From df4583962e67a3a11e6e636abb372d98752cc68c Mon Sep 17 00:00:00 2001 From: Simon John Date: Thu, 23 Jan 2025 10:26:20 +0000 Subject: [PATCH] Ensured ensure_almalinux_gpgkey_installed is not found in non-AlmaLinux profiles by negating it --- products/debian12/profiles/anssi_bp28_enhanced.profile | 1 + products/debian12/profiles/anssi_bp28_high.profile | 1 + products/debian12/profiles/anssi_bp28_intermediary.profile | 1 + products/debian12/profiles/anssi_bp28_minimal.profile | 3 ++- products/ol10/profiles/anssi_bp28_enhanced.profile | 1 + products/ol10/profiles/anssi_bp28_high.profile | 1 + products/ol10/profiles/anssi_bp28_intermediary.profile | 1 + products/ol10/profiles/anssi_bp28_minimal.profile | 1 + products/ol10/profiles/e8.profile | 1 + products/ol10/profiles/hipaa.profile | 1 + products/ol10/profiles/pci-dss.profile | 1 + products/ol7/profiles/anssi_nt28_enhanced.profile | 1 + products/ol7/profiles/anssi_nt28_high.profile | 1 + products/ol7/profiles/anssi_nt28_intermediary.profile | 1 + products/ol7/profiles/anssi_nt28_minimal.profile | 1 + products/ol8/profiles/anssi_bp28_enhanced.profile | 1 + products/ol8/profiles/anssi_bp28_high.profile | 1 + products/ol8/profiles/anssi_bp28_intermediary.profile | 1 + products/ol8/profiles/anssi_bp28_minimal.profile | 1 + products/ol9/profiles/anssi_bp28_enhanced.profile | 1 + products/ol9/profiles/anssi_bp28_high.profile | 1 + products/ol9/profiles/anssi_bp28_intermediary.profile | 1 + products/ol9/profiles/anssi_bp28_minimal.profile | 1 + products/rhcos4/profiles/anssi_bp28_enhanced.profile | 1 + products/rhcos4/profiles/anssi_bp28_high.profile | 1 + products/rhcos4/profiles/anssi_bp28_intermediary.profile | 1 + products/rhcos4/profiles/anssi_bp28_minimal.profile | 1 + products/rhel10/profiles/anssi_bp28_enhanced.profile | 3 ++- products/rhel10/profiles/anssi_bp28_high.profile | 3 ++- products/rhel10/profiles/anssi_bp28_intermediary.profile | 3 ++- products/rhel10/profiles/anssi_bp28_minimal.profile | 3 ++- products/rhel8/profiles/anssi_bp28_enhanced.profile | 1 + products/rhel8/profiles/anssi_bp28_high.profile | 1 + products/rhel8/profiles/anssi_bp28_intermediary.profile | 1 + products/rhel8/profiles/anssi_bp28_minimal.profile | 1 + products/rhel9/profiles/anssi_bp28_enhanced.profile | 1 + products/rhel9/profiles/anssi_bp28_high.profile | 1 + products/rhel9/profiles/anssi_bp28_intermediary.profile | 1 + products/rhel9/profiles/anssi_bp28_minimal.profile | 1 + products/sle12/profiles/anssi_bp28_enhanced.profile | 1 + products/sle12/profiles/anssi_bp28_high.profile | 1 + products/sle12/profiles/anssi_bp28_intermediary.profile | 1 + products/sle12/profiles/anssi_bp28_minimal.profile | 1 + products/sle15/profiles/anssi_bp28_enhanced.profile | 1 + products/sle15/profiles/anssi_bp28_high.profile | 1 + products/sle15/profiles/anssi_bp28_intermediary.profile | 1 + products/sle15/profiles/anssi_bp28_minimal.profile | 1 + 47 files changed, 52 insertions(+), 5 deletions(-) diff --git a/products/debian12/profiles/anssi_bp28_enhanced.profile b/products/debian12/profiles/anssi_bp28_enhanced.profile index f8104ed8170..29b7a4ad02e 100644 --- a/products/debian12/profiles/anssi_bp28_enhanced.profile +++ b/products/debian12/profiles/anssi_bp28_enhanced.profile @@ -65,4 +65,5 @@ selections: - '!file_permissions_unauthorized_suid' - '!ensure_gpgcheck_never_disabled' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_dracut-fips-aesni_installed' diff --git a/products/debian12/profiles/anssi_bp28_high.profile b/products/debian12/profiles/anssi_bp28_high.profile index 7c3cc09284c..80fffe2e28a 100644 --- a/products/debian12/profiles/anssi_bp28_high.profile +++ b/products/debian12/profiles/anssi_bp28_high.profile @@ -65,4 +65,5 @@ selections: - '!file_permissions_unauthorized_suid' - '!ensure_gpgcheck_never_disabled' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_dracut-fips-aesni_installed' diff --git a/products/debian12/profiles/anssi_bp28_intermediary.profile b/products/debian12/profiles/anssi_bp28_intermediary.profile index 91e8010feab..c24d17802c3 100644 --- a/products/debian12/profiles/anssi_bp28_intermediary.profile +++ b/products/debian12/profiles/anssi_bp28_intermediary.profile @@ -57,3 +57,4 @@ selections: - '!file_permissions_unauthorized_suid' - '!ensure_gpgcheck_never_disabled' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' diff --git a/products/debian12/profiles/anssi_bp28_minimal.profile b/products/debian12/profiles/anssi_bp28_minimal.profile index 2508a5d644d..453f9490038 100644 --- a/products/debian12/profiles/anssi_bp28_minimal.profile +++ b/products/debian12/profiles/anssi_bp28_minimal.profile @@ -44,4 +44,5 @@ selections: - '!file_permissions_unauthorized_suid' - '!ensure_gpgcheck_never_disabled' - '!ensure_oracle_gpgkey_installed' - + - '!ensure_almalinux_gpgkey_installed' + \ No newline at end of file diff --git a/products/ol10/profiles/anssi_bp28_enhanced.profile b/products/ol10/profiles/anssi_bp28_enhanced.profile index bbaf1790f5b..6ffbaae6d5e 100644 --- a/products/ol10/profiles/anssi_bp28_enhanced.profile +++ b/products/ol10/profiles/anssi_bp28_enhanced.profile @@ -21,6 +21,7 @@ selections: - '!accounts_passwords_pam_tally2_deny_root' - '!install_PAE_kernel_on_x86-32' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_dracut-fips-aesni_installed' - '!cracklib_accounts_password_pam_lcredit' - '!cracklib_accounts_password_pam_ocredit' diff --git a/products/ol10/profiles/anssi_bp28_high.profile b/products/ol10/profiles/anssi_bp28_high.profile index dd05f43fcec..2d15bb0ce34 100644 --- a/products/ol10/profiles/anssi_bp28_high.profile +++ b/products/ol10/profiles/anssi_bp28_high.profile @@ -22,6 +22,7 @@ selections: - '!accounts_passwords_pam_tally2_deny_root' - '!install_PAE_kernel_on_x86-32' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!aide_periodic_checking_systemd_timer' - '!package_dracut-fips-aesni_installed' - '!cracklib_accounts_password_pam_lcredit' diff --git a/products/ol10/profiles/anssi_bp28_intermediary.profile b/products/ol10/profiles/anssi_bp28_intermediary.profile index dfe2cdda3b6..972b19fb9bf 100644 --- a/products/ol10/profiles/anssi_bp28_intermediary.profile +++ b/products/ol10/profiles/anssi_bp28_intermediary.profile @@ -28,6 +28,7 @@ selections: - '!cracklib_accounts_password_pam_ocredit' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!sudo_add_umask' # this rule is not automated anymore - '!security_patches_up_to_date' diff --git a/products/ol10/profiles/anssi_bp28_minimal.profile b/products/ol10/profiles/anssi_bp28_minimal.profile index c0d5b952e18..e3e325de862 100644 --- a/products/ol10/profiles/anssi_bp28_minimal.profile +++ b/products/ol10/profiles/anssi_bp28_minimal.profile @@ -28,6 +28,7 @@ selections: - '!cracklib_accounts_password_pam_ocredit' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!security_patches_up_to_date' # these packages do not exist in ol10 (R62) - '!package_dhcp_removed' diff --git a/products/ol10/profiles/e8.profile b/products/ol10/profiles/e8.profile index fbd6f9e5090..36961bb6937 100644 --- a/products/ol10/profiles/e8.profile +++ b/products/ol10/profiles/e8.profile @@ -19,6 +19,7 @@ selections: - e8:all - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - ensure_oracle_gpgkey_installed - var_system_crypto_policy=default_policy diff --git a/products/ol10/profiles/hipaa.profile b/products/ol10/profiles/hipaa.profile index f259e962b15..6742f468176 100644 --- a/products/ol10/profiles/hipaa.profile +++ b/products/ol10/profiles/hipaa.profile @@ -35,6 +35,7 @@ selections: - '!dconf_gnome_remote_access_encryption' - '!ensure_suse_gpgkey_installed' - '!ensure_fedora_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!grub2_uefi_admin_username' - '!grub2_uefi_pass' - '!service_ypbind_disabled' diff --git a/products/ol10/profiles/pci-dss.profile b/products/ol10/profiles/pci-dss.profile index c54c3fe8b24..3cf1836c3b2 100644 --- a/products/ol10/profiles/pci-dss.profile +++ b/products/ol10/profiles/pci-dss.profile @@ -46,6 +46,7 @@ selections: - '!ensure_firewall_rules_for_open_ports' - '!ensure_shadow_group_empty' - '!ensure_suse_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!install_PAE_kernel_on_x86-32' - '!mask_nonessential_services' - '!nftables_ensure_default_deny_policy' diff --git a/products/ol7/profiles/anssi_nt28_enhanced.profile b/products/ol7/profiles/anssi_nt28_enhanced.profile index 2474530da00..99d41639b3f 100644 --- a/products/ol7/profiles/anssi_nt28_enhanced.profile +++ b/products/ol7/profiles/anssi_nt28_enhanced.profile @@ -21,6 +21,7 @@ selections: - '!rsyslog_remote_tls' - '!timer_logrotate_enabled' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_dnf-automatic_installed' - '!audit_rules_privileged_commands_rmmod' - '!grub2_mds_argument' diff --git a/products/ol7/profiles/anssi_nt28_high.profile b/products/ol7/profiles/anssi_nt28_high.profile index b57f6ca4c64..2762cb88b02 100644 --- a/products/ol7/profiles/anssi_nt28_high.profile +++ b/products/ol7/profiles/anssi_nt28_high.profile @@ -23,6 +23,7 @@ selections: - '!kernel_config_legacy_vsyscall_none' - '!kernel_config_hardened_usercopy_fallback' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!aide_periodic_checking_systemd_timer' - '!kernel_config_gcc_plugin_latent_entropy' - '!package_dnf-automatic_installed' diff --git a/products/ol7/profiles/anssi_nt28_intermediary.profile b/products/ol7/profiles/anssi_nt28_intermediary.profile index ee44aeb4518..2faf615ecfb 100644 --- a/products/ol7/profiles/anssi_nt28_intermediary.profile +++ b/products/ol7/profiles/anssi_nt28_intermediary.profile @@ -17,6 +17,7 @@ selections: - '!accounts_passwords_pam_tally2_deny_root' - '!sysctl_kernel_unprivileged_bpf_disabled' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_dnf-automatic_installed' - '!grub2_mds_argument' - '!dnf-automatic_security_updates_only' diff --git a/products/ol7/profiles/anssi_nt28_minimal.profile b/products/ol7/profiles/anssi_nt28_minimal.profile index 492c0c5b6ff..597865da474 100644 --- a/products/ol7/profiles/anssi_nt28_minimal.profile +++ b/products/ol7/profiles/anssi_nt28_minimal.profile @@ -27,5 +27,6 @@ selections: - '!cracklib_accounts_password_pam_ocredit' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!enable_authselect' - '!package_kea_removed' diff --git a/products/ol8/profiles/anssi_bp28_enhanced.profile b/products/ol8/profiles/anssi_bp28_enhanced.profile index ec8407c05cb..4d99cab424d 100644 --- a/products/ol8/profiles/anssi_bp28_enhanced.profile +++ b/products/ol8/profiles/anssi_bp28_enhanced.profile @@ -17,6 +17,7 @@ selections: - '!accounts_passwords_pam_tally2_deny_root' - '!timer_logrotate_enabled' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!audit_rules_privileged_commands_rmmod' - '!grub2_mds_argument' - '!audit_rules_privileged_commands_modprobe' diff --git a/products/ol8/profiles/anssi_bp28_high.profile b/products/ol8/profiles/anssi_bp28_high.profile index 9f6b42e0d25..fa0f8f039ba 100644 --- a/products/ol8/profiles/anssi_bp28_high.profile +++ b/products/ol8/profiles/anssi_bp28_high.profile @@ -17,6 +17,7 @@ selections: - '!accounts_passwords_pam_tally2_deny_root' - '!timer_logrotate_enabled' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!aide_periodic_checking_systemd_timer' - '!audit_rules_privileged_commands_rmmod' - '!grub2_mds_argument' diff --git a/products/ol8/profiles/anssi_bp28_intermediary.profile b/products/ol8/profiles/anssi_bp28_intermediary.profile index 97172289d37..a7b75d258cf 100644 --- a/products/ol8/profiles/anssi_bp28_intermediary.profile +++ b/products/ol8/profiles/anssi_bp28_intermediary.profile @@ -27,4 +27,5 @@ selections: - '!grub2_page_alloc_shuffle_argument' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/ol8/profiles/anssi_bp28_minimal.profile b/products/ol8/profiles/anssi_bp28_minimal.profile index 5796299ff12..b23ec968f31 100644 --- a/products/ol8/profiles/anssi_bp28_minimal.profile +++ b/products/ol8/profiles/anssi_bp28_minimal.profile @@ -23,4 +23,5 @@ selections: - '!cracklib_accounts_password_pam_ocredit' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/ol9/profiles/anssi_bp28_enhanced.profile b/products/ol9/profiles/anssi_bp28_enhanced.profile index f4182cd225c..584a6871dbf 100644 --- a/products/ol9/profiles/anssi_bp28_enhanced.profile +++ b/products/ol9/profiles/anssi_bp28_enhanced.profile @@ -20,6 +20,7 @@ selections: - '!install_PAE_kernel_on_x86-32' - '!partition_for_boot' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!sudo_add_ignore_dot' - '!audit_rules_privileged_commands_rmmod' - '!audit_rules_privileged_commands_modprobe' diff --git a/products/ol9/profiles/anssi_bp28_high.profile b/products/ol9/profiles/anssi_bp28_high.profile index b49d183135b..b6386306549 100644 --- a/products/ol9/profiles/anssi_bp28_high.profile +++ b/products/ol9/profiles/anssi_bp28_high.profile @@ -20,6 +20,7 @@ selections: - '!install_PAE_kernel_on_x86-32' - '!partition_for_boot' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!aide_periodic_checking_systemd_timer' - '!sudo_add_ignore_dot' - '!audit_rules_privileged_commands_rmmod' diff --git a/products/ol9/profiles/anssi_bp28_intermediary.profile b/products/ol9/profiles/anssi_bp28_intermediary.profile index c7b86de6c92..5eef33c6df8 100644 --- a/products/ol9/profiles/anssi_bp28_intermediary.profile +++ b/products/ol9/profiles/anssi_bp28_intermediary.profile @@ -29,6 +29,7 @@ selections: - '!enable_pam_namespace' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!sudo_add_umask' - '!sudo_add_ignore_dot' - '!sudo_add_env_reset' diff --git a/products/ol9/profiles/anssi_bp28_minimal.profile b/products/ol9/profiles/anssi_bp28_minimal.profile index 4d0e3b25179..c58bea86149 100644 --- a/products/ol9/profiles/anssi_bp28_minimal.profile +++ b/products/ol9/profiles/anssi_bp28_minimal.profile @@ -25,5 +25,6 @@ selections: - '!cracklib_accounts_password_pam_ocredit' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_xinetd_removed' - '!package_kea_removed' diff --git a/products/rhcos4/profiles/anssi_bp28_enhanced.profile b/products/rhcos4/profiles/anssi_bp28_enhanced.profile index 1c44c6fd561..95e69d01fe4 100644 --- a/products/rhcos4/profiles/anssi_bp28_enhanced.profile +++ b/products/rhcos4/profiles/anssi_bp28_enhanced.profile @@ -117,3 +117,4 @@ selections: - '!ensure_gpgcheck_globally_activated' - '!sysctl_net_ipv6_conf_all_autoconf' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' diff --git a/products/rhcos4/profiles/anssi_bp28_high.profile b/products/rhcos4/profiles/anssi_bp28_high.profile index c380fb9d389..249893f5002 100644 --- a/products/rhcos4/profiles/anssi_bp28_high.profile +++ b/products/rhcos4/profiles/anssi_bp28_high.profile @@ -153,3 +153,4 @@ selections: - '!ensure_gpgcheck_globally_activated' - '!sysctl_net_ipv6_conf_all_autoconf' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' diff --git a/products/rhcos4/profiles/anssi_bp28_intermediary.profile b/products/rhcos4/profiles/anssi_bp28_intermediary.profile index 901bc2439a0..cea6d1ce6c4 100644 --- a/products/rhcos4/profiles/anssi_bp28_intermediary.profile +++ b/products/rhcos4/profiles/anssi_bp28_intermediary.profile @@ -104,3 +104,4 @@ selections: - '!ensure_gpgcheck_globally_activated' - '!sysctl_net_ipv6_conf_all_autoconf' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' diff --git a/products/rhcos4/profiles/anssi_bp28_minimal.profile b/products/rhcos4/profiles/anssi_bp28_minimal.profile index 234c622420a..ddcce444eab 100644 --- a/products/rhcos4/profiles/anssi_bp28_minimal.profile +++ b/products/rhcos4/profiles/anssi_bp28_minimal.profile @@ -63,3 +63,4 @@ selections: - '!file_permissions_unauthorized_suid' - '!ensure_gpgcheck_never_disabled' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' diff --git a/products/rhel10/profiles/anssi_bp28_enhanced.profile b/products/rhel10/profiles/anssi_bp28_enhanced.profile index 39d98116a78..856f75340fc 100644 --- a/products/rhel10/profiles/anssi_bp28_enhanced.profile +++ b/products/rhel10/profiles/anssi_bp28_enhanced.profile @@ -39,8 +39,9 @@ selections: - '!cracklib_accounts_password_pam_dcredit' # umask is configured at a different place in RHEL 10 - '!sudo_add_umask' - # Oracle key is not relevant on RHEL 10 + # Non-Red Hat keys are irrelevant on RHEL 10 - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' # this rule is not automated anymore - '!security_patches_up_to_date' # There is only chrony package on RHEL 10, no ntpd diff --git a/products/rhel10/profiles/anssi_bp28_high.profile b/products/rhel10/profiles/anssi_bp28_high.profile index d89931d6eaa..65f0cd2b4c1 100644 --- a/products/rhel10/profiles/anssi_bp28_high.profile +++ b/products/rhel10/profiles/anssi_bp28_high.profile @@ -43,8 +43,9 @@ selections: - '!cracklib_accounts_password_pam_dcredit' # umask is configured at a different place in RHEL 10 - '!sudo_add_umask' - # Oracle key is not relevant on RHEL 10 + # Non-Red Hat keys are irrelevant on RHEL 10 - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' # this rule is not automated anymore - '!security_patches_up_to_date' # There is only chrony package on RHEL 10, no ntpd diff --git a/products/rhel10/profiles/anssi_bp28_intermediary.profile b/products/rhel10/profiles/anssi_bp28_intermediary.profile index 89914b245d8..0305bbe7fff 100644 --- a/products/rhel10/profiles/anssi_bp28_intermediary.profile +++ b/products/rhel10/profiles/anssi_bp28_intermediary.profile @@ -35,8 +35,9 @@ selections: - '!cracklib_accounts_password_pam_ocredit' # umask is configured at a different place in RHEL 10 - '!sudo_add_umask' - # Oracle key is not relevant on RHEL 10 + # Non-Red Hat keys are irrelevant on RHEL 10 - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' # this rule is not automated anymore - '!security_patches_up_to_date' # these packages do not exist in rhel10 (R62) diff --git a/products/rhel10/profiles/anssi_bp28_minimal.profile b/products/rhel10/profiles/anssi_bp28_minimal.profile index ccc7212e3c4..64810e08563 100644 --- a/products/rhel10/profiles/anssi_bp28_minimal.profile +++ b/products/rhel10/profiles/anssi_bp28_minimal.profile @@ -33,8 +33,9 @@ selections: - '!cracklib_accounts_password_pam_dcredit' - '!cracklib_accounts_password_pam_lcredit' - '!cracklib_accounts_password_pam_ocredit' - # Oracle key is not relevant on RHEL 10 + # Non-Red Hat keys are irrelevant on RHEL 10 - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' # this rule is not automated anymore - '!security_patches_up_to_date' # these packages do not exist in rhel10 (R62) diff --git a/products/rhel8/profiles/anssi_bp28_enhanced.profile b/products/rhel8/profiles/anssi_bp28_enhanced.profile index f580bb611d1..f9f8528e165 100644 --- a/products/rhel8/profiles/anssi_bp28_enhanced.profile +++ b/products/rhel8/profiles/anssi_bp28_enhanced.profile @@ -49,4 +49,5 @@ selections: - '!accounts_passwords_pam_tally2_unlock_time' - '!audit_rules_privileged_commands_insmod' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/rhel8/profiles/anssi_bp28_high.profile b/products/rhel8/profiles/anssi_bp28_high.profile index 0c492e83040..1e80480a73a 100644 --- a/products/rhel8/profiles/anssi_bp28_high.profile +++ b/products/rhel8/profiles/anssi_bp28_high.profile @@ -56,4 +56,5 @@ selections: - '!cracklib_accounts_password_pam_dcredit' - '!grub2_page_alloc_shuffle_argument' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/rhel8/profiles/anssi_bp28_intermediary.profile b/products/rhel8/profiles/anssi_bp28_intermediary.profile index 7e6adfe6b55..98ddfe69fa8 100644 --- a/products/rhel8/profiles/anssi_bp28_intermediary.profile +++ b/products/rhel8/profiles/anssi_bp28_intermediary.profile @@ -37,4 +37,5 @@ selections: - '!grub2_page_alloc_shuffle_argument' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/rhel8/profiles/anssi_bp28_minimal.profile b/products/rhel8/profiles/anssi_bp28_minimal.profile index 772d310359e..328ecdfb7d1 100644 --- a/products/rhel8/profiles/anssi_bp28_minimal.profile +++ b/products/rhel8/profiles/anssi_bp28_minimal.profile @@ -33,4 +33,5 @@ selections: - '!cracklib_accounts_password_pam_ocredit' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/rhel9/profiles/anssi_bp28_enhanced.profile b/products/rhel9/profiles/anssi_bp28_enhanced.profile index f6af70d6572..c7557bab25e 100644 --- a/products/rhel9/profiles/anssi_bp28_enhanced.profile +++ b/products/rhel9/profiles/anssi_bp28_enhanced.profile @@ -47,6 +47,7 @@ selections: - '!cracklib_accounts_password_pam_minlen' - '!cracklib_accounts_password_pam_dcredit' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' # RHEL9 unified the paths for grub2 files. These rules are selected in control file by R29. - '!file_groupowner_efi_grub2_cfg' diff --git a/products/rhel9/profiles/anssi_bp28_high.profile b/products/rhel9/profiles/anssi_bp28_high.profile index fd425188d50..bb08e4319a8 100644 --- a/products/rhel9/profiles/anssi_bp28_high.profile +++ b/products/rhel9/profiles/anssi_bp28_high.profile @@ -50,6 +50,7 @@ selections: - '!cracklib_accounts_password_pam_minlen' - '!cracklib_accounts_password_pam_dcredit' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' # disable R45: Enable AppArmor security profiles - '!apparmor_configured' diff --git a/products/rhel9/profiles/anssi_bp28_intermediary.profile b/products/rhel9/profiles/anssi_bp28_intermediary.profile index 0f250fda3ba..85f745c79ae 100644 --- a/products/rhel9/profiles/anssi_bp28_intermediary.profile +++ b/products/rhel9/profiles/anssi_bp28_intermediary.profile @@ -40,4 +40,5 @@ selections: - '!sudo_add_ignore_dot' - '!sudo_add_env_reset' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/rhel9/profiles/anssi_bp28_minimal.profile b/products/rhel9/profiles/anssi_bp28_minimal.profile index da808456900..4112b8dfd9f 100644 --- a/products/rhel9/profiles/anssi_bp28_minimal.profile +++ b/products/rhel9/profiles/anssi_bp28_minimal.profile @@ -33,4 +33,5 @@ selections: - '!cracklib_accounts_password_pam_ocredit' - '!accounts_passwords_pam_tally2_unlock_time' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/sle12/profiles/anssi_bp28_enhanced.profile b/products/sle12/profiles/anssi_bp28_enhanced.profile index 331a47e9856..ec8ebac223f 100644 --- a/products/sle12/profiles/anssi_bp28_enhanced.profile +++ b/products/sle12/profiles/anssi_bp28_enhanced.profile @@ -34,6 +34,7 @@ selections: - '!sysctl_kernel_unprivileged_bpf_disabled' - '!accounts_passwords_pam_faillock_deny' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!accounts_passwords_pam_faillock_unlock_time' - '!accounts_passwords_pam_faillock_interval' - '!grub2_mds_argument' diff --git a/products/sle12/profiles/anssi_bp28_high.profile b/products/sle12/profiles/anssi_bp28_high.profile index 02dcf2d37a8..1b4b14fe5d8 100644 --- a/products/sle12/profiles/anssi_bp28_high.profile +++ b/products/sle12/profiles/anssi_bp28_high.profile @@ -38,6 +38,7 @@ selections: - '!kernel_config_hardened_usercopy_fallback' - '!accounts_passwords_pam_faillock_deny' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!accounts_passwords_pam_faillock_unlock_time' - '!accounts_passwords_pam_faillock_interval' - '!kernel_config_gcc_plugin_latent_entropy' diff --git a/products/sle12/profiles/anssi_bp28_intermediary.profile b/products/sle12/profiles/anssi_bp28_intermediary.profile index c13e8a501d5..664ceb744ed 100644 --- a/products/sle12/profiles/anssi_bp28_intermediary.profile +++ b/products/sle12/profiles/anssi_bp28_intermediary.profile @@ -34,6 +34,7 @@ selections: - '!sysctl_kernel_unprivileged_bpf_disabled' - '!accounts_passwords_pam_faillock_deny' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!accounts_passwords_pam_faillock_unlock_time' - '!accounts_passwords_pam_faillock_interval' - '!grub2_mds_argument' diff --git a/products/sle12/profiles/anssi_bp28_minimal.profile b/products/sle12/profiles/anssi_bp28_minimal.profile index c28d2f439f3..ca43ac31c00 100644 --- a/products/sle12/profiles/anssi_bp28_minimal.profile +++ b/products/sle12/profiles/anssi_bp28_minimal.profile @@ -35,6 +35,7 @@ selections: - '!accounts_password_pam_ocredit' - '!accounts_password_pam_lcredit' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!accounts_passwords_pam_faillock_deny' - '!accounts_passwords_pam_faillock_unlock_time' - '!accounts_passwords_pam_faillock_interval' diff --git a/products/sle15/profiles/anssi_bp28_enhanced.profile b/products/sle15/profiles/anssi_bp28_enhanced.profile index 32b4746d732..932d4f59773 100644 --- a/products/sle15/profiles/anssi_bp28_enhanced.profile +++ b/products/sle15/profiles/anssi_bp28_enhanced.profile @@ -34,6 +34,7 @@ selections: - '!sysctl_kernel_unprivileged_bpf_disabled' - '!accounts_passwords_pam_faillock_deny' - '!ensure_redhat_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!accounts_passwords_pam_faillock_unlock_time' - '!accounts_passwords_pam_faillock_interval' - '!sysctl_kernel_yama_ptrace_scope' diff --git a/products/sle15/profiles/anssi_bp28_high.profile b/products/sle15/profiles/anssi_bp28_high.profile index 13778fb452c..40f24474ea5 100644 --- a/products/sle15/profiles/anssi_bp28_high.profile +++ b/products/sle15/profiles/anssi_bp28_high.profile @@ -82,4 +82,5 @@ selections: - '!sysctl_net_ipv6_conf_all_autoconf' - '!grub2_pti_argument' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/sle15/profiles/anssi_bp28_intermediary.profile b/products/sle15/profiles/anssi_bp28_intermediary.profile index 47f2a85a988..840a8e094a8 100644 --- a/products/sle15/profiles/anssi_bp28_intermediary.profile +++ b/products/sle15/profiles/anssi_bp28_intermediary.profile @@ -54,4 +54,5 @@ selections: - '!sysctl_net_ipv6_conf_all_autoconf' - '!grub2_pti_argument' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!package_kea_removed' diff --git a/products/sle15/profiles/anssi_bp28_minimal.profile b/products/sle15/profiles/anssi_bp28_minimal.profile index 8060dcc9e5a..5046158f233 100644 --- a/products/sle15/profiles/anssi_bp28_minimal.profile +++ b/products/sle15/profiles/anssi_bp28_minimal.profile @@ -41,5 +41,6 @@ selections: - '!accounts_password_pam_ucredit' - '!accounts_password_pam_minlen' - '!ensure_oracle_gpgkey_installed' + - '!ensure_almalinux_gpgkey_installed' - '!enable_authselect' - '!package_kea_removed'