ title: Ensure Old Password Verified ++ levels: ++ - base ++ status: planned ++ ++ - id: 2.2.4_no_username_in_password ++ title: Ensure Password Not Contain User Name ++ levels: ++ - base ++ status: planned ++ ++ - id: 2.2.5_strong_hash_algorithm_for_password ++ title: Ensure Using Strong Hash Algorithm To Encipher Password ++ levels: ++ - base ++ status: automated ++ rules: ++ - set_password_hashing_algorithm_systemauth ++ - set_password_hashing_algorithm_passwordauth ++ ++ - id: 2.2.6_password_dictionary_correct ++ title: Ensure Password Dictionary Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_password_pam_dictcheck ++ ++ - id: 2.2.7_password_expire_correct ++ title: Ensure Password Expire Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_maximum_age_login_defs ++ - var_accounts_maximum_age_login_defs=90 ++ - accounts_password_warn_age_login_defs ++ - var_accounts_password_warn_age_login_defs=7 ++ - accounts_minimum_age_login_defs ++ - var_accounts_minimum_age_login_defs=0 ++ ++ - id: 2.2.8_forbid_empty_password ++ title: Ensure No Empty Password ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_disable_empty_passwords ++ ++ - id: 2.2.9_grub_password_set ++ title: Ensure Grub Password Set ++ levels: ++ - base ++ status: automated ++ rules: ++ - grub2_password ++ - grub2_uefi_password ++ ++ - id: 2.2.10_single_user_password_set ++ title: Ensure Password Set In Single User Mode ++ levels: ++ - base ++ status: automated ++ rules: ++ - require_emergency_target_auth ++ ++ - id: 2.3.1_account_lock_after_accessing_fail ++ title: Ensure Account Locked After Accessing Fail ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_passwords_pam_faillock_deny ++ - var_accounts_passwords_pam_faillock_deny=3 ++ - accounts_passwords_pam_faillock_unlock_time ++ - var_accounts_passwords_pam_faillock_unlock_time=300 ++ ++ - id: 2.3.2_session_timeout_set_correct ++ title: Ensure TIMOUT Set Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - accounts_tmout ++ - var_accounts_tmout=5_min ++ ++ ++ - id: 3.1.1_unusual_network_service_not_used ++ title: Ensure No Unusual Network Service ++ levels: ++ - base ++ status: automated ++ rules: ++ - kernel_module_sctp_disabled ++ - kernel_module_tipc_disabled ++ ++ - id: 3.2.1_firewalld_enabled ++ title: Ensure Firewalld Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_firewalld_enabled ++ ++ - id: 3.2.2_firewalld_default_zone_correct ++ title: Ensure Firewalld Set Default Zone Correctly ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.2.3_firewalld_interface_set_to_correct_zone ++ title: Ensure Firewalld Set Correct Interface Zone ++ levels: ++ - base ++ status: manual ++ rules: ++ - set_firewalld_appropriate_zone ++ ++ - id: 3.2.4_firewalld_disable_unnecessary_service_and_port ++ title: Ensure Unnecessary Service And Port Disabled ++ levels: ++ - base ++ status: manual ++ rules: ++ - unnecessary_firewalld_services_ports_disabled ++ ++ - id: 3.2.5_iptables_enabled ++ title: Ensure Iptables Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_iptables_enabled ++ - service_ip6tables_enabled ++ ++ - id: 3.2.6_iptables_default_refuse_rules ++ title: Ensure Iptables Default Refuse Rules Set ++ levels: ++ - base ++ status: manual ++ rules: ++ - set_iptables_default_rule ++ ++ - id: 3.2.7_iptables_loopback_rules ++ title: Ensure Iptables Loopback Rules Set ++ levels: ++ - base ++ status: automated ++ rules: ++ - set_loopback_traffic ++ - set_ipv6_loopback_traffic ++ ++ - id: 3.2.8_iptables_input_rules ++ title: Ensure Iptables Input Rules Set ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.2.9_iptables_output_rules ++ title: Ensure Iptables Output Rules Set ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.2.10_iptables_input_output_connection_rules ++ title: Ensure Iptables Input Output Connection Rules Set ++ levels: ++ - base ++ status: manual ++ rules: ++ - set_iptables_outbound_n_established ++ ++ - id: 3.2.11_nftables_enabled ++ title: Ensure Nftables Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_nftables_enabled ++ ++ - id: 3.2.12_nftables_default_refuse_rules ++ title: Ensure Nftables Default Refuse Rules Set ++ levels: ++ - base ++ status: manual ++ rules: ++ - nftables_ensure_default_deny_policy ++ ++ - id: 3.2.13_nftables_loopback_rules ++ title: Ensure Nftables Loopback Rules Set ++ levels: ++ - base ++ status: manual ++ rules: ++ - set_nftables_loopback_traffic ++ ++ - id: 3.2.14_nftables_input_rules ++ title: Ensure Nftables Input Rules Set ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.2.15_nftables_output_rules ++ title: Ensure Nftables Output Rules Set ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.2.16_nftables_input_output_connection_rules ++ title: Ensure Nftables Input Output Connection Rules Set ++ levels: ++ - base ++ status: manual ++ rules: ++ - set_nftables_new_connections ++ ++ - id: 3.3.1_sshd_protocol_is_2 ++ title: Ensure SSHd Protocol Version Is 2 ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_allow_only_protocol2 ++ ++ - id: 3.3.2_sshd_authentication_setting_correct ++ title: Ensure SSHd Authentication Setting Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_disable_rhosts ++ - disable_host_auth ++ ++ - id: 3.3.3_sshd_keyexchange_correct ++ title: Ensure SSHd Key Exchange Algorithm Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_use_strong_kex ++ ++ - id: 3.3.4_sshd_pubkey_correct ++ title: Ensure SSHd Pubkey Algorithm Correct ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.3.5_sshd_pam_enabled ++ title: Ensure SSHd PAM Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_enable_pam ++ ++ - id: 3.3.6_sshd_mac_correct ++ title: Ensure SSHd MACs Algorithm Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_use_strong_macs ++ ++ - id: 3.3.7_sshd_ciphers_correct ++ title: Ensure SSHd Ciphers Algorithm Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_use_strong_ciphers ++ ++ - id: 3.3.8_sshd_ciphers_not_overwritten ++ title: Ensure SSHd Ciphers Algorithm Not Overwritten ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.3.9_sshd_forbid_root_login ++ title: Ensure SSHd Forbid Root Login From Remote ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_disable_root_login ++ ++ - id: 3.3.10_sshd_log_level_correct ++ title: Ensure SSHd Log Level Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_set_loglevel_verbose ++ ++ - id: 3.3.11_sshd_listen_addr ++ title: Ensure SSHd Listen Address Set Correct ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.3.12_sshd_maxstartups_correct ++ title: Ensure SSHd MaxStartups Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_set_maxstartups ++ - var_sshd_set_maxstartups=10:30:60 ++ ++ - id: 3.3.13_sshd_maxsessions_correct ++ title: Ensure SSHd Maxsessions Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_set_max_sessions ++ - var_sshd_max_sessions=10 ++ ++ - id: 3.3.14_sshd_forbid_x11_forwarding ++ title: Ensure SSHd X11 Forwarding Forbidden ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_disable_x11_forwarding ++ ++ - id: 3.3.15_sshd_maxauthtries_correct ++ title: Ensure SSHd MaxAuthTries Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_set_max_auth_tries ++ - sshd_max_auth_tries_value=3 ++ ++ - id: 3.3.16_sshd_forbid_permituserenvironment ++ title: Ensure SSHd PermitUserEnvironment Forbidden ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_do_not_permit_user_env ++ ++ - id: 3.3.17_sshd_logingracetime_correct ++ title: Ensure SSHd LoginGraceTime Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_set_login_grace_time ++ - var_sshd_set_login_grace_time=60 ++ ++ - id: 3.3.18_sshd_authorized_keys_forbidden ++ title: Ensure SSHd Authorized Keys Not Set ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.3.19_sshd_known_hosts_forbidden ++ title: Ensure SSHd Known Hosts Not Set ++ levels: ++ - base ++ status: automated ++ rules: ++ - sshd_disable_user_known_hosts ++ ++ - id: 3.3.20_sshd_no_obsolete_config ++ title: Ensure SSHd Has No Obsolete Configurations ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.4.1_crontab_not_run_low_privilege_user_writable_bash ++ title: Ensure Cron Not Run Low Privilege User Writable Bash ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.4.2_cron_enabled ++ title: Ensure Cron Deamon Running ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_crond_enabled ++ ++ - id: 3.5.1_kaslr_enabled ++ title: Ensure KASLR Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_kernel_randomize_va_space ++ ++ - id: 3.5.2_dmesg_access_permission_correct ++ title: Ensure Dmesg Access Permission Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_kernel_dmesg_restrict ++ ++ - id: 3.5.3_kptr_restrict_correct ++ title: Ensure Kptr_restrict Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_kernel_kptr_restrict ++ - sysctl_kernel_kptr_restrict_value=1 ++ ++ - id: 3.5.4_smap_enabled ++ title: Ensure Kernel SMAP Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - grub2_nosmap_argument_absent ++ ++ - id: 3.5.5_smep_enabled ++ title: Ensure Kernel SMEP Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - grub2_nosmep_argument_absent ++ ++ - id: 3.5.6_not_response_icmp_broadcast ++ title: Ensure ICMP Broadcast Package Not Responsed ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ ++ - id: 3.5.7_not_receive_icmp_redirect ++ title: Ensure ICMP Redirect Package Not Received ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled ++ - sysctl_net_ipv4_conf_all_secure_redirects ++ - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled ++ - sysctl_net_ipv4_conf_default_secure_redirects ++ - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled ++ ++ - id: 3.5.8_forbid_forward_icmp_redirect_package ++ title: Ensure No ICMP Redirect Package Forwarded ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_net_ipv4_conf_all_send_redirects ++ - sysctl_net_ipv4_conf_default_send_redirects ++ ++ - id: 3.5.9_ignore_all_icmp_request ++ title: Ensure Ignore All ICMP Request ++ levels: ++ - base ++ status: planned ++ ++ - id: 3.5.10_ignore_bogus_error_icmp_package ++ title: Ensure Ignore Bogus Error ICMP Package ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses ++ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled ++ ++ - id: 3.5.11_rp_filter_enabled ++ title: Ensure Reverse Proxy Filter Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_net_ipv4_conf_all_rp_filter ++ - sysctl_net_ipv4_conf_all_rp_filter_value=enabled ++ - sysctl_net_ipv4_conf_default_rp_filter ++ - sysctl_net_ipv4_conf_default_rp_filter_value=enabled ++ ++ - id: 3.5.12_forbid_ip_forwarding ++ title: Ensure IP Forwarding Disabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_net_ipv4_ip_forward ++ - sysctl_net_ipv6_conf_all_forwarding ++ - sysctl_net_ipv6_conf_all_forwarding_value=disabled ++ ++ - id: 3.5.13_source_route_disabled ++ title: Ensure Source Route Disabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ - sysctl_net_ipv4_conf_all_accept_source_route_value=disabled ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ - sysctl_net_ipv4_conf_default_accept_source_route_value=disabled ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ - sysctl_net_ipv6_conf_all_accept_source_route_value=disabled ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ - sysctl_net_ipv6_conf_default_accept_source_route_value=disabled ++ ++ - id: 3.6.1_ntpd_configuration_correct ++ title: Ensure Ntpd Configuration Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_ntpd_enabled ++ - ntpd_configure_restrictions ++ - ntpd_specify_remote_server ++ ++ - id: 3.6.2_chrony_configuration_correct ++ title: Ensure Chrony Configuration Correct ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_chronyd_enabled ++ - chronyd_specify_remote_server ++ ++ ++ - id: 4.1.1_auditd_enabled ++ title: Ensure Auditd Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_auditd_enabled ++ ++ - id: 4.1.2_auditd_rotate_enabled ++ title: Ensure Auditd Rotate Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - auditd_data_retention_max_log_file_action ++ - var_auditd_max_log_file_action=rotate ++ - auditd_data_retention_num_logs ++ - var_auditd_num_logs=5 ++ ++ - id: 4.2.1_rsyslog_enabled ++ title: Ensure Rsyslog Enabled ++ levels: ++ - base ++ status: automated ++ rules: ++ - service_rsyslog_enabled +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +index 2b0e53a..b19024e 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Avahi Server Software' + +diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +index ec390e3..57b10d5 100644 +--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Enable cron Service' + +diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +index 2ec31a2..429ee11 100644 +--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +@@ -8,7 +8,7 @@ + + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 + + title: 'Ensure LDAP client is not installed' + +diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +index bf75fff..15cfa2c 100644 +--- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +@@ -11,7 +11,7 @@ + + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 ++prodtype: openeuler,openeuler2203,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 + + title: 'Uninstall openldap-servers Package' + +diff --git a/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml b/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml +index de51899..bdcec4b 100644 +--- a/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml ++++ b/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,rhel7,sle12,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,openeuler,openeuler2203,rhel7,sle12,ubuntu2004,ubuntu2204 + + title: 'Configure server restrictions for ntpd' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +index c5f90c4..0c02891 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Remove NIS Client' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +index b057fc5..273ac59 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Uninstall ypserv Package' + +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +index de1f832..38fcbb5 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure rsyncd service is disabled' + +@@ -47,3 +47,5 @@ template: + packagename@ol7: rsync + packagename@sle12: rsync + packagename@sle15: rsync ++ packagename@openeuler: rsync ++ packagename@openeuler2203: rsync +diff --git a/linux_os/guide/services/printing/package_cups_removed/rule.yml b/linux_os/guide/services/printing/package_cups_removed/rule.yml +index df44086..390d453 100644 +--- a/linux_os/guide/services/printing/package_cups_removed/rule.yml ++++ b/linux_os/guide/services/printing/package_cups_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler,openeuler2203,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Uninstall CUPS Package' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +index 3763480..9cfc697 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian11,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: debian10,debian11,fedora,ol7,ol8,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Uninstall net-snmp Package' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml +index 91e0556..1fbb9ad 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,rhel7,sle12,sle15,ubuntu2204 ++prodtype: ol7,openeuler,openeuler2203,rhel7,sle12,sle15,ubuntu2204 + + title: 'Use Only Strong Ciphers' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml +index 0a0b3a9..25f9bcb 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler,openeuler2203,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Use Only Strong Key Exchange algorithms' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml +index b6fea18..290b6d7 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,rhel7,sle12,sle15,ubuntu2204 ++prodtype: ol7,openeuler,openeuler2203,rhel7,sle12,sle15,ubuntu2204 + + title: 'Use Only Strong MACs' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +index f3e6931..8ec50b5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Limit Password Reuse' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +index 3f7bbd8..1cc2638 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,ubuntu2204 + + title: 'Lock Accounts After Failed Password Attempts' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +index 7157b51..df1cb5f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,ubuntu2204 + + title: 'Set Lockout Time for Failed Password Attempts' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_accounts_passwords_pam_faillock_unlock_time.var b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_accounts_passwords_pam_faillock_unlock_time.var +index 46c73e4..206b03e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_accounts_passwords_pam_faillock_unlock_time.var ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/var_accounts_passwords_pam_faillock_unlock_time.var +@@ -17,5 +17,6 @@ options: + 604800: 604800 + 86400: 86400 + 900: 900 ++ 300: 300 + default: 0 + never: 0 +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +index e67cd88..d5f9746 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +index d41ca6c..76f0278 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol8,ol9,openeuler,openeuler2203,rhel8,rhel9,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +index 198475c..9556a31 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol9,rhel8,rhel9 ++prodtype: fedora,ol9,openeuler,openeuler2203,rhel8,rhel9 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for root User' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +index 5799a7b..efffdcc 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +index 45a8dfa..242c289 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +index f05b6e0..9405892 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Length' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +index 632aa24..72aa240 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +index df2272b..a1e073a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +index 6c631ea..8e92116 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +index bf87c9c..6429c58 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4 + + title: "Set PAM''s Password Hashing Algorithm - password-auth" + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +index 5375365..513ec7d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: "Set PAM''s Password Hashing Algorithm" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +index fadfa30..7cc8b57 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +@@ -36,7 +36,7 @@ + + + /usr/lib/systemd/system/emergency.service +- {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}} ++ {{%- if product in ["fedora", "ol8", "ol9", "openeuler", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}} + ^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency + {{%- else -%}} + ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +index e3b3c18..e2e8b3b 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Require Authentication for Emergency Systemd Target' + +@@ -86,7 +86,7 @@ fixtext: |- + Configure {{{ full_name }}} to require authentication for system emergency mode. + + Add or edit the following line in "/usr/lib/systemd/system/emergency.service": +- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}} ++ {{% if product in ["fedora", "ol8", "ol9", "openeuler", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}} + ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency + {{%- else -%}} + ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" +diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +index f232eb7..ac93b58 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 + + title: 'Disable debug-shell SystemD Service' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +index d4b7117..7f21632 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Assign Expiration Date to Temporary Accounts' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +index 3cda626..805b65c 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Accounts on the System Have Unique User IDs' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +index aa5a69c..796102a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Groups on the System Have Unique Group ID' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +index 55b2c5e..a2793d9 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,openeuler,openeuler2203,rhel7,rhel8,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Groups on the System Have Unique Group Names' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml +index c101f11..53f5675 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,openeuler,openeuler2203,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Verify No .forward Files Exist' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +index e58fb7d..f35812f 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'All Interactive Users Home Directories Must Exist' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +index 1795fac..013ceea 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure the Default Bash Umask is Set Correctly' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +index 9acb58b..022892d 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set Boot Loader Password in grub2' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +index 18d5b92..d82f1ae 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set the UEFI Boot Loader Password' + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +index cd22594..98d64dc 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Verify firewalld Enabled' + +diff --git a/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml +index ae73778..9dca20e 100644 +--- a/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,openeuler,openeuler2203,sle15 + + title: 'Ensure network interfaces are assigned to appropriate zone' + +diff --git a/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml b/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml +index 05f7144..608fcc5 100644 +--- a/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: sle15 ++prodtype: openeuler,openeuler2203,sle15 + + title: 'Ensure Unnecessary Services and Ports Are Not Accepted' + +diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml +index 88b1b36..f287a6e 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml ++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: sle12,sle15 ++prodtype: openeuler,openeuler2203,sle12,sle15 + + title: 'Ensure Outbound and Established Connections are Configured' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +index 9a69794..6436a1d 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +index c1f0dc4..594ea7e 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +index c02cdc4..60574b0 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for IPv6 Forwarding' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +index e985040..fb22514 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +index 8756e21..8452042 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +index 2ccc278..d3b3c5b 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +index e3b2b18..29ed59f 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +index 849ae47..05520be 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +index 9a54bbc..30a2a52 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +index b688a15..9f4cde4 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +index 90ef90f..85e46c3 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +index 5b12a1b..5d08c84 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +index a5fb5f4..2382465 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +index e6b948b..6b1339c 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +index fc30851..c332cf9 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +index a485053..cbf5bce 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml +index 7d989f7..6bf22f6 100644 +--- a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler,openeuler2203,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure nftables Default Deny Firewall Policy' + +diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml +index 5be921e..388ef42 100644 +--- a/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler,openeuler2203,rhel7,rhel8,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify nftables Service is Enabled' + +diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml +index 043c11b..3a6fd18 100644 +--- a/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler,openeuler2203,sle15,ubuntu2004,ubuntu2204 + + title: 'Set nftables Configuration for Loopback Traffic' + +diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml +index ae1a369..df5cc53 100644 +--- a/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: sle15 ++prodtype: openeuler,openeuler2203,sle15 + + title: 'Ensure all outbound and established connections are configured for nftables' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +index 20eeb3e..78c85d1 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable SCTP Support' + +diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +index 11060d0..712b847 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Files Are Owned by a Group' + +diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +index 13650fc..ccd5eef 100644 +--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml ++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Files Are Owned by a User' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +index b73d219..1c51955 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Restrict Access to Kernel Message Buffer' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +index 18c6f48..3e8fc56 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +index 6428781..b136e6b 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler,openeuler2203,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories' + +diff --git a/products/openeuler/product.yml b/products/openeuler/product.yml +index fd33efe..1b22b09 100644 +--- a/products/openeuler/product.yml ++++ b/products/openeuler/product.yml +@@ -8,6 +8,7 @@ benchmark_root: "../../linux_os/guide" + profiles_root: "./profiles" + + pkg_manager: "dnf" ++pkg_manager_config_file: "/etc/yum.conf" + + init_system: "systemd" + +diff --git a/products/openeuler2203/product.yml b/products/openeuler2203/product.yml +index 89e9f8b..5beaac5 100644 +--- a/products/openeuler2203/product.yml ++++ b/products/openeuler2203/product.yml +@@ -8,6 +8,7 @@ benchmark_root: "../../linux_os/guide" + profiles_root: "./profiles" + + pkg_manager: "dnf" ++pkg_manager_config_file: "/etc/yum.conf" + + init_system: "systemd" + +-- + diff --git a/scap-security-guide.spec b/scap-security-guide.spec index bc9c4c3..177a4c8 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -7,6 +7,7 @@ URL: https://github.com/ComplianceAsCode/content/ Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2 Patch0001: add-openeuler-support.patch +Patch0002: add-103-openeuler-rules-policy.patch BuildArch: noarch BuildRequires: libxslt, expat, python3, openscap-scanner >= 1.2.5, cmake >= 3.8, python3-jinja2, python3-PyYAML -- Gitee