Blame SOURCES/scap-security-guide-0.1.42-mark_rules_as_machine_only.patch

0cd8e1
commit 724676573314ec7537015db800ea9edc08bdeafe
0cd8e1
Author: Gabriel Becker <ggasparb@redhat.com>
0cd8e1
Date:   Fri Apr 5 14:49:41 2019 +0200
0cd8e1
0cd8e1
    Mark rules that are not applicable in containers. Backport of 8a858d0c and 313b634c.
0cd8e1
0cd8e1
diff --git a/linux_os/guide/services/base/service_irqbalance_enabled.rule b/linux_os/guide/services/base/service_irqbalance_enabled.rule
0cd8e1
index a94a60d..d74e543 100644
0cd8e1
--- a/linux_os/guide/services/base/service_irqbalance_enabled.rule
0cd8e1
+++ b/linux_os/guide/services/base/service_irqbalance_enabled.rule
0cd8e1
@@ -24,3 +24,5 @@ references:
0cd8e1
     nist: CM-7
0cd8e1
 
0cd8e1
 ocil: '{{{ ocil_service_disabled(service="irqbalance") }}}'
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/services/cron_and_at/group.yml b/linux_os/guide/services/cron_and_at/group.yml
0cd8e1
index 30f07e0..745ed46 100644
0cd8e1
--- a/linux_os/guide/services/cron_and_at/group.yml
0cd8e1
+++ b/linux_os/guide/services/cron_and_at/group.yml
0cd8e1
@@ -8,3 +8,5 @@ description: |-
0cd8e1
     all systems to perform necessary maintenance tasks, while at may or
0cd8e1
     may not be required on a given system. Both daemons should be
0cd8e1
     configured defensively.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/services/docker/docker_storage_configured.rule b/linux_os/guide/services/docker/docker_storage_configured.rule
0cd8e1
index c675292..a1c90e6 100644
0cd8e1
--- a/linux_os/guide/services/docker/docker_storage_configured.rule
0cd8e1
+++ b/linux_os/guide/services/docker/docker_storage_configured.rule
0cd8e1
@@ -20,3 +20,5 @@ severity: low
0cd8e1
 
0cd8e1
 identifiers:
0cd8e1
     cce@rhel7: 80441-9
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/services/docker/service_docker_enabled.rule b/linux_os/guide/services/docker/service_docker_enabled.rule
0cd8e1
index 6cd9df4..309771b 100644
0cd8e1
--- a/linux_os/guide/services/docker/service_docker_enabled.rule
0cd8e1
+++ b/linux_os/guide/services/docker/service_docker_enabled.rule
0cd8e1
@@ -20,3 +20,5 @@ identifiers:
0cd8e1
     cce@rhel7: 80440-1
0cd8e1
 
0cd8e1
 ocil: '{{{ ocil_service_enabled(service="docker") }}}'
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/services/mail/group.yml b/linux_os/guide/services/mail/group.yml
0cd8e1
index 97ddf50..13f9730 100644
0cd8e1
--- a/linux_os/guide/services/mail/group.yml
0cd8e1
+++ b/linux_os/guide/services/mail/group.yml
0cd8e1
@@ -23,3 +23,5 @@ description: |-
0cd8e1
     Postfix was coded with security in mind and can also be more effectively contained by
0cd8e1
     SELinux as its modular design has resulted in separate processes performing specific actions.
0cd8e1
     More information is available on its website, {{{ weblink(link="http://www.postfix.org") }}}.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/services/ntp/group.yml b/linux_os/guide/services/ntp/group.yml
0cd8e1
index c85ac8c..737b7f4 100644
0cd8e1
--- a/linux_os/guide/services/ntp/group.yml
0cd8e1
+++ b/linux_os/guide/services/ntp/group.yml
0cd8e1
@@ -55,3 +55,5 @@ description: |-
0cd8e1
     The upstream manual pages at {{{ weblink(link="http://chrony.tuxfamily.org/manual.html") }}} for
0cd8e1
     <tt>chronyd</tt> and {{{ weblink(link="http://www.ntp.org") }}} for <tt>ntpd</tt> provide additional
0cd8e1
     information on the capabilities and configuration of each of the NTP daemons.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/services/ssh/group.yml b/linux_os/guide/services/ssh/group.yml
0cd8e1
index 8919c8c..feb65ee 100644
0cd8e1
--- a/linux_os/guide/services/ssh/group.yml
0cd8e1
+++ b/linux_os/guide/services/ssh/group.yml
0cd8e1
@@ -12,3 +12,5 @@ description: |-
0cd8e1
     {{{ weblink(link="http://www.openssh.org") }}}. Its server program
0cd8e1
     is called <tt>sshd</tt> and provided by the RPM package
0cd8e1
     <tt>openssh-server</tt>.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/services/sssd/group.yml b/linux_os/guide/services/sssd/group.yml
0cd8e1
index 49bfab9..ce74b3a 100644
0cd8e1
--- a/linux_os/guide/services/sssd/group.yml
0cd8e1
+++ b/linux_os/guide/services/sssd/group.yml
0cd8e1
@@ -17,3 +17,5 @@ description: |-
0cd8e1
     {{%- elif product == "rhel6" -%}}
0cd8e1
         {{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html") }}}
0cd8e1
     {{%- endif %}}
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/services/sssd/sssd-ldap/group.yml b/linux_os/guide/services/sssd/sssd-ldap/group.yml
0cd8e1
index a7c4c7d..0428dd1 100644
0cd8e1
--- a/linux_os/guide/services/sssd/sssd-ldap/group.yml
0cd8e1
+++ b/linux_os/guide/services/sssd/sssd-ldap/group.yml
0cd8e1
@@ -13,3 +13,5 @@ description: |-
0cd8e1
     

0cd8e1
     SSSD can support many backends including LDAP. The <tt>sssd-ldap</tt> backend
0cd8e1
     allows SSSD to fetch identity information from an LDAP server.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot.rule b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot.rule
0cd8e1
index beb9a4d..52e6a26 100644
0cd8e1
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot.rule
0cd8e1
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot.rule
0cd8e1
@@ -82,3 +82,5 @@ warnings:
0cd8e1
         key sequence if running in <tt>runlevel 6</tt> (e.g. in GNOME, KDE, etc.)! The
0cd8e1
         <tt>Ctrl-Alt-Del</tt> key sequence will only be disabled if running in
0cd8e1
         the non-graphical <tt>runlevel 3</tt>.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot.rule b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot.rule
0cd8e1
index 165bf92..d8d9116 100644
0cd8e1
--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot.rule
0cd8e1
+++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot.rule
0cd8e1
@@ -36,3 +36,5 @@ ocil: |-
0cd8e1
     <tt>systemd.confirm_spawn=(1|yes|true|on)</tt> in the kernel boot arguments.
0cd8e1
     Presence of a <tt>systemd.confirm_spawn=(1|yes|true|on)</tt> indicates
0cd8e1
     that interactive boot is enabled at boot time.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth.rule b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth.rule
0cd8e1
index 3d752e2..12d547d 100644
0cd8e1
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth.rule
0cd8e1
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth.rule
0cd8e1
@@ -66,3 +66,5 @@ ocil: |-
0cd8e1
     ExecStart and /sbin/sulogin:
0cd8e1
     
ExecStart=-/sbin/sulogin
0cd8e1
 {{% endif %}}
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed.rule
0cd8e1
index 56c2464..d721694 100644
0cd8e1
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed.rule
0cd8e1
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_screen_installed.rule
0cd8e1
@@ -41,3 +41,5 @@ references:
0cd8e1
 ocil_clause: 'the package is not installed'
0cd8e1
 
0cd8e1
 ocil: '{{{ ocil_package(package="screen") }}}'
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule
0cd8e1
index 815097b..5c58455 100644
0cd8e1
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule
0cd8e1
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule
0cd8e1
@@ -37,3 +37,5 @@ ocil: |-
0cd8e1
     To verify the operating system has the packages required for multifactor
0cd8e1
     authentication installed, run the following command:
0cd8e1
     
$ sudo yum list installed esc pam_pkcs11 authconfig-gtk
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule
0cd8e1
index 5b01b62..e4c0870 100644
0cd8e1
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule
0cd8e1
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule
0cd8e1
@@ -41,3 +41,5 @@ references:
0cd8e1
 ocil_clause: 'non-exempt accounts are not using CAC authentication'
0cd8e1
 
0cd8e1
 ocil: "Interview the SA to determine if all accounts not exempted by policy are\nusing CAC authentication.\nFor DoD systems, the following systems and accounts are exempt from using\nsmart card (CAC) authentication:\n
    \n
  • SIPRNET systems
  • \n
  • Standalone systems
  • \n
  • Application accounts
  • \n
  • Temporary employee accounts, such as students or interns, who cannot easily receive a CAC or PIV
  • \n
  • Operational tactical locations that are not collocated with RAPIDS workstations to issue CAC or ALT
  • \n
  • Test systems, such as those with an Interim Approval to Test (IATT) and use a separate VPN, firewall, or security measure preventing access to network and system components from outside the protection boundary documented in the IATT.
  • \n
"
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule
0cd8e1
index 9af1126..c68db6d 100644
0cd8e1
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule
0cd8e1
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule
0cd8e1
@@ -42,3 +42,5 @@ ocil: |-
0cd8e1
     
cert_policy = ca, ocsp_on, signature;
0cd8e1
     cert_policy = ca, ocsp_on, signature;
0cd8e1
     cert_policy = ca, ocsp_on, signature;
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled.rule b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled.rule
0cd8e1
index a2be942..184571c 100644
0cd8e1
--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled.rule
0cd8e1
+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled.rule
0cd8e1
@@ -31,3 +31,5 @@ references:
0cd8e1
     ospp@rhel7: FIA_AFL.1
0cd8e1
 
0cd8e1
 ocil: '{{{ ocil_service_disabled(service="debug-shell") }}}'
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule
0cd8e1
index f1cd259..98fb3f8 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule
0cd8e1
@@ -57,3 +57,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect.  Here the system calls
0cd8e1
         have been placed independent of other system calls.  Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule
0cd8e1
index bc765d3..77be3c4 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect.  Here the system calls
0cd8e1
         have been placed independent of other system calls.  Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule
0cd8e1
index 62f9d31..e530ea9 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule
0cd8e1
index 6a3db98..2410fc9 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule
0cd8e1
index b4ffe52..4f0c7e7 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule
0cd8e1
index 5a3435d..12d51f8 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule
0cd8e1
index ad029f1..b0ff227 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule
0cd8e1
@@ -61,3 +61,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule
0cd8e1
index e9cd1f9..4e19015 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule
0cd8e1
index 5cfd606..39fb8bd 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule
0cd8e1
index 72311d8..52d0c85 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule
0cd8e1
@@ -61,3 +61,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule
0cd8e1
index f84b153..f7ffae4 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule
0cd8e1
index 6bd3dfc..3ff38cf 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule
0cd8e1
@@ -60,3 +60,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule
0cd8e1
index eaec4c5..da633bd 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule
0cd8e1
@@ -55,3 +55,5 @@ warnings:
0cd8e1
         number of ways while still achieving the desired effect. Here the system calls
0cd8e1
         have been placed independent of other system calls. Grouping these system
0cd8e1
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml
0cd8e1
index 0de3ac0..0be694d 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/group.yml
0cd8e1
@@ -19,3 +19,5 @@ description: |-
0cd8e1
     
-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>=1000 -F auid!=4294967295 -F key=perm_mod
0cd8e1
         -a always,exit -F arch=b64 -S chown,fchown,fchownat,lchown -F auid>=1000 -F auid!=4294967295 -F key=perm_mod
0cd8e1
         -a always,exit -F arch=b64 -S setxattr,lsetxattr,fsetxattr,removexattr,lremovexattr,fremovexattr -F auid>=1000 -F auid!=4294967295 -F key=perm_mod
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule
0cd8e1
index 8e40014..f2c7891 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule
0cd8e1
@@ -47,3 +47,5 @@ ocil: |-
0cd8e1
     
$ sudo grep "path=/usr/bin/chcon" /etc/audit/audit.rules /etc/audit/rules.d/*
0cd8e1
     The output should return something similar to:
0cd8e1
     
-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule
0cd8e1
index 2a97b84..ea42555 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule
0cd8e1
@@ -46,3 +46,5 @@ ocil: |-
0cd8e1
     
$ sudo grep "path=/usr/sbin/restorecon" /etc/audit/audit.rules /etc/audit/rules.d/*
0cd8e1
     The output should return something similar to:
0cd8e1
     
-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule
0cd8e1
index c2aedce..dd62afa 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule
0cd8e1
@@ -47,3 +47,5 @@ ocil: |-
0cd8e1
     
$ sudo grep "path=/usr/sbin/semanage" /etc/audit/audit.rules /etc/audit/rules.d/*
0cd8e1
     The output should return something similar to:
0cd8e1
     
-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule
0cd8e1
index 247453e..2804b8d 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule
0cd8e1
@@ -47,3 +47,5 @@ ocil: |-
0cd8e1
     
$ sudo grep "path=/usr/sbin/setsebool" /etc/audit/audit.rules /etc/audit/rules.d/*
0cd8e1
     The output should return something similar to:
0cd8e1
     
-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
0cd8e1
+
0cd8e1
+platform: machine
0cd8e1
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
0cd8e1
index 346cd5a..d110f8a 100644
0cd8e1
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
0cd8e1
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
0cd8e1
@@ -65,3 +65,5 @@ warnings:
0cd8e1
         
  • <tt>audit_rules_file_deletion_events_unlink</tt>
  • 0cd8e1
             
  • <tt>audit_rules_file_deletion_events_unlinkat</tt>
  • 0cd8e1
             
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule
    0cd8e1
    index e9948eb..51b1d54 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule
    0cd8e1
    @@ -40,3 +40,5 @@ references:
    0cd8e1
         stigid@rhel7: "030880"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="rename") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule
    0cd8e1
    index 82c93a2..96133fc 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule
    0cd8e1
    @@ -40,3 +40,5 @@ references:
    0cd8e1
         stigid@rhel7: "030890"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule
    0cd8e1
    index 419cb05..21abd3a 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule
    0cd8e1
    @@ -40,3 +40,5 @@ references:
    0cd8e1
         stigid@rhel7: "030900"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule
    0cd8e1
    index cfd3553..25c2ec2 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule
    0cd8e1
    @@ -40,3 +40,5 @@ references:
    0cd8e1
         stigid@rhel7: "030910"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule
    0cd8e1
    index 217a3cb..390a4e5 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule
    0cd8e1
    @@ -40,3 +40,5 @@ references:
    0cd8e1
         stigid@rhel7: "030920"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule
    0cd8e1
    index f6a5e3e..370fbab 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule
    0cd8e1
    @@ -38,3 +38,5 @@ references:
    0cd8e1
         stigid@rhel7: "030830"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="delete_module") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule
    0cd8e1
    index 4ce4f24..d86680d 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule
    0cd8e1
    @@ -36,3 +36,5 @@ references:
    0cd8e1
         stigid@rhel7: "030821"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="finit_module") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule
    0cd8e1
    index 8b73da7..01de6c8 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule
    0cd8e1
    @@ -37,3 +37,5 @@ references:
    0cd8e1
         stigid@rhel7: "030820"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="init_module") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule
    0cd8e1
    index 3c4e05f..9610d30 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule
    0cd8e1
    @@ -41,3 +41,5 @@ ocil_clause: 'there is not output'
    0cd8e1
     ocil: |-
    0cd8e1
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1
         
    $ sudo auditctl -l | grep "watch=/usr/sbin/insmod"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule
    0cd8e1
    index 8ce37aa..bd266b8 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule
    0cd8e1
    @@ -41,3 +41,5 @@ ocil_clause: 'there is not output'
    0cd8e1
     ocil: |-
    0cd8e1
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1
         
    $ sudo auditctl -l | grep "watch=/usr/sbin/modprobe"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule
    0cd8e1
    index 7ab7824..b913129 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule
    0cd8e1
    @@ -41,3 +41,5 @@ ocil_clause: 'there is not output'
    0cd8e1
     ocil: |-
    0cd8e1
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1
         
    $ sudo auditctl -l | grep "watch=/usr/sbin/rmmod"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule
    0cd8e1
    index a2bd65f..11d187d 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule
    0cd8e1
    @@ -53,3 +53,5 @@ warnings:
    0cd8e1
             
  • <tt>audit_rules_login_events_faillock</tt>
  • 0cd8e1
             
  • <tt>audit_rules_login_events_lastlog</tt>
  • 0cd8e1
             
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule
    0cd8e1
    index 78f9d91..b730fdd 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule
    0cd8e1
    @@ -43,3 +43,5 @@ ocil_clause: 'there is not output'
    0cd8e1
     ocil: |-
    0cd8e1
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1
         
    $ sudo auditctl -l | grep "watch=/var/log/faillock"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule
    0cd8e1
    index 6c1919d..83c5cb7 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule
    0cd8e1
    @@ -43,3 +43,5 @@ ocil_clause: 'there is not output'
    0cd8e1
     ocil: |-
    0cd8e1
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1
         
    $ sudo auditctl -l | grep "watch=/var/log/lastlog"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule
    0cd8e1
    index b0eed40..9a9770a 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule
    0cd8e1
    @@ -43,3 +43,5 @@ ocil_clause: 'there is not output'
    0cd8e1
     ocil: |-
    0cd8e1
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1
         
    $ sudo auditctl -l | grep "watch=/var/log/tallylog"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule
    0cd8e1
    index a1408e9..3815429 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule
    0cd8e1
    @@ -81,3 +81,5 @@ warnings:
    0cd8e1
             
  • <tt>audit_rules_privileged_commands_umount</tt>
  • 0cd8e1
             
  • <tt>audit_rules_privileged_commands_passwd</tt>
  • 0cd8e1
             
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule
    0cd8e1
    index c2d56b1..9d6c828 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep chage /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule
    0cd8e1
    index 4c81432..ac5c38a 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep chsh /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule
    0cd8e1
    index 5baa248..03bcb6c 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep crontab /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule
    0cd8e1
    index cb856fa..5c8c407 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep gpasswd /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule
    0cd8e1
    index 32f0182..b8f8e5c 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep newgrp /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule
    0cd8e1
    index 7219c00..fda2e0c 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep pam_timestamp_check /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule
    0cd8e1
    index 8466855..cb41772 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep passwd /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule
    0cd8e1
    index b648c05..6f3f787 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep postdrop /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule
    0cd8e1
    index eadb5f9..d6f4eeb 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep postqueue /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule
    0cd8e1
    index 600608b..21e0a11 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule
    0cd8e1
    @@ -46,3 +46,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep pt_chown /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule
    0cd8e1
    index 07b6ecc..fa7ff2b 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep ssh-keysign /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule
    0cd8e1
    index 5e7c3fc..d791805 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep su /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule
    0cd8e1
    index b9c1c7a..e8b3585 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep sudo /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule
    0cd8e1
    index 176de59..8984a84 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep sudoedit /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule
    0cd8e1
    index d0fe096..5b636ea 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep umount /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule
    0cd8e1
    index 61e6cc6..205bf97 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep unix_chkpwd /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule
    0cd8e1
    index 83bec28..91f31f3 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         following command:
    0cd8e1
         
    $ sudo grep userhelper /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1
         It should return a relevant line in the audit rules.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule
    0cd8e1
    index 991abcf..2c42c74 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule
    0cd8e1
    @@ -37,3 +37,5 @@ references:
    0cd8e1
         hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.310(a)(2)(iv),164.312(d),164.310(d)(2)(iii),164.312(b),164.312(e)
    0cd8e1
         nist: AC-6,AU-1(b),AU-2(a),AU-2(c),AU-2(d),IR-5
    0cd8e1
         pcidss: Req-10.5.2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule
    0cd8e1
    index 7c4018b..5952dbb 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule
    0cd8e1
    @@ -47,3 +47,5 @@ ocil: |-
    0cd8e1
         If the system is configured to watch for changes to its SELinux
    0cd8e1
         configuration, a line should be returned (including
    0cd8e1
         <tt>perm=wa</tt> indicating permissions that are watched).
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule
    0cd8e1
    index f1d9d6c..28c64ca 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule
    0cd8e1
    @@ -50,3 +50,5 @@ ocil_clause: 'there is not output'
    0cd8e1
     ocil: |-
    0cd8e1
         To verify that auditing is configured for all media exportation events, run the following command:
    0cd8e1
         
    $ sudo auditctl -l | grep syscall | grep mount
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule
    0cd8e1
    index 3bda57f..55e1893 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule
    0cd8e1
    @@ -55,3 +55,5 @@ ocil: |-
    0cd8e1
         
    auditctl -l | egrep '(/etc/issue|/etc/issue.net|/etc/hosts|/etc/sysconfig/network)'
    0cd8e1
         If the system is configured to watch for network configuration changes, a line should be returned for
    0cd8e1
         each file specified (and <tt>perm=wa</tt> should be indicated for each).
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule
    0cd8e1
    index e63f61a..017a053 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule
    0cd8e1
    @@ -41,3 +41,5 @@ references:
    0cd8e1
         nist: AC-17(7),AU-1(b),AU-2(a),AU-2(c),AU-2(d),AU-12(a),AU-12(c),IR-5
    0cd8e1
         ospp@rhel7: FAU_GEN.1.1.c
    0cd8e1
         pcidss: Req-10.2.3
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule
    0cd8e1
    index 15c33a2..3be1932 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule
    0cd8e1
    @@ -47,3 +47,5 @@ ocil_clause: 'there is not output'
    0cd8e1
     ocil: |-
    0cd8e1
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1
         
    $ sudo auditctl -l | grep "watch=/etc/sudoers\|watch=/etc/sudoers.d"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule
    0cd8e1
    index a01adea..d40c9df 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule
    0cd8e1
    @@ -46,3 +46,5 @@ ocil: |-
    0cd8e1
         
    $ sudo grep "\-f 2" /etc/audit/audit.rules
    0cd8e1
         The output should contain:
    0cd8e1
         
    -f 2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule
    0cd8e1
    index b8716ef..2838470 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule
    0cd8e1
    @@ -68,3 +68,5 @@ warnings:
    0cd8e1
             
  • <tt>audit_rules_usergroup_modification_gshadow</tt>
  • 0cd8e1
             
  • <tt>audit_rules_usergroup_modification_passwd</tt>
  • 0cd8e1
             
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule
    0cd8e1
    index f161b14..143e63b 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule
    0cd8e1
    @@ -52,3 +52,5 @@ ocil: |-
    0cd8e1
         

    0cd8e1
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule
    0cd8e1
    index f9ae466..5e14989 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule
    0cd8e1
    @@ -52,3 +52,5 @@ ocil: |-
    0cd8e1
         

    0cd8e1
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule
    0cd8e1
    index 4b02de3..9e7ce3d 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule
    0cd8e1
    @@ -52,3 +52,5 @@ ocil: |-
    0cd8e1
         

    0cd8e1
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule
    0cd8e1
    index 2940549..76bce57 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule
    0cd8e1
    @@ -52,3 +52,5 @@ ocil: |-
    0cd8e1
         

    0cd8e1
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule
    0cd8e1
    index 0925d21..74819f5 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule
    0cd8e1
    @@ -52,3 +52,5 @@ ocil: |-
    0cd8e1
         

    0cd8e1
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule
    0cd8e1
    index 67ce61f..9dc2ceb 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule
    0cd8e1
    @@ -51,3 +51,5 @@ references:
    0cd8e1
     ocil_clause: 'the system is not configured to audit time changes'
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="adjtimex") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule
    0cd8e1
    index 136c6ef..436f5f0 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule
    0cd8e1
    @@ -51,3 +51,5 @@ references:
    0cd8e1
     ocil_clause: 'the system is not configured to audit time changes'
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="clock_settime") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule
    0cd8e1
    index 4003f25..22ec976 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule
    0cd8e1
    @@ -51,3 +51,5 @@ references:
    0cd8e1
     ocil_clause: 'the system is not configured to audit time changes'
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_audit_syscall(syscall="settimeofday") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule
    0cd8e1
    index d55c9a4..0572156 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule
    0cd8e1
    @@ -57,3 +57,5 @@ ocil: |-
    0cd8e1
         If the system is not configured to audit time changes, this is a finding.
    0cd8e1
         If the system is 64-bit only, this is not applicable
    0cd8e1
         {{{ complete_ocil_entry_audit_syscall(syscall="stime") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule
    0cd8e1
    index 70ce059..2fb8f7d 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule
    0cd8e1
    @@ -50,3 +50,5 @@ ocil: |-
    0cd8e1
         command:
    0cd8e1
         
    $ sudo auditctl -l | grep "watch=/etc/localtime"
    0cd8e1
         If the system is configured to audit this activity, it will return a line.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule
    0cd8e1
    index 0151c6e..ea42793 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule
    0cd8e1
    @@ -69,3 +69,5 @@ warnings:
    0cd8e1
             
  • <tt>audit_rules_unsuccessful_file_modification_ftruncate</tt>
  • 0cd8e1
             
  • <tt>audit_rules_unsuccessful_file_modification_creat</tt>
  • 0cd8e1
             
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule
    0cd8e1
    index f04df40..a328ff9 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule
    0cd8e1
    @@ -54,3 +54,5 @@ warnings:
    0cd8e1
             number of ways while still achieving the desired effect. Here the system calls
    0cd8e1
             have been placed independent of other system calls. Grouping these system
    0cd8e1
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule
    0cd8e1
    index ba75654..6229398 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule
    0cd8e1
    @@ -54,3 +54,5 @@ warnings:
    0cd8e1
             number of ways while still achieving the desired effect. Here the system calls
    0cd8e1
             have been placed independent of other system calls. Grouping these system
    0cd8e1
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule
    0cd8e1
    index 6f07e27..13f12fe 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule
    0cd8e1
    @@ -54,3 +54,5 @@ warnings:
    0cd8e1
             number of ways while still achieving the desired effect. Here the system calls
    0cd8e1
             have been placed independent of other system calls. Grouping these system
    0cd8e1
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule
    0cd8e1
    index c5adccc..ce4193a 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule
    0cd8e1
    @@ -54,3 +54,5 @@ warnings:
    0cd8e1
             number of ways while still achieving the desired effect. Here the system calls
    0cd8e1
             have been placed independent of other system calls. Grouping these system
    0cd8e1
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule
    0cd8e1
    index 4281e37..6f3c38a 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule
    0cd8e1
    @@ -54,3 +54,5 @@ warnings:
    0cd8e1
             number of ways while still achieving the desired effect. Here the system calls
    0cd8e1
             have been placed independent of other system calls. Grouping these system
    0cd8e1
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule
    0cd8e1
    index 97d81f5..f6e0263 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule
    0cd8e1
    @@ -54,3 +54,5 @@ warnings:
    0cd8e1
             number of ways while still achieving the desired effect. Here the system calls
    0cd8e1
             have been placed independent of other system calls. Grouping these system
    0cd8e1
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule
    0cd8e1
    index c3f6674..14d41d0 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule
    0cd8e1
    @@ -33,3 +33,5 @@ references:
    0cd8e1
     ocil: |-
    0cd8e1
         {{{ describe_file_owner(file="/var/log/audit", owner="root") }}}
    0cd8e1
         {{{ describe_file_owner(file="/var/log/audit/*", owner="root") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule
    0cd8e1
    index f9dc5f1..319b1bb 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule
    0cd8e1
    @@ -35,3 +35,5 @@ ocil: |-
    0cd8e1
         Run the following command to check the mode of the system audit logs:
    0cd8e1
         
    $ sudo ls -l /var/log/audit
    0cd8e1
         Audit logs must be mode 0640 or less permissive.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule
    0cd8e1
    index a2c1e28..94af473 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule
    0cd8e1
    @@ -37,3 +37,5 @@ ocil: |-
    0cd8e1
         The output should return something similar to where REMOTE_SYSTEM
    0cd8e1
         is an IP address or hostname:
    0cd8e1
         
    remote_server = REMOTE_SYSTEM
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule
    0cd8e1
    index fafa442..502843d 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule
    0cd8e1
    @@ -40,3 +40,5 @@ ocil: |-
    0cd8e1
         
    disk_full_action = single
    0cd8e1
         Acceptable values also include <tt>syslog</tt> and
    0cd8e1
         <tt>halt</tt>.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule
    0cd8e1
    index 94292ff..07d36df 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule
    0cd8e1
    @@ -34,3 +34,5 @@ ocil: |-
    0cd8e1
         
    $ sudo grep -i enable_krb5 /etc/audisp/audisp-remote.conf
    0cd8e1
         The output should return the following:
    0cd8e1
         
    enable_krb5 = yes
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule
    0cd8e1
    index 65cb5c2..7fc5566 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule
    0cd8e1
    @@ -40,3 +40,5 @@ ocil: |-
    0cd8e1
         
    network_failure_action = single
    0cd8e1
         Acceptable values also include <tt>syslog</tt> and
    0cd8e1
         <tt>halt</tt>.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule
    0cd8e1
    index 75edf6a..c2891ab 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule
    0cd8e1
    @@ -40,3 +40,5 @@ ocil: |-
    0cd8e1
         To verify the audispd's syslog plugin is active, run the following command:
    0cd8e1
         
    $ sudo grep active /etc/audisp/plugins.d/syslog.conf
    0cd8e1
         If the plugin is active, the output will show <tt>yes</tt>.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule
    0cd8e1
    index 692f804..cabdc03 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule
    0cd8e1
    @@ -43,3 +43,5 @@ ocil: |-
    0cd8e1
         determine if the system is configured to send email to an
    0cd8e1
         account when it needs to notify an administrator:
    0cd8e1
         
    action_mail_acct = root
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule
    0cd8e1
    index bf07cff..7bad632 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil: |-
    0cd8e1
         determine if the system is configured to either suspend, switch to single user mode,
    0cd8e1
         or halt when disk space has run low:
    0cd8e1
         
    admin_space_left_action single
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule
    0cd8e1
    index 3a5b3ce..5475a85 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule
    0cd8e1
    @@ -37,3 +37,5 @@ ocil: |-
    0cd8e1
         
    flush = DATA
    0cd8e1
         Acceptable values are <tt>DATA</tt>, and <tt>SYNC</tt>. The setting is
    0cd8e1
         case-insensitive.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule
    0cd8e1
    index faa46bf..06ec11d 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule
    0cd8e1
    @@ -40,3 +40,5 @@ ocil: |-
    0cd8e1
         determine how much data the system will retain in each audit log file:
    0cd8e1
         <tt>$ sudo grep max_log_file /etc/audit/auditd.conf</tt>
    0cd8e1
         
    max_log_file = 6
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule
    0cd8e1
    index a6b6277..609ca46 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule
    0cd8e1
    @@ -51,3 +51,5 @@ ocil: |-
    0cd8e1
         maximum size:
    0cd8e1
         <tt>$ sudo grep max_log_file_action /etc/audit/auditd.conf</tt>
    0cd8e1
         
    max_log_file_action <tt>rotate</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule
    0cd8e1
    index bf61ee0..5b1debc 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule
    0cd8e1
    @@ -39,3 +39,5 @@ ocil: |-
    0cd8e1
         determine how many logs the system is configured to retain after rotation:
    0cd8e1
         <tt>$ sudo grep num_logs /etc/audit/auditd.conf</tt>
    0cd8e1
         
    num_logs = 5
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule
    0cd8e1
    index ac6bed0..d86ae02 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule
    0cd8e1
    @@ -39,3 +39,5 @@ ocil: |-
    0cd8e1
         Inspect <tt>/etc/audit/auditd.conf</tt> and locate the following line to
    0cd8e1
         determine if the system is configured correctly:
    0cd8e1
         
    space_left SIZE_in_MB
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule
    0cd8e1
    index eb70dd0..7b4360f 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule
    0cd8e1
    @@ -57,3 +57,5 @@ ocil: |-
    0cd8e1
         <tt>$ sudo grep space_left_action /etc/audit/auditd.conf</tt>
    0cd8e1
         
    space_left_action
    0cd8e1
         Acceptable values are <tt>email</tt>, <tt>suspend</tt>, <tt>single</tt>, and <tt>halt</tt>.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/grub2_audit_argument.rule b/linux_os/guide/system/auditing/grub2_audit_argument.rule
    0cd8e1
    index 68d4f49..29c451c 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/grub2_audit_argument.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/grub2_audit_argument.rule
    0cd8e1
    @@ -57,3 +57,5 @@ warnings:
    0cd8e1
             
  • On UEFI-based machines, issue the following command as <tt>root</tt>:
  • 0cd8e1
             
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    0cd8e1
             
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/auditing/service_auditd_enabled.rule b/linux_os/guide/system/auditing/service_auditd_enabled.rule
    0cd8e1
    index b2dd85f..ce32390 100644
    0cd8e1
    --- a/linux_os/guide/system/auditing/service_auditd_enabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/auditing/service_auditd_enabled.rule
    0cd8e1
    @@ -41,3 +41,5 @@ references:
    0cd8e1
         stigid@rhel7: "030000"
    0cd8e1
     
    0cd8e1
     ocil: '{{{ ocil_service_enabled(service="auditd") }}}'
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/bootloader-grub2/file_permissions_efi_grub2_cfg.rule b/linux_os/guide/system/bootloader-grub2/file_permissions_efi_grub2_cfg.rule
    0cd8e1
    index 95c4589..02ee38d 100644
    0cd8e1
    --- a/linux_os/guide/system/bootloader-grub2/file_permissions_efi_grub2_cfg.rule
    0cd8e1
    +++ b/linux_os/guide/system/bootloader-grub2/file_permissions_efi_grub2_cfg.rule
    0cd8e1
    @@ -27,3 +27,5 @@ ocil: |-
    0cd8e1
         
    $ sudo ls -lL /boot/efi/EFI/redhat/grub.cfg
    0cd8e1
         If properly configured, the output should indicate the following
    0cd8e1
         permissions: <tt>-rwx------</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/bootloader-grub2/file_permissions_grub2_cfg.rule b/linux_os/guide/system/bootloader-grub2/file_permissions_grub2_cfg.rule
    0cd8e1
    index 306a6c5..02e2515 100644
    0cd8e1
    --- a/linux_os/guide/system/bootloader-grub2/file_permissions_grub2_cfg.rule
    0cd8e1
    +++ b/linux_os/guide/system/bootloader-grub2/file_permissions_grub2_cfg.rule
    0cd8e1
    @@ -31,3 +31,5 @@ ocil: |-
    0cd8e1
         
    $ sudo ls -lL /boot/grub2/grub.cfg
    0cd8e1
         If properly configured, the output should indicate the following
    0cd8e1
         permissions: <tt>-rw-------</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/bootloader-grub2/group.yml b/linux_os/guide/system/bootloader-grub2/group.yml
    0cd8e1
    index 81807fc..fe35833 100644
    0cd8e1
    --- a/linux_os/guide/system/bootloader-grub2/group.yml
    0cd8e1
    +++ b/linux_os/guide/system/bootloader-grub2/group.yml
    0cd8e1
    @@ -14,3 +14,5 @@ description: |-
    0cd8e1
         parameters and endangering security, protect the boot loader configuration
    0cd8e1
         with a password and ensure its configuration file's permissions
    0cd8e1
         are set properly.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/logging/group.yml b/linux_os/guide/system/logging/group.yml
    0cd8e1
    index f089e86..345043e 100644
    0cd8e1
    --- a/linux_os/guide/system/logging/group.yml
    0cd8e1
    +++ b/linux_os/guide/system/logging/group.yml
    0cd8e1
    @@ -19,3 +19,5 @@ description: |-
    0cd8e1
         This section discusses how to configure rsyslog for
    0cd8e1
         best effect, and how to use tools provided with the system to maintain and
    0cd8e1
         monitor logs.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-firewalld/group.yml b/linux_os/guide/system/network/network-firewalld/group.yml
    0cd8e1
    index 9512aa9..78bd398 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-firewalld/group.yml
    0cd8e1
    +++ b/linux_os/guide/system/network/network-firewalld/group.yml
    0cd8e1
    @@ -20,3 +20,5 @@ description: |-
    0cd8e1
         immediately implemented. There is no need to save or apply the changes. No
    0cd8e1
         unintended disruption of existing network connections occurs as no part of
    0cd8e1
         the firewall has to be reloaded.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_ra.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_ra.rule
    0cd8e1
    index b49d841..eed98e2 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_ra.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_ra.rule
    0cd8e1
    @@ -20,3 +20,5 @@ references:
    0cd8e1
         nist: CM-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_redirects.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_redirects.rule
    0cd8e1
    index 03e5540..fd66ec6 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_redirects.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_redirects.rule
    0cd8e1
    @@ -21,3 +21,5 @@ references:
    0cd8e1
         nist: CM-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_redirects", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_source_route.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_source_route.rule
    0cd8e1
    index 23cc26a..e643932 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_source_route.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_accept_source_route.rule
    0cd8e1
    @@ -29,3 +29,5 @@ references:
    0cd8e1
         stigid@rhel7: "040830"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_source_route", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_forwarding.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_forwarding.rule
    0cd8e1
    index a3a7e91..48c7ba3 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_forwarding.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_all_forwarding.rule
    0cd8e1
    @@ -24,3 +24,5 @@ references:
    0cd8e1
     ocil: |-
    0cd8e1
         {{{ ocil_sysctl_option_value(sysctl="net.ipv6.conf.all.forwarding", value="0") }}}
    0cd8e1
         The ability to forward packets is only appropriate for routers.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_ra.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_ra.rule
    0cd8e1
    index 449519d..58305d9 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_ra.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_ra.rule
    0cd8e1
    @@ -21,3 +21,5 @@ references:
    0cd8e1
         nist: CM-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_redirects.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_redirects.rule
    0cd8e1
    index 706f8c1..294fe2a 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_redirects.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_redirects.rule
    0cd8e1
    @@ -24,3 +24,5 @@ references:
    0cd8e1
         nist: CM-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_redirects", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_source_route.rule b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_source_route.rule
    0cd8e1
    index b2dc1b8..7942d50 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_source_route.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/disabling_ipv6_autoconfig/sysctl_net_ipv6_conf_default_accept_source_route.rule
    0cd8e1
    @@ -27,3 +27,5 @@ references:
    0cd8e1
         nist: AC-4
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_source_route", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6.rule b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6.rule
    0cd8e1
    index 9c46fae..9d86019 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6.rule
    0cd8e1
    @@ -30,3 +30,5 @@ references:
    0cd8e1
     ocil_clause: 'the ipv6 support is disabled on network interfaces'
    0cd8e1
     
    0cd8e1
     ocil: "If the system uses IPv6, this is not applicable.\n

    \nIf the system is configured to prevent the usage of the\n<tt>ipv6</tt> on network interfaces, it will contain a line\nof the form:\n
    net.ipv6.conf.all.disable_ipv6 = 1
    \nSuch lines may be inside any file in the <tt>/etc/sysctl.d</tt> directory. \nThis permits insertion of the IPv6 kernel module (which other parts of \nthe system expect to be present), but otherwise keeps all network interfaces\nfrom using IPv6.\nRun the following command to search for such\nlines in all files in <tt>/etc/sysctl.d</tt>:\n
    $ grep -r ipv6 /etc/sysctl.d
    "
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects.rule
    0cd8e1
    index 7287608..89e9074 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects.rule
    0cd8e1
    @@ -26,3 +26,5 @@ references:
    0cd8e1
         stigid@rhel7: "040641"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.accept_redirects", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route.rule
    0cd8e1
    index 5b66202..30aa26e 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route.rule
    0cd8e1
    @@ -26,3 +26,5 @@ references:
    0cd8e1
         stigid@rhel7: "040610"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.accept_source_route", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians.rule
    0cd8e1
    index 4b08783..44b2eda 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians.rule
    0cd8e1
    @@ -28,3 +28,5 @@ references:
    0cd8e1
         nist: AC-17(7),CM-7,SC-5(3)
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.log_martians", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter.rule
    0cd8e1
    index 296f675..f71cd86 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter.rule
    0cd8e1
    @@ -28,3 +28,5 @@ references:
    0cd8e1
         nist: AC-4,SC-5,SC-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.rp_filter", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects.rule
    0cd8e1
    index f23a5a9..7163301 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects.rule
    0cd8e1
    @@ -26,3 +26,5 @@ references:
    0cd8e1
         nist: AC-4,CM-7,SC-5
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.secure_redirects", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects.rule
    0cd8e1
    index f12a39b..c61122b 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects.rule
    0cd8e1
    @@ -26,3 +26,5 @@ references:
    0cd8e1
         stigid@rhel7: "040640"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.accept_redirects", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route.rule
    0cd8e1
    index 8d1ea9e..ca97a79 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route.rule
    0cd8e1
    @@ -26,3 +26,5 @@ references:
    0cd8e1
         stigid@rhel7: "040620"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.accept_source_route", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians.rule
    0cd8e1
    index b52b71f..6fc91a5 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians.rule
    0cd8e1
    @@ -24,3 +24,5 @@ references:
    0cd8e1
         nist: AC-17(7),CM-7,SC-5(3)
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.log_martians", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter.rule
    0cd8e1
    index 536963b..146d1e9 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter.rule
    0cd8e1
    @@ -27,3 +27,5 @@ references:
    0cd8e1
         nist: AC-4,SC-5,SC-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.rp_filter", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects.rule
    0cd8e1
    index 3f5d6ff..ef394a0 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects.rule
    0cd8e1
    @@ -26,3 +26,5 @@ references:
    0cd8e1
         nist: AC-4,CM-7,SC-5,SC-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.secure_redirects", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.rule
    0cd8e1
    index 33b55da..9cd2206 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts.rule
    0cd8e1
    @@ -32,3 +32,5 @@ references:
    0cd8e1
         stigid@rhel7: "040630"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.rule
    0cd8e1
    index 6a19f10..d1b6671 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses.rule
    0cd8e1
    @@ -24,3 +24,5 @@ references:
    0cd8e1
         nist: CM-7,SC-5
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_ignore_bogus_error_responses", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies.rule b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies.rule
    0cd8e1
    index 68dfe68..bce344d 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies.rule
    0cd8e1
    @@ -32,3 +32,5 @@ references:
    0cd8e1
         srg: SRG-OS-000480-GPOS-00227
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.tcp_syncookies", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects.rule
    0cd8e1
    index fcd4e0a..1b75c45 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects.rule
    0cd8e1
    @@ -32,3 +32,5 @@ references:
    0cd8e1
         stigid@rhel7: "040660"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.send_redirects", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects.rule b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects.rule
    0cd8e1
    index 76752ad..98a2df7 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects.rule
    0cd8e1
    @@ -32,3 +32,5 @@ references:
    0cd8e1
         stigid@rhel7: "040650"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.default.send_redirects", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward.rule b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward.rule
    0cd8e1
    index 068c595..1935645 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward.rule
    0cd8e1
    @@ -31,3 +31,5 @@ references:
    0cd8e1
     ocil: |-
    0cd8e1
         {{{ ocil_sysctl_option_value(sysctl="net.ipv4.ip_forward", value="0") }}}
    0cd8e1
         The ability to forward packets is only appropriate for routers.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled.rule b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled.rule
    0cd8e1
    index 5fa9b2b..7c8f938 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled.rule
    0cd8e1
    @@ -32,3 +32,5 @@ references:
    0cd8e1
         stigid: "020101"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_module_disable(module="dccp") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled.rule b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled.rule
    0cd8e1
    index 07452ee..e739b7c 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled.rule
    0cd8e1
    @@ -31,3 +31,5 @@ references:
    0cd8e1
         nist: CM-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_module_disable(module="sctp") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled.rule b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled.rule
    0cd8e1
    index fc3a8cb..2b25185 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled.rule
    0cd8e1
    @@ -31,3 +31,5 @@ references:
    0cd8e1
         nist: AC-17(8),AC-18(a),AC-18(d),AC-18(3),CM-7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_module_disable(module="bluetooth") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios.rule b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios.rule
    0cd8e1
    index 302b329..4080993 100644
    0cd8e1
    --- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios.rule
    0cd8e1
    +++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios.rule
    0cd8e1
    @@ -24,3 +24,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         disa: "85"
    0cd8e1
         nist: AC-17(8),AC-18(a),AC-18(d),AC-18(3),CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/bios_assign_password.rule b/linux_os/guide/system/permissions/mounting/bios_assign_password.rule
    0cd8e1
    index 4d226ba..e0d0137 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/bios_assign_password.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/bios_assign_password.rule
    0cd8e1
    @@ -22,3 +22,5 @@ severity: unknown
    0cd8e1
     identifiers:
    0cd8e1
         cce@rhel6: 27131-2
    0cd8e1
         cce@rhel7: 27194-0
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot.rule b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot.rule
    0cd8e1
    index 6f67dc5..7dcf2b7 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot.rule
    0cd8e1
    @@ -22,3 +22,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         disa: "1250"
    0cd8e1
         nist: AC-19(a),AC-19(d),AC-19(e)
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled.rule
    0cd8e1
    index 25d6507..bb9c4ba 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled.rule
    0cd8e1
    @@ -22,3 +22,5 @@ references:
    0cd8e1
         cis: 1.1.1.1
    0cd8e1
         cui: 3.4.6
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled.rule
    0cd8e1
    index 2b6718e..b4bbe6a 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled.rule
    0cd8e1
    @@ -22,3 +22,5 @@ references:
    0cd8e1
         cis: 1.1.1.2
    0cd8e1
         cui: 3.4.6
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled.rule
    0cd8e1
    index 7bd3047..39cd1f9 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled.rule
    0cd8e1
    @@ -22,3 +22,5 @@ references:
    0cd8e1
         cis: 1.1.1.4
    0cd8e1
         cui: 3.4.6
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled.rule
    0cd8e1
    index 313e5f9..a22bb32 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled.rule
    0cd8e1
    @@ -22,3 +22,5 @@ references:
    0cd8e1
         cis: 1.1.1.5
    0cd8e1
         cui: 3.4.6
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled.rule
    0cd8e1
    index fdf7fb0..591acf1 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled.rule
    0cd8e1
    @@ -22,3 +22,5 @@ references:
    0cd8e1
         cis: 1.1.1.3
    0cd8e1
         cui: 3.4.6
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled.rule
    0cd8e1
    index e9ddc44..6d83e36 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled.rule
    0cd8e1
    @@ -22,3 +22,5 @@ references:
    0cd8e1
         cis: 1.1.1.6
    0cd8e1
         cui: 3.4.6
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled.rule
    0cd8e1
    index 6eb0d21..11c15e6 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled.rule
    0cd8e1
    @@ -22,3 +22,5 @@ references:
    0cd8e1
         cis: 1.1.1.7
    0cd8e1
         cui: 3.4.6
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled.rule b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled.rule
    0cd8e1
    index 9a8431a..6db6855 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled.rule
    0cd8e1
    @@ -34,3 +34,5 @@ references:
    0cd8e1
         stigid@rhel7: "020100"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_module_disable(module="usb-storage") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev.rule b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev.rule
    0cd8e1
    index 154c678..3094251 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev.rule
    0cd8e1
    @@ -19,3 +19,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.15
    0cd8e1
         nist: CM-7,MP-2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec.rule b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec.rule
    0cd8e1
    index 4b2cde4..9cfa2cd 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec.rule
    0cd8e1
    @@ -24,3 +24,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.17
    0cd8e1
         nist: CM-7,MP-2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid.rule b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid.rule
    0cd8e1
    index 91e10cb..9becb14 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid.rule
    0cd8e1
    @@ -23,3 +23,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.16
    0cd8e1
         nist: CM-7,MP-2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev.rule b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev.rule
    0cd8e1
    index 6af13e5..055d5bc 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev.rule
    0cd8e1
    @@ -20,3 +20,5 @@ severity: unknown
    0cd8e1
     
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.14
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid.rule b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid.rule
    0cd8e1
    index 120f8c5..ee858ee 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid.rule
    0cd8e1
    @@ -23,3 +23,5 @@ references:
    0cd8e1
         cis: 1.1.3
    0cd8e1
         nist: CM-7,MP-2
    0cd8e1
         stigid@rhel7: "021000"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions.rule b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions.rule
    0cd8e1
    index 1766fce..b7f9c2b 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions.rule
    0cd8e1
    @@ -22,3 +22,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.11
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions.rule b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions.rule
    0cd8e1
    index f7ebfdb..71569a2 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions.rule
    0cd8e1
    @@ -27,3 +27,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.18
    0cd8e1
         nist: AC-19(a),AC-19(d),AC-19(e),CM-7,MP-2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions.rule b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions.rule
    0cd8e1
    index 81724d0..0a8bcaf 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions.rule
    0cd8e1
    @@ -30,3 +30,5 @@ ocil: |-
    0cd8e1
         
    $ grep -v noexec /etc/fstab
    0cd8e1
         The resulting output will show partitions which do not have the <tt>noexec</tt> flag. Verify all partitions
    0cd8e1
         in the output are not removable media.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions.rule b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions.rule
    0cd8e1
    index 9b1a00b..72e2091 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions.rule
    0cd8e1
    @@ -29,3 +29,5 @@ references:
    0cd8e1
         nist: AC-6,AC-19(a),AC-19(d),AC-19(e),CM-7,MP-2
    0cd8e1
         srg: SRG-OS-000480-GPOS-00227
    0cd8e1
         stigid@rhel7: "021010"
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev.rule b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev.rule
    0cd8e1
    index 783756f..8c84d15 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev.rule
    0cd8e1
    @@ -19,3 +19,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.3
    0cd8e1
         nist: CM-7,MP-2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec.rule b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec.rule
    0cd8e1
    index 2a55a62..28160a9 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec.rule
    0cd8e1
    @@ -26,3 +26,5 @@ references:
    0cd8e1
         disa@rhel6: '381'
    0cd8e1
         cis: 1.1.5
    0cd8e1
         nist: CM-7,MP-2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid.rule b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid.rule
    0cd8e1
    index c01746c..44248fa 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid.rule
    0cd8e1
    @@ -23,3 +23,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.4
    0cd8e1
         nist: CM-7,MP-2
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind.rule b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind.rule
    0cd8e1
    index 3281e0d..5d33657 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind.rule
    0cd8e1
    @@ -20,3 +20,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.6
    0cd8e1
         nist: CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev.rule b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev.rule
    0cd8e1
    index 4900ca1..33f6ffe 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev.rule
    0cd8e1
    @@ -14,3 +14,5 @@ severity: unknown
    0cd8e1
     
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.8
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec.rule b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec.rule
    0cd8e1
    index 2653ab6..c5a1fef 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec.rule
    0cd8e1
    @@ -18,3 +18,5 @@ severity: unknown
    0cd8e1
     
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.10
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid.rule b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid.rule
    0cd8e1
    index 72d59c4..8ec2761 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid.rule
    0cd8e1
    @@ -18,3 +18,5 @@ severity: unknown
    0cd8e1
     
    0cd8e1
     references:
    0cd8e1
         cis: 1.1.9
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable.rule b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable.rule
    0cd8e1
    index 0454e0d..ed99f96 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/restrictions/coredumps/sysctl_fs_suid_dumpable.rule
    0cd8e1
    @@ -25,3 +25,5 @@ references:
    0cd8e1
         nist: SI-11
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.suid_dumpable", value="0") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield.rule b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield.rule
    0cd8e1
    index 3d3b169..9632025 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield.rule
    0cd8e1
    @@ -38,3 +38,5 @@ ocil: |-
    0cd8e1
         
    $ sysctl kernel.exec-shield
    0cd8e1
         The output should be:
    0cd8e1
         {{{ describe_sysctl_option_value(sysctl="kernel.exec-shield", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space.rule b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space.rule
    0cd8e1
    index 6aba5c9..94ef5df 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space.rule
    0cd8e1
    @@ -26,3 +26,5 @@ references:
    0cd8e1
         stigid: "040201"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.randomize_va_space", value="2") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions.rule b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions.rule
    0cd8e1
    index 318f6b3..778d455 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions.rule
    0cd8e1
    @@ -23,3 +23,5 @@ identifiers:
    0cd8e1
     references:
    0cd8e1
         cui: 3.1.7
    0cd8e1
         nist: CM-6(b)
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32.rule b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32.rule
    0cd8e1
    index 938b0c8..773f66f 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32.rule
    0cd8e1
    @@ -39,3 +39,5 @@ warnings:
    0cd8e1
             The kernel-PAE package should not be
    0cd8e1
             installed on older systems that do not support the XD or NX bit, as
    0cd8e1
             8this may prevent them from booting.8
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict.rule b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict.rule
    0cd8e1
    index eab021a..1574cc4 100644
    0cd8e1
    --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict.rule
    0cd8e1
    +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict.rule
    0cd8e1
    @@ -21,3 +21,5 @@ references:
    0cd8e1
         nist: SI-11
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/selinux/docker_selinux_enabled.rule b/linux_os/guide/system/selinux/docker_selinux_enabled.rule
    0cd8e1
    index 400d66c..4cf537b 100644
    0cd8e1
    --- a/linux_os/guide/system/selinux/docker_selinux_enabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/selinux/docker_selinux_enabled.rule
    0cd8e1
    @@ -23,3 +23,5 @@ severity: high
    0cd8e1
     
    0cd8e1
     identifiers:
    0cd8e1
         cce@rhel7: 80442-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons.rule b/linux_os/guide/system/selinux/selinux_confinement_of_daemons.rule
    0cd8e1
    index 179955d..226d4bf 100644
    0cd8e1
    --- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons.rule
    0cd8e1
    +++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons.rule
    0cd8e1
    @@ -29,3 +29,5 @@ references:
    0cd8e1
         cui: 3.1.2,3.1.5,3.7.2
    0cd8e1
         hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3),164.308(a)(4),164.310(b),164.310(c),164.312(a),164.312(e)
    0cd8e1
         nist: AC-6,AU-9,CM-7
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/selinux/selinux_policytype.rule b/linux_os/guide/system/selinux/selinux_policytype.rule
    0cd8e1
    index 08b0fe0..c5048b5 100644
    0cd8e1
    --- a/linux_os/guide/system/selinux/selinux_policytype.rule
    0cd8e1
    +++ b/linux_os/guide/system/selinux/selinux_policytype.rule
    0cd8e1
    @@ -48,3 +48,5 @@ ocil_clause: 'it does not'
    0cd8e1
     ocil: |-
    0cd8e1
         Check the file <tt>/etc/selinux/config</tt> and ensure the following line appears:
    0cd8e1
         
    SELINUXTYPE=<sub idref="var_selinux_policy_name" />
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/selinux/selinux_state.rule b/linux_os/guide/system/selinux/selinux_state.rule
    0cd8e1
    index 2f4f1c5..3612c21 100644
    0cd8e1
    --- a/linux_os/guide/system/selinux/selinux_state.rule
    0cd8e1
    +++ b/linux_os/guide/system/selinux/selinux_state.rule
    0cd8e1
    @@ -39,3 +39,5 @@ ocil_clause: 'SELINUX is not set to enforcing'
    0cd8e1
     ocil: |-
    0cd8e1
         Check the file <tt>/etc/selinux/config</tt> and ensure the following line appears:
    0cd8e1
         
    SELINUX=<sub idref="var_selinux_state" />
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions.rule b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions.rule
    0cd8e1
    index 1caa1e2..f4c47f6 100644
    0cd8e1
    --- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions.rule
    0cd8e1
    @@ -67,3 +67,5 @@ ocil: |-
    0cd8e1
         " TYPE="crypto_LUKS"
    0cd8e1
         

    0cd8e1
         Pseudo-file systems, such as /proc, /sys, and tmpfs, are not required to use disk encryption and are not a finding.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_home.rule
    0cd8e1
    index d3c01f1..77d204a 100644
    0cd8e1
    --- a/linux_os/guide/system/software/disk_partitioning/partition_for_home.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home.rule
    0cd8e1
    @@ -33,3 +33,5 @@ references:
    0cd8e1
         stigid@rhel7: "021310"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_separate_partition(part="/home") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp.rule
    0cd8e1
    index 0c2c3d4..0297192 100644
    0cd8e1
    --- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp.rule
    0cd8e1
    @@ -32,3 +32,5 @@ references:
    0cd8e1
         stigid@rhel7: "021340"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_separate_partition(part="/tmp") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_var.rule
    0cd8e1
    index 5b57cec..234d08a 100644
    0cd8e1
    --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var.rule
    0cd8e1
    @@ -34,3 +34,5 @@ references:
    0cd8e1
         stigid@rhel7: "021320"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_separate_partition(part="/var") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log.rule
    0cd8e1
    index 451daa6..70ced03 100644
    0cd8e1
    --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log.rule
    0cd8e1
    @@ -28,3 +28,5 @@ references:
    0cd8e1
         nist: AU-9,SC-32
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_separate_partition(part="/var/log") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit.rule
    0cd8e1
    index e3b9238..632b1ff 100644
    0cd8e1
    --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit.rule
    0cd8e1
    @@ -37,3 +37,5 @@ references:
    0cd8e1
         stigid@rhel7: "021330"
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_separate_partition(part="/var/log/audit") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp.rule b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp.rule
    0cd8e1
    index 1beb3ff..ec180e2 100644
    0cd8e1
    --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp.rule
    0cd8e1
    @@ -20,3 +20,5 @@ references:
    0cd8e1
         cis: 1.1.7
    0cd8e1
     
    0cd8e1
     {{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}}
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile.rule b/linux_os/guide/system/software/gnome/enable_dconf_user_profile.rule
    0cd8e1
    index 9bd6a0b..604a8c6 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile.rule
    0cd8e1
    @@ -26,3 +26,5 @@ ocil: |-
    0cd8e1
         system-db:local
    0cd8e1
         system-db:site
    0cd8e1
         system-db:distro
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown.rule
    0cd8e1
    index 860a2c9..4bea499 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown.rule
    0cd8e1
    @@ -32,3 +32,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot enable disable and restart on the login screen, run the following:
    0cd8e1
         
    $ grep disable-restart-buttons /etc/dconf/db/gdm.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/login-screen/disable-restart-buttons</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list.rule
    0cd8e1
    index 504c187..450c9b5 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list.rule
    0cd8e1
    @@ -28,3 +28,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot enable displaying the user list, run the following:
    0cd8e1
         
    $ grep disable-user-list /etc/dconf/db/gdm.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/login-screen/disable-user-list</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth.rule
    0cd8e1
    index 176b811..690f330 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth.rule
    0cd8e1
    @@ -44,3 +44,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot disable smart card authentication on the login screen, run the following:
    0cd8e1
         
    $ grep enable-smartcard-authentication /etc/dconf/db/gdm.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/login-screen/enable-smartcard-authentication</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries.rule
    0cd8e1
    index 8297e04..4631a4e 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries.rule
    0cd8e1
    @@ -31,3 +31,5 @@ ocil: |-
    0cd8e1
         number of failures on the login screen, run the following:
    0cd8e1
         
    $ grep allowed-failures /etc/dconf/db/gdm.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/login-screen/allowed-failures</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login.rule
    0cd8e1
    index 7170686..62e6d7e 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login.rule
    0cd8e1
    @@ -38,3 +38,5 @@ ocil: |-
    0cd8e1
         The output should show the following:
    0cd8e1
         
    [daemon]
    0cd8e1
         AutomaticLoginEnable=false
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login.rule b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login.rule
    0cd8e1
    index 6390e10..dd13252 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login.rule
    0cd8e1
    @@ -38,3 +38,5 @@ ocil: |-
    0cd8e1
         The output should show the following:
    0cd8e1
         
    [daemon]
    0cd8e1
         TimedLoginEnable=false
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount.rule b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount.rule
    0cd8e1
    index b3cfbcd..75422b0 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount.rule
    0cd8e1
    @@ -53,3 +53,5 @@ ocil: |-
    0cd8e1
         If properly configured, the output for <tt>automount</tt> should be <tt>/org/gnome/desktop/media-handling/automount</tt>
    0cd8e1
         If properly configured, the output for <tt>automount-open</tt> should be <tt>/org/gnome/desktop/media-handling/auto-open</tt>
    0cd8e1
         If properly configured, the output for <tt>autorun-never</tt> should be <tt>/org/gnome/desktop/media-handling/autorun-never</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers.rule b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers.rule
    0cd8e1
    index 6b1fd19..bfbfe01 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers.rule
    0cd8e1
    @@ -45,3 +45,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot how long until the the screensaver locks, run the following:
    0cd8e1
         
    $ grep disable-all /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/desktop/thumbnailers/disable-all</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create.rule b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create.rule
    0cd8e1
    index 0478e57..37ed712 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create.rule
    0cd8e1
    @@ -40,3 +40,5 @@ ocil: |-
    0cd8e1
         
    $ grep wifi-create /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be
    0cd8e1
         <tt>/org/gnome/nm-applet/disable-wifi-create</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification.rule b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification.rule
    0cd8e1
    index 04867c8..e704c6e 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification.rule
    0cd8e1
    @@ -42,3 +42,5 @@ ocil: |-
    0cd8e1
         
    $ grep wireless-networks-available /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be
    0cd8e1
         <tt>/org/gnome/nm-applet/suppress-wireless-networks-available</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt.rule b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt.rule
    0cd8e1
    index f2603b6..9891ea5 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt.rule
    0cd8e1
    @@ -41,3 +41,5 @@ ocil: |-
    0cd8e1
         
    $ grep authentication-methods /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be
    0cd8e1
         <tt>/org/gnome/Vino/authentication-methods</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption.rule b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption.rule
    0cd8e1
    index e9a8b35..bda2f5c 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption.rule
    0cd8e1
    @@ -45,3 +45,5 @@ ocil: |-
    0cd8e1
         
    $ grep require-encryption /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be
    0cd8e1
         <tt>/org/gnome/Vino/require-encryption</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled.rule
    0cd8e1
    index 736bca4..ac5a8cb 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled.rule
    0cd8e1
    @@ -43,3 +43,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot disable the screensaver idle inactivity setting, run the following:
    0cd8e1
         
    $ grep idle-activation-enabled /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/desktop/screensaver/idle-activation-enabled</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay.rule
    0cd8e1
    index fb02c5b..21d6261 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay.rule
    0cd8e1
    @@ -50,3 +50,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot change the screensaver inactivity timeout setting, run the following:
    0cd8e1
         
    $ grep idle-delay /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/desktop/session/idle-delay</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay.rule
    0cd8e1
    index dd8f391..aa55f86 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay.rule
    0cd8e1
    @@ -34,3 +34,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot change how long until the the screensaver locks, run the following:
    0cd8e1
         
    $ grep lock-delay /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output for <tt>lock-delay</tt> should be <tt>/org/gnome/desktop/screensaver/lock-delay</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled.rule
    0cd8e1
    index b337b44..ba2f4e9 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled.rule
    0cd8e1
    @@ -45,3 +45,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot change how long until the the screensaver locks, run the following:
    0cd8e1
         
    $ grep lock-enabled /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output for <tt>lock-enabled</tt> should be <tt>/org/gnome/desktop/screensaver/lock-enabled</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank.rule
    0cd8e1
    index f75dd46..a7e32c9 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank.rule
    0cd8e1
    @@ -44,3 +44,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot set the screensaver background, run the following:
    0cd8e1
         
    $ grep picture-uri /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/desktop/screensaver/picture-uri</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info.rule
    0cd8e1
    index acf6d64..80fd5e1 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info.rule
    0cd8e1
    @@ -40,3 +40,5 @@ ocil: |-
    0cd8e1
         To ensure that users cannot enable user name on the lock screen, run the following:
    0cd8e1
         
    $ grep show-full-name-in-top-bar /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be <tt>/org/gnome/desktop/screensaver/show-full-name-in-top-bar</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks.rule
    0cd8e1
    index 1459ef1..1d0c897 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks.rule
    0cd8e1
    @@ -39,3 +39,5 @@ ocil: |-
    0cd8e1
         
    $ grep 'lock-delay' /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should return:
    0cd8e1
         <tt>/org/gnome/desktop/screensaver/lock-delay</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks.rule b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks.rule
    0cd8e1
    index b467e33..895cfc4 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks.rule
    0cd8e1
    @@ -39,3 +39,5 @@ ocil: |-
    0cd8e1
         
    $ grep 'idle-delay' /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should return:
    0cd8e1
         <tt>/org/gnome/desktop/session/idle-delay</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot.rule b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot.rule
    0cd8e1
    index a6eac82..557d1d5 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot.rule
    0cd8e1
    @@ -35,3 +35,5 @@ ocil: |-
    0cd8e1
         
    $ grep logout /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be
    0cd8e1
         <tt>/org/gnome/settings-daemon/plugins/media-keys/logout</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation.rule b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation.rule
    0cd8e1
    index 29287df..e7d1377 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation.rule
    0cd8e1
    @@ -27,3 +27,5 @@ ocil: |-
    0cd8e1
         
    $ grep location /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be
    0cd8e1
         <tt>/org/gnome/system/location/enabled</tt> and <tt>/org/gnome/clocks/geolocation</tt>.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings.rule b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings.rule
    0cd8e1
    index 45732fc..bed548f 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings.rule
    0cd8e1
    @@ -39,3 +39,5 @@ ocil: |-
    0cd8e1
         
    $ grep power /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be
    0cd8e1
         <tt>/org/gnome/settings-daemon/plugins/power/active</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin.rule b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin.rule
    0cd8e1
    index a152d85..0ab59df 100644
    0cd8e1
    --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin.rule
    0cd8e1
    @@ -45,3 +45,5 @@ ocil: |-
    0cd8e1
         
    $ grep user-administration /etc/dconf/db/local.d/locks/*
    0cd8e1
         If properly configured, the output should be
    0cd8e1
         <tt>/org/gnome/desktop/lockdown/user-administration-disabled</tt>
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus.rule
    0cd8e1
    index 95e9e56..8258357 100644
    0cd8e1
    --- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus.rule
    0cd8e1
    @@ -49,3 +49,5 @@ ocil: |-
    0cd8e1
         To check on the age of uvscan virus definition files, run the following command:
    0cd8e1
         
    $ sudo cd /opt/NAI/LinuxShield/engine/dat
    0cd8e1
         $ sudo ls -la avvscan.dat avvnames.dat avvclean.dat
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids.rule
    0cd8e1
    index 86b4b02..c46e88e 100644
    0cd8e1
    --- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids.rule
    0cd8e1
    @@ -43,3 +43,5 @@ warnings:
    0cd8e1
             detection tools, such as the McAfee Host-based Security System, are available
    0cd8e1
             to integrate with existing infrastructure. When these supplemental tools
    0cd8e1
             interfere with proper functioning of SELinux, SELinux takes precedence.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus.rule
    0cd8e1
    index 189e338..0c65b39 100644
    0cd8e1
    --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus.rule
    0cd8e1
    @@ -36,3 +36,5 @@ warnings:
    0cd8e1
         - general: |-
    0cd8e1
             Due to McAfee HIPS being 3rd party software, automated
    0cd8e1
             remediation is not available for this configuration check.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated.rule
    0cd8e1
    index a88c025..bc7dfc7 100644
    0cd8e1
    --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated.rule
    0cd8e1
    @@ -27,3 +27,5 @@ ocil: |-
    0cd8e1
         To check on the age of McAfee virus definition files, run the following command:
    0cd8e1
         
    $ sudo cd /opt/NAI/LinuxShield/engine/dat
    0cd8e1
         $ sudo ls -la avvscan.dat avvnames.dat avvclean.dat
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled.rule b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled.rule
    0cd8e1
    index ee96935..f68e59e 100644
    0cd8e1
    --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled.rule
    0cd8e1
    @@ -24,3 +24,5 @@ references:
    0cd8e1
         srg: SRG-OS-000480-GPOS-00227
    0cd8e1
     
    0cd8e1
     ocil: '{{{ ocil_service_enabled(service="nails") }}}'
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule
    0cd8e1
    index 4f70107..c1223d6 100644
    0cd8e1
    --- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule
    0cd8e1
    @@ -60,3 +60,5 @@ warnings:
    0cd8e1
             

    0cd8e1
             See {{{ weblink(link="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm") }}}
    0cd8e1
             for a list of FIPS certified vendors.
    0cd8e1
    +
    0cd8e1
    +platform: machine
    0cd8e1
    diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking.rule b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking.rule
    0cd8e1
    index 5573351..1a29bac 100644
    0cd8e1
    --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking.rule
    0cd8e1
    +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking.rule
    0cd8e1
    @@ -56,3 +56,5 @@ ocil: |-
    0cd8e1
         
    05 4 * * * root /usr/sbin/aide --check
    0cd8e1
     
    0cd8e1
         NOTE: The usage of special cron times, such as @daily or @weekly, is acceptable.
    0cd8e1
    +
    0cd8e1
    +platform: machine