From 60c8a45087ce2e66858f9d38faa097d635bc5f6e Mon Sep 17 00:00:00 2001 From: jinlun Date: Tue, 24 Sep 2024 10:57:30 +0800 Subject: [PATCH] support openeuler 2409 --- scap-security-guide.spec | 6 +- support-openeuler-2409.patch | 3317 ++++++++++++++++++++++++++++++++++ 2 files changed, 3322 insertions(+), 1 deletion(-) create mode 100644 support-openeuler-2409.patch diff --git a/scap-security-guide.spec b/scap-security-guide.spec index c7c4406..6d8fa46 100644 --- a/scap-security-guide.spec +++ b/scap-security-guide.spec @@ -1,6 +1,6 @@ Name: scap-security-guide Version: 0.1.68 -Release: 4 +Release: 5 Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause URL: https://github.com/ComplianceAsCode/content/ @@ -9,6 +9,7 @@ Source0: https://github.com/ComplianceAsCode/content/releases/download/v%{versio Patch0001: add-openeuler-support.patch Patch0002: add-openeuler-control-rules.patch Patch0003: optimize-rules-for-openEuler.patch +Patch0004: support-openeuler-2409.patch BuildArch: noarch BuildRequires: libxslt, expat, python3, openscap-scanner >= 1.2.5, cmake >= 3.8, python3-jinja2, python3-PyYAML @@ -64,6 +65,9 @@ cd build %doc %{_docdir}/%{name}/tables/*.html %changelog +* Tue Sep 24 2024 jinlun - 0.1.68-5 +- support openeuler 2409 + * Sat Feb 24 2024 wangqingsan - 0.1.68-4 - optimiz rules for openEuler diff --git a/support-openeuler-2409.patch b/support-openeuler-2409.patch new file mode 100644 index 0000000..24d8bde --- /dev/null +++ b/support-openeuler-2409.patch @@ -0,0 +1,3317 @@ +From ef0d3dd5a323fd4518c405b4132dbf0d2d2052bf Mon Sep 17 00:00:00 2001 +From: jinlun +Date: Tue, 24 Sep 2024 10:54:10 +0800 +Subject: [PATCH] support openeuler 2409 + +--- + CMakeLists.txt | 5 ++++ + .../service_avahi-daemon_disabled/rule.yml | 2 +- + .../base/service_haveged_enabled/rule.yml | 2 +- + .../file_groupowner_cron_d/rule.yml | 2 +- + .../file_groupowner_cron_daily/rule.yml | 2 +- + .../file_groupowner_cron_hourly/rule.yml | 2 +- + .../file_groupowner_cron_monthly/rule.yml | 2 +- + .../file_groupowner_cron_weekly/rule.yml | 2 +- + .../file_groupowner_crontab/rule.yml | 2 +- + .../cron_and_at/file_owner_cron_d/rule.yml | 2 +- + .../file_owner_cron_daily/rule.yml | 2 +- + .../file_owner_cron_hourly/rule.yml | 2 +- + .../file_owner_cron_monthly/rule.yml | 2 +- + .../file_owner_cron_weekly/rule.yml | 2 +- + .../cron_and_at/file_owner_crontab/rule.yml | 2 +- + .../file_permissions_cron_d/rule.yml | 2 +- + .../file_permissions_cron_daily/rule.yml | 2 +- + .../file_permissions_cron_hourly/rule.yml | 2 +- + .../file_permissions_cron_monthly/rule.yml | 2 +- + .../file_permissions_cron_weekly/rule.yml | 2 +- + .../file_permissions_crontab/rule.yml | 2 +- + .../rule.yml | 2 +- + .../file_at_deny_not_exist/rule.yml | 2 +- + .../file_cron_deny_not_exist/rule.yml | 2 +- + .../file_groupowner_at_allow/rule.yml | 2 +- + .../file_groupowner_cron_allow/rule.yml | 2 +- + .../file_owner_at_allow/rule.yml | 2 +- + .../file_owner_cron_allow/rule.yml | 2 +- + .../file_permissions_at_allow/rule.yml | 2 +- + .../file_permissions_cron_allow/rule.yml | 2 +- + .../service_crond_enabled/rule.yml | 2 +- + .../service_dhcpd_disabled/rule.yml | 2 +- + .../service_named_disabled/rule.yml | 2 +- + .../services/ftp/package_ftp_removed/rule.yml | 2 +- + .../package_httpd_removed/rule.yml | 2 +- + .../package_openldap-clients_removed/rule.yml | 2 +- + .../package_openldap-servers_removed/rule.yml | 2 +- + .../service_rpcbind_disabled/rule.yml | 2 +- + .../service_nfs_disabled/rule.yml | 2 +- + .../rule.yml | 2 +- + .../ntp/ntpd_configure_restrictions/rule.yml | 2 +- + .../nis/package_ypbind_removed/rule.yml | 2 +- + .../nis/package_ypserv_removed/rule.yml | 2 +- + .../obsolete/service_rsyncd_disabled/rule.yml | 4 +-- + .../package_telnet-server_removed/rule.yml | 2 +- + .../telnet/package_telnet_removed/rule.yml | 2 +- + .../tftp/package_tftp-server_removed/rule.yml | 2 +- + .../tftp/package_tftp_removed/rule.yml | 2 +- + .../printing/package_cups_removed/rule.yml | 2 +- + .../package_samba_removed/rule.yml | 2 +- + .../package_net-snmp_removed/rule.yml | 2 +- + .../sshd_configure_correct_interface/rule.yml | 2 +- + .../rule.yml | 2 +- + .../sshd_use_strong_ciphers/rule.yml | 2 +- + .../ssh_server/sshd_use_strong_kex/rule.yml | 2 +- + .../ssh_server/sshd_use_strong_macs/rule.yml | 2 +- + .../sshd_use_strong_pubkey/rule.yml | 2 +- + .../rule.yml | 2 +- + .../xwindows_remove_packages/rule.yml | 2 +- + .../file_groupowner_etc_issue/rule.yml | 2 +- + .../file_groupowner_etc_issue_net/rule.yml | 2 +- + .../file_groupowner_etc_motd/rule.yml | 2 +- + .../file_owner_etc_issue/rule.yml | 2 +- + .../file_owner_etc_issue_net/rule.yml | 2 +- + .../file_owner_etc_motd/rule.yml | 2 +- + .../file_permissions_etc_issue/rule.yml | 2 +- + .../file_permissions_etc_issue_net/rule.yml | 2 +- + .../file_permissions_etc_motd/rule.yml | 2 +- + .../accounts-banners/warning_banners/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../accounts_password_pam_dcredit/rule.yml | 2 +- + .../accounts_password_pam_dictcheck/rule.yml | 2 +- + .../rule.yml | 2 +- + .../accounts_password_pam_lcredit/rule.yml | 2 +- + .../accounts_password_pam_minclass/rule.yml | 2 +- + .../accounts_password_pam_minlen/rule.yml | 2 +- + .../accounts_password_pam_ocredit/rule.yml | 2 +- + .../accounts_password_pam_retry/rule.yml | 2 +- + .../accounts_password_pam_ucredit/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../oval/shared.xml | 2 +- + .../require_emergency_target_auth/rule.yml | 4 +-- + .../service_debug-shell_disabled/rule.yml | 2 +- + .../account_temp_expire_date/rule.yml | 2 +- + .../account_unique_group_id/rule.yml | 2 +- + .../account_unique_id/rule.yml | 2 +- + .../accounts_are_necessary/rule.yml | 2 +- + .../first_logging_change_password/rule.yml | 2 +- + .../group_unique_id/rule.yml | 2 +- + .../group_unique_name/rule.yml | 2 +- + .../login_accounts_are_necessary/rule.yml | 2 +- + .../no_forward_files/rule.yml | 2 +- + .../root_logins/use_pam_wheel_for_su/rule.yml | 2 +- + .../accounts-session/accounts_tmout/rule.yml | 2 +- + .../rule.yml | 2 +- + .../accounts_umask_etc_bashrc/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../audit_rules_login_events_lastlog/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../audit_rules_sudoers/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../auditd_audispd_disk_full_action/rule.yml | 2 +- + .../rule.yml | 2 +- + .../auditd_data_retention_space_left/rule.yml | 2 +- + .../auditing/grub2_audit_argument/rule.yml | 2 +- + .../rule.yml | 2 +- + .../non-uefi/grub2_password/rule.yml | 2 +- + .../uefi/grub2_uefi_password/rule.yml | 2 +- + .../configure_dump_journald_log/rule.yml | 2 +- + .../configure_rsyslog_log_rotate/rule.yml | 2 +- + .../diasable_root_accessing_system/rule.yml | 2 +- + .../rsyslog_cron_logging/rule.yml | 2 +- + .../rsyslog_logging_configured/rule.yml | 2 +- + .../rsyslog_remote_access_monitoring/rule.yml | 2 +- + .../logging/rsyslog_filecreatemode/rule.yml | 2 +- + .../service_firewalld_enabled/rule.yml | 2 +- + .../rule.yml | 2 +- + .../set_firewalld_appropriate_zone/rule.yml | 2 +- + .../rule.yml | 2 +- + .../set_ipv6_loopback_traffic/rule.yml | 2 +- + .../set_loopback_traffic/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../set_iptables_default_rule/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_net_ipv4_tcp_syncookies/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_net_ipv4_ip_forward/rule.yml | 2 +- + .../sysctl_net_ipv4_tcp_fin_timeout/rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_net_ipv4_tcp_timestamps/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../service_nftables_enabled/rule.yml | 2 +- + .../set_nftables_loopback_traffic/rule.yml | 2 +- + .../set_nftables_new_connections/rule.yml | 2 +- + .../kernel_module_sctp_disabled/rule.yml | 2 +- + .../wireless_disable_interfaces/rule.yml | 4 +-- + .../define_ld_lib_path_correctly/rule.yml | 2 +- + .../files/define_path_strictly/rule.yml | 2 +- + .../files/file_empty_link_prohibit/rule.yml | 2 +- + .../file_hidden_executable_prohibit/rule.yml | 2 +- + .../files/file_opened_count_limited/rule.yml | 2 +- + .../files/file_permission_minimum/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../file_permissions_ungroupowned/rule.yml | 2 +- + .../files/no_files_unowned_by_user/rule.yml | 2 +- + .../rule.yml | 2 +- + .../removed_unnecessary_file_mount/rule.yml | 2 +- + .../mount_nodev_mode_partitions/rule.yml | 2 +- + .../mount_noexec_mode_partitions/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../mounted_nosuid_mode_partitions/rule.yml | 2 +- + .../rule.yml | 2 +- + .../coredumps/coredump_limited/rule.yml | 2 +- + .../coredumps/coredump_prohibit/rule.yml | 2 +- + .../rule.yml | 2 +- + .../sysctl_kernel_dmesg_restrict/rule.yml | 2 +- + .../restrictions/sysctl_kernel_sysrq/rule.yml | 2 +- + .../sysctl_kernel_yama_ptrace_scope/rule.yml | 2 +- + .../selinux_confinement_of_daemons/rule.yml | 2 +- + .../selinux/selinux_policytype/rule.yml | 2 +- + .../system/software/debugging_tools/rule.yml | 2 +- + .../rule.yml | 2 +- + .../crypto/configure_crypto_policy/rule.yml | 2 +- + .../configure_ssh_crypto_policy/rule.yml | 2 +- + .../aide/aide_build_database/rule.yml | 2 +- + .../aide/package_aide_installed/rule.yml | 2 +- + .../ima_verification/rule.yml | 2 +- + .../software/network_sniffing_tools/rule.yml | 2 +- + .../polkit/only_root_can_run_pkexec/rule.yml | 2 +- + .../software/su/su_always_set_path/rule.yml | 2 +- + .../rule.yml | 2 +- + .../rule.yml | 2 +- + .../package_python2_removed/rule.yml | 2 +- + .../rule.yml | 2 +- + .../ensure_gpgcheck_never_disabled/rule.yml | 2 +- + products/openeuler2409/CMakeLists.txt | 6 +++++ + products/openeuler2409/product.yml | 20 ++++++++++++++ + .../openeuler2409/profiles/standard.profile | 14 ++++++++++ + .../openeuler2409/transforms/constants.xslt | 9 +++++++ + shared/applicability/package.yml | 2 +- + .../oval/installed_OS_is_openeuler2409.xml | 26 +++++++++++++++++++ + ssg/constants.py | 5 ++-- + 245 files changed, 324 insertions(+), 243 deletions(-) + create mode 100644 products/openeuler2409/CMakeLists.txt + create mode 100644 products/openeuler2409/product.yml + create mode 100644 products/openeuler2409/profiles/standard.profile + create mode 100644 products/openeuler2409/transforms/constants.xslt + create mode 100644 shared/checks/oval/installed_OS_is_openeuler2409.xml + +diff --git a/CMakeLists.txt b/CMakeLists.txt +index d911d05..3e69019 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -85,6 +85,7 @@ option(SSG_PRODUCT_OL8 "If enabled, the Oracle Linux 8 SCAP content will be buil + option(SSG_PRODUCT_OL9 "If enabled, the Oracle Linux 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_OPENEULER2203 "If enabled, the openEuler 22.03 LTS content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_OPENEULER2403 "If enabled, the openEuler 24.03 LTS content will be built" ${SSG_PRODUCT_DEFAULT}) ++option(SSG_PRODUCT_OPENEULER2409 "If enabled, the openEuler 24.09 content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_OPENSUSE "If enabled, the openSUSE SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_RHEL7 "If enabled, the RHEL7 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_RHEL8 "If enabled, the RHEL8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +@@ -281,6 +282,7 @@ message(STATUS "Oracle Linux 8: ${SSG_PRODUCT_OL8}") + message(STATUS "Oracle Linux 9: ${SSG_PRODUCT_OL9}") + message(STATUS "openEuler 22.03 LTS: ${SSG_PRODUCT_OPENEULER2203}") + message(STATUS "openEuler 24.03 LTS: ${SSG_PRODUCT_OPENEULER2403}") ++message(STATUS "openEuler 24.09: ${SSG_PRODUCT_OPENEULER2409}") + message(STATUS "openSUSE: ${SSG_PRODUCT_OPENSUSE}") + message(STATUS "RHEL 7: ${SSG_PRODUCT_RHEL7}") + message(STATUS "RHEL 8: ${SSG_PRODUCT_RHEL8}") +@@ -384,6 +386,9 @@ endif() + if (SSG_PRODUCT_OPENEULER2403) + add_subdirectory("products/openeuler2403" "openeuler2403") + endif() ++if (SSG_PRODUCT_OPENEULER2409) ++ add_subdirectory("products/openeuler2409" "openeuler2409") ++endif() + if (SSG_PRODUCT_OPENSUSE) + add_subdirectory("products/opensuse" "opensuse") + endif() +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +index e799bae..726d350 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Avahi Server Software' + +diff --git a/linux_os/guide/services/base/service_haveged_enabled/rule.yml b/linux_os/guide/services/base/service_haveged_enabled/rule.yml +index d05b072..e08a0c2 100644 +--- a/linux_os/guide/services/base/service_haveged_enabled/rule.yml ++++ b/linux_os/guide/services/base/service_haveged_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Enable haveged service' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +index e63cf34..e5b176d 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +index 226d9c8..9e04bbd 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +index 9065a84..dfe3422 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +index 35a16a3..2221c9d 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +index 7eadb97..08dd3e4 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +index 6e39d76..dca63af 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns Crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +index 1cc18db..3249232 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +index 0a448d8..9a7040c 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +index f9130b7..637550f 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +index 05ace52..bf470a0 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +index 51f3d9b..64ef1c5 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +index e5e1357..5a4aff1 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Owner on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +index 4dcd062..9107487 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +index f2a3301..368d2e0 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +index 48b5bcc..bd351bf 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +index 3da1b9e..0291745 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +index b382c42..49e5e1f 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +index 777a0f1..a5c9fa5 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/no_lowprivilege_users_writeable_cmds_in_crontab_file/rule.yml b/linux_os/guide/services/cron_and_at/no_lowprivilege_users_writeable_cmds_in_crontab_file/rule.yml +index 6f85e31..04d823d 100644 +--- a/linux_os/guide/services/cron_and_at/no_lowprivilege_users_writeable_cmds_in_crontab_file/rule.yml ++++ b/linux_os/guide/services/cron_and_at/no_lowprivilege_users_writeable_cmds_in_crontab_file/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure All Commands/Bashes In Crontab File Are Not Writeable By Low-privilege Users' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +index 18a9520..22bde6b 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 + + title: 'Ensure that /etc/at.deny does not exist' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +index 9eed643..6c60edf 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 + + title: 'Ensure that /etc/cron.deny does not exist' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +index c0821cd..818042b 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,openeuler2409,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +index 1fb33f6..ad88613 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml +index 20b64ab..e2e629e 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,openeuler2409,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify User Who Owns /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +index 0eae2e6..80a53c0 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify User Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +index 30b6553..ecdac4e 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,openeuler2409,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +index 1961b9a..a87d7c6 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Permissions on /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +index 3a3c6d1..3307e31 100644 +--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Enable cron Service' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +index b8324bf..fa4a70d 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable DHCP Service' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +index 1387845..dbdc7a2 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable named Service' + +diff --git a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml +index ea1c772..0061471 100644 +--- a/linux_os/guide/services/ftp/package_ftp_removed/rule.yml ++++ b/linux_os/guide/services/ftp/package_ftp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,rhel9 ++prodtype: openeuler2203,openeuler2403,openeuler2409,rhel9 + + title: 'Remove ftp Package' + +diff --git a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +index 07543b0..aef4c77 100644 +--- a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Uninstall httpd Package' + +diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +index 6644f7d..f8a9593 100644 +--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +@@ -8,7 +8,7 @@ + + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 + + title: 'Ensure LDAP client is not installed' + +diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +index 828d36d..dcc2fb3 100644 +--- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +@@ -11,7 +11,7 @@ + + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 ++prodtype: openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 + + title: 'Uninstall openldap-servers Package' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +index fd41721..abb814d 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable rpcbind Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +index 8cdd594..777bed3 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable Network File System (nfs)' + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +index 6a2919f..9703ece 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhv4 ++prodtype: alinux2,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhv4 + + title: 'Specify a Remote NTP Server' + +diff --git a/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml b/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml +index e4a62cb..13fd2d5 100644 +--- a/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml ++++ b/linux_os/guide/services/ntp/ntpd_configure_restrictions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,openeuler2203,openeuler2403,rhel7,sle12,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,sle12,ubuntu2004,ubuntu2204 + + title: 'Configure server restrictions for ntpd' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +index 5f79ef7..da0c276 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Remove NIS Client' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +index 359340e..6522057 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Uninstall ypserv Package' + +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +index eb67850..051fcdc 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure rsyncd service is disabled' + +@@ -48,4 +48,4 @@ template: + packagename@sle12: rsync + packagename@sle15: rsync + packagename@openeuler2203: rsync +- packagename@openeuler2403: rsync ++ packagename@openeuler2403,openeuler2409: rsync +diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +index 26848b4..ed9b46c 100644 +--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Uninstall telnet-server Package' + +diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +index 8c77862..0c5e05d 100644 +--- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Remove telnet Clients' + +diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +index 60c05ed..7a43c09 100644 +--- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Uninstall tftp-server Package' + +diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +index 6c078d3..f2fe02d 100644 +--- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Remove tftp Daemon' + +diff --git a/linux_os/guide/services/printing/package_cups_removed/rule.yml b/linux_os/guide/services/printing/package_cups_removed/rule.yml +index e6e13cf..b56ed6f 100644 +--- a/linux_os/guide/services/printing/package_cups_removed/rule.yml ++++ b/linux_os/guide/services/printing/package_cups_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Uninstall CUPS Package' + +diff --git a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +index 2b8ef03..9552574 100644 +--- a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Uninstall Samba Package' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +index aaf1c94..94a6b13 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian11,fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: debian10,debian11,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Uninstall net-snmp Package' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_configure_correct_interface/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_configure_correct_interface/rule.yml +index 8f1cfb7..4cedb67 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_configure_correct_interface/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_configure_correct_interface/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'SSH service interface should be configured correctly' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/rule.yml +index d2fa631..6e4d77f 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_prohibit_preset_authorized_keys/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Prohibit SSH service pre setting authorized_Keys' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml +index 3e32b5e..afafc95 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,openeuler2203,openeuler2403,rhel7,sle12,sle15,ubuntu2204 ++prodtype: ol7,openeuler2203,openeuler2403,openeuler2409,rhel7,sle12,sle15,ubuntu2204 + + title: 'Use Only Strong Ciphers' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml +index a928355..4bc42ca 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_kex/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler2203,openeuler2403,openeuler2409,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Use Only Strong Key Exchange algorithms' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml +index c9e4f13..ca6511a 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,openeuler2203,openeuler2403,rhel7,sle12,sle15,ubuntu2204 ++prodtype: ol7,openeuler2203,openeuler2403,openeuler2409,rhel7,sle12,sle15,ubuntu2204 + + title: 'Use Only Strong MACs' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_pubkey/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_pubkey/rule.yml +index 78c7e55..cba935a 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_pubkey/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_pubkey/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Use Only Strong Algorithms For Public Key' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +index 5af9d26..c690ca3 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Remove the X Windows Package Group' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml +index eb84592..a89b2ff 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disable graphical user interface' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +index ce9a463..a5864b1 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml +index be54b97..a0dac46 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Ownership of System Login Banner for Remote Connections' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +index 90ef7e1..a46b83b 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify Group Ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +index 0f8b6e1..e56920c 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml +index 8efa940..96d315a 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify ownership of System Login Banner for Remote Connections' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +index 954946b..7f49e01 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +index a7b4364..b0f9d99 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify permissions on System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml +index 02b69cb..ab1b6bd 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify permissions on System Login Banner for Remote Connections' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +index 0038c14..29a700d 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify permissions on Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/warning_banners/rule.yml b/linux_os/guide/system/accounts/accounts-banners/warning_banners/rule.yml +index 548b47b..8da2087 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/warning_banners/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/warning_banners/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Check Warning Banners Correctly' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +index 2118833..dba0e5f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Limit Password Reuse' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +index d1d77f0..6038ae0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,ubuntu2204 + + title: 'Lock Accounts After Failed Password Attempts' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +index 6022dcd..95a01ff 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,ubuntu2204 + + title: 'Set Lockout Time for Failed Password Attempts' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +index 5843fd2..abc269d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +index 6ec6fba..193733a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,openeuler2203,openeuler2403,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel8,rhel9,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +index 15f4617..6822531 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol9,openeuler2203,openeuler2403,rhel8,rhel9 ++prodtype: fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel8,rhel9 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for root User' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +index 4de04a1..79e0a4a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +index d0c33ab..a3eebfb 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +index 6a9b551..ea66e19 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Length' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +index 89fd371..c8cabb2 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +index c3052a0..1278a9e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +index 5b4041c..cb13b47 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +index 786e396..6535310 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: "Set PAM''s Password Hashing Algorithm - password-auth" + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +index 803ad40..ad091b9 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: "Set PAM''s Password Hashing Algorithm" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +index db7fcbe..79fed9f 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +@@ -36,7 +36,7 @@ + + + /usr/lib/systemd/system/emergency.service +- {{%- if product in ["fedora", "ol8", "ol9", "openeuler2203", "openeuler2403", "rhel8", "rhel9", "sle12", "sle15"] -%}} ++ {{%- if product in ["fedora", "ol8", "ol9", "openeuler2203", "openeuler2403", "openeuler2403", "rhel8", "rhel9", "sle12", "sle15"] -%}} + ^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency + {{%- else -%}} + ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +index ec50db1..f0d1d3a 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Require Authentication for Emergency Systemd Target' + +@@ -86,7 +86,7 @@ fixtext: |- + Configure {{{ full_name }}} to require authentication for system emergency mode. + + Add or edit the following line in "/usr/lib/systemd/system/emergency.service": +- {{% if product in ["fedora", "ol8", "ol9", "openeuler2203", "openeuler2403", "rhel8", "rhel9", "sle12", "sle15"] -%}} ++ {{% if product in ["fedora", "ol8", "ol9", "openeuler2203", "openeuler2403,openeuler2409", "rhel8", "rhel9", "sle12", "sle15"] -%}} + ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency + {{%- else -%}} + ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" +diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +index 7f9c4dc..f472fd8 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 + + title: 'Disable debug-shell SystemD Service' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +index 0493d9e..a8f4293 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Assign Expiration Date to Temporary Accounts' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_group_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_group_id/rule.yml +index c86e51a..5f2ba40 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_group_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_group_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure All Accounts on the System Have Unique Master Group IDs' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +index aca9ef5..7029484 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Accounts on the System Have Unique User IDs' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_are_necessary/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_are_necessary/rule.yml +index 0216da2..04cea98 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_are_necessary/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_are_necessary/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'All Accounts Are Necessary' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/first_logging_change_password/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/first_logging_change_password/rule.yml +index cf86e46..f4e82ac 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/first_logging_change_password/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/first_logging_change_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure that the account is forced to change the password when logging in for the first time' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +index 0cb8d6e..7dbad8c 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Groups on the System Have Unique Group ID' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +index e1da489..49b33f3 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,rhel7,rhel8,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Groups on the System Have Unique Group Names' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/login_accounts_are_necessary/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/login_accounts_are_necessary/rule.yml +index 31e29c7..cbed81b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/login_accounts_are_necessary/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/login_accounts_are_necessary/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'All Login Accounts Are Necessary' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml +index fc64d11..2e46798 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Verify No .forward Files Exist' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +index 3f33979..880c941 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Enforce usage of pam_wheel for su authentication' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +index 1b6a66f..0527904 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set Interactive Session Timeout' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +index a4f4432..04dcbc8 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'All Interactive Users Home Directories Must Exist' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +index 1148bf9..ff06037 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure the Default Bash Umask is Set Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +index 1dbd420..17ea63a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle15 + + title: 'Record Successful Permission Changes to Files - chmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +index 7996a8f..ee09ebd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Ownership Changes to Files - chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +index c62a171..7cffbb0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +index c839def..76ea6e3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmodat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +index f4eb579..8f79fa8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +index 545979e..466c8df 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchownat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +index 090ecb1..eef0653 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - fremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +index be1e1fa..5d8a3d0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - fsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +index d313b57..a958ec8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Ownership Changes to Files - lchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +index b424556..09a87d5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - lremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +index c72f4ad..782f352 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - lsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +index 14ed330..29a3fe8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - removexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +index 5f29767..7c71788 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Delete Attempts to Files - rename' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +index 44bf9e0..513a4ad 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Delete Attempts to Files - renameat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +index b167733..2c48f99 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - setxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +index cb411e5..109ab59 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlink' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +index 86bab31..bc87535 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlinkat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +index cc33a91..a501804 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +index b873f49..961d89c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - creat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +index 50b9592..58b0524 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - ftruncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +index 083feb4..26b3efc 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - open' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +index cb62dd9..2a47a90 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +index aad0d0f..48f4940 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - openat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +index 8f68d62..82fd83e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Unsuccessful Access Attempts to Files - truncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +index 368747c..e6a40d1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +index 47b8db1..76bdea1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +index 7c0230d..1629736 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +index dc25542..21ce040 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +index 006e96e..20465ac 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Attempts to Alter Logon and Logout Events - lastlog' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privilege_escalation_command/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privilege_escalation_command/rule.yml +index 7cb6620..ad8885e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privilege_escalation_command/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privilege_escalation_command/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Privilege escalation command audit rules should be configured' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml +index 0b0e0bc..906449e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,openeuler2203,openeuler2403,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - insmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml +index b4d6fb5..5621e1c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,openeuler2203,openeuler2403,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - modprobe' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml +index 8849eb0..eeae485 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,openeuler2203,openeuler2403,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,openeuler2203,openeuler2403,openeuler2409,rhel7,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - rmmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +index e8da204..c19932f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +index 6a1e04e..eceb4cb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,openeuler2203,openeuler2403,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel8,rhel9 + + title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +index b2d42c5..ab59248 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Events that Modify User/Group Information - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +index f502455..b340c90 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Events that Modify User/Group Information - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +index c35d421..5d35398 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Events that Modify User/Group Information - /etc/security/opasswd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +index cf91038..facee6b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Events that Modify User/Group Information - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +index b5e3762..4e1a456 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Record Events that Modify User/Group Information - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml +index 10032fa..a573090 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Configure audispd''s Plugin disk_full_action When Disk Is Full' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml +index 91c9cb9..7f62023 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204 + + title: 'Configure auditd admin_space_left on Low Disk Space' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +index a8fe5c7..c4c571c 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Configure auditd space_left on Low Disk Space' + +diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +index 1b9abe0..94b95ff 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml ++++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon' + +diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +index 6e3aeb6..992b4d9 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml ++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Extend Audit Backlog Limit for the Audit Daemon' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +index 21f343b..3a8fca2 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set Boot Loader Password in grub2' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +index d749483..29ca836 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Set the UEFI Boot Loader Password' + +diff --git a/linux_os/guide/system/logging/configure_dump_journald_log/rule.yml b/linux_os/guide/system/logging/configure_dump_journald_log/rule.yml +index 6121f9c..bd2bff3 100644 +--- a/linux_os/guide/system/logging/configure_dump_journald_log/rule.yml ++++ b/linux_os/guide/system/logging/configure_dump_journald_log/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Make sure rsyslog dump journald log is configured' + +diff --git a/linux_os/guide/system/logging/configure_rsyslog_log_rotate/rule.yml b/linux_os/guide/system/logging/configure_rsyslog_log_rotate/rule.yml +index 318493d..b115c84 100644 +--- a/linux_os/guide/system/logging/configure_rsyslog_log_rotate/rule.yml ++++ b/linux_os/guide/system/logging/configure_rsyslog_log_rotate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure that Rsyslog log rotate is configured' + +diff --git a/linux_os/guide/system/logging/diasable_root_accessing_system/rule.yml b/linux_os/guide/system/logging/diasable_root_accessing_system/rule.yml +index 400c2e3..b07590d 100644 +--- a/linux_os/guide/system/logging/diasable_root_accessing_system/rule.yml ++++ b/linux_os/guide/system/logging/diasable_root_accessing_system/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Prevent root users from accessing the system locally' + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml +index 6755b6a..794bf8c 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4 + + title: 'Ensure cron Is Logging To Rsyslog' + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml +index 47aeef5..c98b658 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Ensure logging is configured' + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml +index 1588359..d934404 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,openeuler2203,openeuler2403,rhel8,rhel9,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel8,rhel9,ubuntu2004,ubuntu2204 + + title: 'Ensure remote access methods are monitored in Rsyslog' + +diff --git a/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml b/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml +index b79c97c..b048d18 100644 +--- a/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml ++++ b/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204 ++prodtype: openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204 + + title: 'Ensure rsyslog Default File Permissions Configured' + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +index 18b3db5..89e5ca4 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Verify firewalld Enabled' + +diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone_openeuler/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone_openeuler/rule.yml +index df9cd73..bd08483 100644 +--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone_openeuler/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone_openeuler/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Set Default firewalld Zone for Incoming Packets' + +diff --git a/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml +index 6a5355a..50c6936 100644 +--- a/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,openeuler2203,openeuler2403,sle15 ++prodtype: rhel7,rhel8,openeuler2203,openeuler2403,openeuler2409,sle15 + + title: 'Ensure network interfaces are assigned to appropriate zone' + +diff --git a/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml b/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml +index 1f93b40..5d7aaa7 100644 +--- a/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/unnecessary_firewalld_services_ports_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,sle15 ++prodtype: openeuler2203,openeuler2403,openeuler2409,sle15 + + title: 'Ensure Unnecessary Services and Ports Are Not Accepted' + +diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml +index 6b48b47..8a70d12 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml ++++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_ipv6_loopback_traffic/rule.yml +@@ -16,7 +16,7 @@ rationale: |- + + severity: medium + +-{{% if product in ['openeuler2203','openeuler2403'] %}} ++{{% if product in ['openeuler2203','openeuler2403,openeuler2409'] %}} + platform: machine + {{% else %}} + platform: not package[nftables] and not package[ufw] +diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml +index f865914..b167c8c 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml ++++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml +@@ -16,7 +16,7 @@ rationale: |- + + severity: medium + +-{{% if product in ['openeuler2203','openeuler2403'] %}} ++{{% if product in ['openeuler2203','openeuler2403,openeuler2409'] %}} + platform: machine + {{% else %}} + platform: not package[nftables] and not package[ufw] +diff --git a/linux_os/guide/system/network/network-iptables/iptables_input_policy_configured_corrently/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_input_policy_configured_corrently/rule.yml +index 70f713e..b1fc8d9 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_input_policy_configured_corrently/rule.yml ++++ b/linux_os/guide/system/network/network-iptables/iptables_input_policy_configured_corrently/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure that the iptables input policy configuration is correct' + +diff --git a/linux_os/guide/system/network/network-iptables/iptables_output_policy_configured_corrently/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_output_policy_configured_corrently/rule.yml +index 56ad54c..fc031d1 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_output_policy_configured_corrently/rule.yml ++++ b/linux_os/guide/system/network/network-iptables/iptables_output_policy_configured_corrently/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure that the iptables output policy configuration is correct' + +diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule/rule.yml +index 92368e4..4928132 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule/rule.yml ++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_default_rule/rule.yml +@@ -18,7 +18,7 @@ rationale: |- + + severity: medium + +-{{% if product in ['openeuler2203','openeuler2403'] %}} ++{{% if product in ['openeuler2203','openeuler2403,openeuler2409'] %}} + platform: machine + {{% else %}} + platform: not package[nftables] and not package[ufw] +diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml +index 34663ba..9a9768c 100644 +--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml ++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/set_iptables_outbound_n_established/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,sle12,sle15 ++prodtype: openeuler2203,openeuler2403,openeuler2409,sle12,sle15 + + title: 'Ensure Outbound and Established Connections are Configured' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +index f05d2c9..90a47b6 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +index 10100f3..d24d3ad 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +index d155c12..432ebdf 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for IPv6 Forwarding' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +index 2a54324..577abec 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +index efd7d4a..71c8fbb 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +index af51919..f614681 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +index 0de28f3..b8c72a9 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_proxy_arp/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_proxy_arp/rule.yml +index 7ae68d8..d5c3b2c 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_proxy_arp/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_proxy_arp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Disable Kernel Parameter for ARP Proxy' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +index 95bf511..289756b 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +index a0aa7cf..41e83b8 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +index d7dcd8a..532f4e3 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +index 7e7e254..69b441e 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_proxy_arp/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_proxy_arp/rule.yml +index 6b77815..7e796c0 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_proxy_arp/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_proxy_arp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Disable Kernel Parameter for ARP Proxy by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +index ac4ed33..180255b 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +index c41f654..90fb7ba 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_all/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_all/rule.yml +index 6d80ef3..69fad03 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_all/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_all/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Set Kernel Parameter for Ignoring All ICMP' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +index bccfe90..016b485 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +index 1b1b6a0..a5892c0 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +index 274288f..07353d5 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +index ab99ff1..4012850 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +index f73277a..7a4e8bc 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +index 1c6493e..1cb65df 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_fin_timeout/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_fin_timeout/rule.yml +index 2c1681d..f328ab2 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_fin_timeout/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_fin_timeout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Set Kernel Parameter for TCP TIME_WAIT' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_max_syn_backlog/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_max_syn_backlog/rule.yml +index 89391a7..a9e79f7 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_max_syn_backlog/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_max_syn_backlog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Set Kernel Parameter for TCP SYN_RECV' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_timestamps/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_timestamps/rule.yml +index ec7d3af..e076eae 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_timestamps/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_tcp_timestamps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Disable Kernel Parameter for TCP Timestamps' + +diff --git a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml +index f9f161a..ad70d85 100644 +--- a/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/nftables_ensure_default_deny_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler2203,openeuler2403,openeuler2409,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure nftables Default Deny Firewall Policy' + +diff --git a/linux_os/guide/system/network/network-nftables/nftables_input_policy_configured_corrently/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_input_policy_configured_corrently/rule.yml +index f5091bf..599ecd9 100644 +--- a/linux_os/guide/system/network/network-nftables/nftables_input_policy_configured_corrently/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/nftables_input_policy_configured_corrently/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Configure nftables input strategy' + +diff --git a/linux_os/guide/system/network/network-nftables/nftables_output_policy_configured_corrently/rule.yml b/linux_os/guide/system/network/network-nftables/nftables_output_policy_configured_corrently/rule.yml +index ad82a61..f7b0a13 100644 +--- a/linux_os/guide/system/network/network-nftables/nftables_output_policy_configured_corrently/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/nftables_output_policy_configured_corrently/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Configure nftables output strategy' + +diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml +index 56204f9..d213e08 100644 +--- a/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,rhel7,rhel8,sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,sle15,ubuntu2004,ubuntu2204 + + title: 'Verify nftables Service is Enabled' + +diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml +index 6f9d562..dc553a7 100644 +--- a/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/set_nftables_loopback_traffic/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,sle15,ubuntu2004,ubuntu2204 ++prodtype: openeuler2203,openeuler2403,openeuler2409,sle15,ubuntu2004,ubuntu2204 + + title: 'Set nftables Configuration for Loopback Traffic' + +diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml +index 5adafb8..2f4dfe3 100644 +--- a/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml ++++ b/linux_os/guide/system/network/network-nftables/set_nftables_new_connections/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403,sle15 ++prodtype: openeuler2203,openeuler2403,openeuler2409,sle15 + + title: 'Ensure all outbound and established connections are configured for nftables' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +index f03402b..a9caf9b 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable SCTP Support' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +index 3a17566..a4ae73a 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Deactivate Wireless Network Interfaces' + +@@ -117,7 +117,7 @@ fixtext: |- + + srg_requirement: '{{{ full_name }}} wireless network adapters must be disabled.' + +-{{% if product in ['openeuler2203','openeuler2403'] %}} ++{{% if product in ['openeuler2203','openeuler2403,openeuler2409'] %}} + platform: machine + {{% else %}} + platform: wifi-iface +diff --git a/linux_os/guide/system/permissions/files/define_ld_lib_path_correctly/rule.yml b/linux_os/guide/system/permissions/files/define_ld_lib_path_correctly/rule.yml +index c0ab21e..50a4f88 100644 +--- a/linux_os/guide/system/permissions/files/define_ld_lib_path_correctly/rule.yml ++++ b/linux_os/guide/system/permissions/files/define_ld_lib_path_correctly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Make sure the LD_LIBRARY_PATH variable is defined correctly' + +diff --git a/linux_os/guide/system/permissions/files/define_path_strictly/rule.yml b/linux_os/guide/system/permissions/files/define_path_strictly/rule.yml +index d9735e8..1205aa1 100644 +--- a/linux_os/guide/system/permissions/files/define_path_strictly/rule.yml ++++ b/linux_os/guide/system/permissions/files/define_path_strictly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure the user PATH variable is strictly defined' + +diff --git a/linux_os/guide/system/permissions/files/file_empty_link_prohibit/rule.yml b/linux_os/guide/system/permissions/files/file_empty_link_prohibit/rule.yml +index fd6551d..bf5d075 100644 +--- a/linux_os/guide/system/permissions/files/file_empty_link_prohibit/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_empty_link_prohibit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Empty link files are prohibited' + +diff --git a/linux_os/guide/system/permissions/files/file_hidden_executable_prohibit/rule.yml b/linux_os/guide/system/permissions/files/file_hidden_executable_prohibit/rule.yml +index 6200a9c..623b033 100644 +--- a/linux_os/guide/system/permissions/files/file_hidden_executable_prohibit/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_hidden_executable_prohibit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Disallow hidden executable files' + +diff --git a/linux_os/guide/system/permissions/files/file_opened_count_limited/rule.yml b/linux_os/guide/system/permissions/files/file_opened_count_limited/rule.yml +index 1875b4f..935aa8c 100644 +--- a/linux_os/guide/system/permissions/files/file_opened_count_limited/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_opened_count_limited/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Opened Files Count Limited' + +diff --git a/linux_os/guide/system/permissions/files/file_permission_minimum/rule.yml b/linux_os/guide/system/permissions/files/file_permission_minimum/rule.yml +index 910e607..556100e 100644 +--- a/linux_os/guide/system/permissions/files/file_permission_minimum/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permission_minimum/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure All Files Have Minimum Permission' + +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +index a85c072..827d6dd 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SGID Executables Are Authorized' + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,uos20 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,uos20 + + description: |- + The SGID (set group id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +index 58dc69a..caa6776 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SUID Executables Are Authorized' + +-prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15,uos20 ++prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15,uos20 + + description: |- + The SUID (set user id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +index 936873d..722802b 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Files Are Owned by a Group' + +diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +index f9af42a..356452d 100644 +--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml ++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Ensure All Files Are Owned by a User' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +index ed7412f..b52459b 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Disable Modprobe Loading of USB Storage Driver' + +diff --git a/linux_os/guide/system/permissions/mounting/removed_unnecessary_file_mount/rule.yml b/linux_os/guide/system/permissions/mounting/removed_unnecessary_file_mount/rule.yml +index a58f76c..43ab6c0 100644 +--- a/linux_os/guide/system/permissions/mounting/removed_unnecessary_file_mount/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/removed_unnecessary_file_mount/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure that unneeded file system mount is removed' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_nodev_mode_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_nodev_mode_partitions/rule.yml +index 58292b1..36f7690 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_nodev_mode_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_nodev_mode_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Mounting in nodev mode does not require mounting the device' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_noexec_mode_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_noexec_mode_partitions/rule.yml +index 3c890df..6ccb603 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_noexec_mode_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_noexec_mode_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Mount a partition without executable files in noexec mode' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_only_no_modified_partitionsread/rule.yml b/linux_os/guide/system/permissions/partitions/mount_only_no_modified_partitionsread/rule.yml +index ee56ae3..2d913cc 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_only_no_modified_partitionsread/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_only_no_modified_partitionsread/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Partitions that do not need to be modified are mounted read-only.' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml +index 327c297..923e8c8 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804 + + title: 'Add nodev Option to Removable Media Partitions' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml +index d47a355..2cabdd7 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804 + + title: 'Add noexec Option to Removable Media Partitions' + +diff --git a/linux_os/guide/system/permissions/partitions/mounted_nosuid_mode_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mounted_nosuid_mode_partitions/rule.yml +index fe80bca..8235b81 100644 +--- a/linux_os/guide/system/permissions/partitions/mounted_nosuid_mode_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mounted_nosuid_mode_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Make sure partitions that do not require SUID/SGID are mounted in nosuid mode' + +diff --git a/linux_os/guide/system/permissions/partitions/partitions_manage_hard_drive_data/rule.yml b/linux_os/guide/system/permissions/partitions/partitions_manage_hard_drive_data/rule.yml +index eaf1b4f..9353df9 100644 +--- a/linux_os/guide/system/permissions/partitions/partitions_manage_hard_drive_data/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/partitions_manage_hard_drive_data/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Hard drive data should be managed in partitions' + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_limited/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_limited/rule.yml +index d8928f5..a63005f 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_limited/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_limited/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Limit the use of coredump' + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_prohibit/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_prohibit/rule.yml +index 4fca98e..6ebe701 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_prohibit/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_prohibit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Use of coredumps is prohibited' + +diff --git a/linux_os/guide/system/permissions/restrictions/historical_command_records_limited/rule.yml b/linux_os/guide/system/permissions/restrictions/historical_command_records_limited/rule.yml +index 2a03f2f..1cdc812 100644 +--- a/linux_os/guide/system/permissions/restrictions/historical_command_records_limited/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/historical_command_records_limited/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Limit the number of historical command records' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +index e122550..ed4759f 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Restrict Access to Kernel Message Buffer' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml +index 4df4480..bd20286 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Disallow magic SysRq key' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml +index 7e5b67a..a43428e 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 + + title: 'Restrict usage of ptrace to descendant processes' + +diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml +index 8b5667b..9e5c893 100644 +--- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 + + title: 'Ensure No Daemons are Unconfined by SELinux' + +diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml +index d9abd2d..12a3d61 100644 +--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Configure SELinux Policy' + +diff --git a/linux_os/guide/system/software/debugging_tools/rule.yml b/linux_os/guide/system/software/debugging_tools/rule.yml +index 077064a..c1e28b3 100644 +--- a/linux_os/guide/system/software/debugging_tools/rule.yml ++++ b/linux_os/guide/system/software/debugging_tools/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'uninstall debugging tools' + +diff --git a/linux_os/guide/system/software/development_and_compliation_tools/rule.yml b/linux_os/guide/system/software/development_and_compliation_tools/rule.yml +index 8e9adb1..7c05199 100644 +--- a/linux_os/guide/system/software/development_and_compliation_tools/rule.yml ++++ b/linux_os/guide/system/software/development_and_compliation_tools/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Uninstall development and compilation tools' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +index cb37065..a5fe095 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 + + title: 'Configure System Cryptography Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +index 1b82841..4e31bbc 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20,openeuler2203,openeuler2403 ++prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20,openeuler2203,openeuler2403,openeuler2409 + + title: 'Configure SSH to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml +index 9f1d220..76911e6 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Build and Test AIDE Database' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +index ea14229..29e8110 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Install AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/ima_verification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/ima_verification/rule.yml +index 5e03b6d..2cb3a89 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/ima_verification/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/ima_verification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'IMA metrics should be enabled' + +diff --git a/linux_os/guide/system/software/network_sniffing_tools/rule.yml b/linux_os/guide/system/software/network_sniffing_tools/rule.yml +index c4deefd..fc38056 100644 +--- a/linux_os/guide/system/software/network_sniffing_tools/rule.yml ++++ b/linux_os/guide/system/software/network_sniffing_tools/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Uninstall network sniffing Package' + +diff --git a/linux_os/guide/system/software/polkit/only_root_can_run_pkexec/rule.yml b/linux_os/guide/system/software/polkit/only_root_can_run_pkexec/rule.yml +index a4c1ebb..e75dc72 100644 +--- a/linux_os/guide/system/software/polkit/only_root_can_run_pkexec/rule.yml ++++ b/linux_os/guide/system/software/polkit/only_root_can_run_pkexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure Only Root Can Run The Command of Pkexec' + +diff --git a/linux_os/guide/system/software/su/su_always_set_path/rule.yml b/linux_os/guide/system/software/su/su_always_set_path/rule.yml +index 9249bfe..8b6eb9e 100644 +--- a/linux_os/guide/system/software/su/su_always_set_path/rule.yml ++++ b/linux_os/guide/system/software/su/su_always_set_path/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Ensure Always Set Path is Set to YES' + +diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml +index 5fc764b..c577ca1 100644 +--- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'The operating system must restrict privilege elevation to authorized personnel' + +-prodtype: ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,sle12,sle15 + + description: |- + The sudo command allows a user to execute programs with elevated +diff --git a/linux_os/guide/system/software/sudo/sudoers_disable_low_privileged_configure/rule.yml b/linux_os/guide/system/software/sudo/sudoers_disable_low_privileged_configure/rule.yml +index f73c428..e8ab562 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_disable_low_privileged_configure/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudoers_disable_low_privileged_configure/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Make sure sudoers cannot configure scripts writable by low-privileged users' + +diff --git a/linux_os/guide/system/software/system-tools/package_python2_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_python2_removed/rule.yml +index a3826b8..8ed06bf 100644 +--- a/linux_os/guide/system/software/system-tools/package_python2_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_python2_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: openeuler2203,openeuler2403 ++prodtype: openeuler2203,openeuler2403,openeuler2409 + + title: 'Uninstall All Python2 Packages' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +index 26b59e9..04606a5 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 + + title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +index 8e059b0..2ccdd63 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,fedora,ol7,ol8,ol9,openeuler2203,openeuler2403,openeuler2409,rhel7,rhel8,rhel9,rhv4,sle12,sle15 + + title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories' + +diff --git a/products/openeuler2409/CMakeLists.txt b/products/openeuler2409/CMakeLists.txt +new file mode 100644 +index 0000000..4aa4fa0 +--- /dev/null ++++ b/products/openeuler2409/CMakeLists.txt +@@ -0,0 +1,6 @@ ++# Sometimes our users will try to do: "cd openeuler; cmake ." That needs to error in a nice way. ++if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") ++ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") ++endif() ++ ++ssg_build_product("openeuler2409") +diff --git a/products/openeuler2409/product.yml b/products/openeuler2409/product.yml +new file mode 100644 +index 0000000..b990673 +--- /dev/null ++++ b/products/openeuler2409/product.yml +@@ -0,0 +1,20 @@ ++product: openeuler2409 ++full_name: openEuler2409 ++type: platform ++ ++benchmark_id: OPENEULER2409 ++benchmark_root: "../../linux_os/guide" ++ ++profiles_root: "./profiles" ++ ++pkg_manager: "dnf" ++pkg_manager_config_file: "/etc/yum.conf" ++ ++init_system: "systemd" ++ ++cpes_root: "../../shared/applicability" ++cpes: ++ - openeuler2409: ++ name: "cpe:/o:openEuler:openEuler:24.09:ga:server" ++ title: "openEuler 24.09" ++ check_id: installed_OS_is_openeuler2409 +diff --git a/products/openeuler2409/profiles/standard.profile b/products/openeuler2409/profiles/standard.profile +new file mode 100644 +index 0000000..e4e9450 +--- /dev/null ++++ b/products/openeuler2409/profiles/standard.profile +@@ -0,0 +1,14 @@ ++documentation_complete: true ++ ++metadata: ++ version: 1.0 ++ ++title: 'Standard System Security Profile for openEuler' ++ ++description: |- ++ This profile contains rules to ensure standard security baseline ++ of all openEuler systems. Regardless of your system's workload ++ all of these checks should pass. ++ ++selections: ++ - std_openeuler:all:base +diff --git a/products/openeuler2409/transforms/constants.xslt b/products/openeuler2409/transforms/constants.xslt +new file mode 100644 +index 0000000..ea5cbb7 +--- /dev/null ++++ b/products/openeuler2409/transforms/constants.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++openEuler2409 ++openEuler2409 ++openeuler2409 ++ ++ +diff --git a/shared/applicability/package.yml b/shared/applicability/package.yml +index 8df916e..25930a0 100644 +--- a/shared/applicability/package.yml ++++ b/shared/applicability/package.yml +@@ -49,7 +49,7 @@ args: + pkgname: postfix + shadow-utils: + {{% if pkg_system == "rpm" %}} +- {{% if product in ["openeuler2203", "openeuler2403", "sle12", "sle15"] %}} ++ {{% if product in ["openeuler2203", "openeuler2403", "openeuler2409", "sle12", "sle15"] %}} + pkgname: shadow + {{% else %}} + pkgname: shadow-utils +diff --git a/shared/checks/oval/installed_OS_is_openeuler2409.xml b/shared/checks/oval/installed_OS_is_openeuler2409.xml +new file mode 100644 +index 0000000..4a58fa7 +--- /dev/null ++++ b/shared/checks/oval/installed_OS_is_openeuler2409.xml +@@ -0,0 +1,26 @@ ++ ++ ++ ++ openEuler ++ ++ multi_platform_all ++ ++ The operating system installed on the system is openEuler 24.09 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ^24\.09.*$ ++ ++ ++ openEuler-release ++ ++ ++ +diff --git a/ssg/constants.py b/ssg/constants.py +index ff5bb02..cb5db8a 100644 +--- a/ssg/constants.py ++++ b/ssg/constants.py +@@ -50,7 +50,7 @@ product_directories = [ + 'ocp4', + 'rhcos4', + 'ol7', 'ol8', 'ol9', +- 'openeuler2203', 'openeuler2403', ++ 'openeuler2203', 'openeuler2403', 'openeuler2409', + 'opensuse', + 'rhel7', 'rhel8', 'rhel9', + 'rhv4', +@@ -210,6 +210,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = { + "Oracle Linux 9": "ol9", + "openEuler 2203": "openeuler2203", + "openEuler 2403": "openeuler2403", ++ "openEuler 2409": "openeuler2409", + "openSUSE": "opensuse", + "Red Hat Enterprise Linux 7": "rhel7", + "Red Hat Enterprise Linux 8": "rhel8", +@@ -280,7 +281,7 @@ MULTI_PLATFORM_MAPPING = { + "multi_platform_example": ["example"], + "multi_platform_eks": ["eks"], + "multi_platform_fedora": ["fedora"], +- "multi_platform_openeuler": ["openeuler2203", "openeuler2403"], ++ "multi_platform_openeuler": ["openeuler2203", "openeuler2403", "openeuler2409"], + "multi_platform_opensuse": ["opensuse"], + "multi_platform_ol": ["ol7", "ol8", "ol9"], + "multi_platform_ocp": ["ocp4"], +-- +2.33.0 + -- Gitee