rpms / scap-security-guide

Clone
Source Code
GIT

Blame SOURCES/scap-security-guide-0.1.45-mark_rules_as_machine_only_v2.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   0cd8e1ba564f7bbb56e913aac9fdcb740250d617
  2.   SOURCES
  3.   scap-security-guide-0.1.45-mark_rules_as_machine_only_v2.patch
Blob History Raw
0cd8e1 
commit 470fb4275710c828f3cdd91ce65c69f78e2e6451
0cd8e1 
Author: Gabriel Becker <ggasparb@redhat.com>
0cd8e1 
Date:   Fri Apr 5 16:28:44 2019 +0200
0cd8e1
0cd8e1 
    Mark rules not applicable for container as machine only.
0cd8e1
0cd8e1 
diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/group.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/group.yml
0cd8e1 
index 6acdd02..79d7023 100644
0cd8e1 
--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/group.yml
0cd8e1 
+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/group.yml
0cd8e1 
@@ -10,3 +10,5 @@ description: |-
0cd8e1 
     controls and perform some logging. It has been largely obsoleted by other
0cd8e1 
     features, and it is not installed by default. The older Inetd service
0cd8e1 
     is not even available as part of {{{ full_name }}}.
0cd8e1 
+
0cd8e1 
+platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule
0cd8e1 
index 5c58455..815097b 100644
0cd8e1 
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule
0cd8e1 
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages.rule
0cd8e1 
@@ -37,5 +37,3 @@ ocil: |-
0cd8e1 
     To verify the operating system has the packages required for multifactor
0cd8e1 
     authentication installed, run the following command:
0cd8e1 
     
$ sudo yum list installed esc pam_pkcs11 authconfig-gtk
0cd8e1 
-
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule
0cd8e1 
index e4c0870..5b01b62 100644
0cd8e1 
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule
0cd8e1 
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_auth.rule
0cd8e1 
@@ -41,5 +41,3 @@ references:
0cd8e1 
 ocil_clause: 'non-exempt accounts are not using CAC authentication'
0cd8e1
0cd8e1 
 ocil: "Interview the SA to determine if all accounts not exempted by policy are\nusing CAC authentication.\nFor DoD systems, the following systems and accounts are exempt from using\nsmart card (CAC) authentication:\n
    \n
  • SIPRNET systems
    •  \n
  • Standalone systems
    • \n
  • Application accounts
    • \n
  • Temporary employee accounts, such as students or interns, who cannot easily receive a CAC or PIV
    • \n
  • Operational tactical locations that are not collocated with RAPIDS workstations to issue CAC or ALT
    • \n
  • Test systems, such as those with an Interim Approval to Test (IATT) and use a separate VPN, firewall, or security measure preventing access to network and system components from outside the protection boundary documented in the IATT.
    • \n
"
0cd8e1 
-
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule
0cd8e1 
index c68db6d..9af1126 100644
0cd8e1 
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule
0cd8e1 
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking.rule
0cd8e1 
@@ -42,5 +42,3 @@ ocil: |-
0cd8e1 
     
cert_policy = ca, ocsp_on, signature;
0cd8e1 
     cert_policy = ca, ocsp_on, signature;
0cd8e1 
     cert_policy = ca, ocsp_on, signature;
0cd8e1 
-
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule
0cd8e1 
index 98fb3f8..b3bba5b 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod.rule
0cd8e1 
@@ -58,4 +58,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls.  Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule
0cd8e1 
index 77be3c4..c3e5036 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls.  Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule
0cd8e1 
index e530ea9..76bb69d 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule
0cd8e1 
index 2410fc9..502e3a0 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule
0cd8e1 
index 4f0c7e7..d980704 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule
0cd8e1 
index 12d51f8..99d2083 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule
0cd8e1 
index b0ff227..bda4448 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr.rule
0cd8e1 
@@ -62,4 +62,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule
0cd8e1 
index 4e19015..e5ba297 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule
0cd8e1 
index 39fb8bd..d88a48f 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule
0cd8e1 
index 52d0c85..0b0100e 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr.rule
0cd8e1 
@@ -62,4 +62,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule
0cd8e1 
index f7ffae4..07222b0 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule
0cd8e1 
index 3ff38cf..f27667d 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr.rule
0cd8e1 
@@ -61,4 +61,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule
0cd8e1 
index da633bd..ccc90e8 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr.rule
0cd8e1 
@@ -56,4 +56,3 @@ warnings:
0cd8e1 
         have been placed independent of other system calls. Grouping these system
0cd8e1 
         calls with others as identifying earlier in this guide is more efficient.
0cd8e1
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule
0cd8e1 
index f2c7891..8e40014 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon.rule
0cd8e1 
@@ -47,5 +47,3 @@ ocil: |-
0cd8e1 
     
$ sudo grep "path=/usr/bin/chcon" /etc/audit/audit.rules /etc/audit/rules.d/*
0cd8e1 
     The output should return something similar to:
0cd8e1 
     
-a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
0cd8e1 
-
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule
0cd8e1 
index ea42555..2a97b84 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon.rule
0cd8e1 
@@ -46,5 +46,3 @@ ocil: |-
0cd8e1 
     
$ sudo grep "path=/usr/sbin/restorecon" /etc/audit/audit.rules /etc/audit/rules.d/*
0cd8e1 
     The output should return something similar to:
0cd8e1 
     
-a always,exit -F path=/usr/sbin/restorecon -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
0cd8e1 
-
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule
0cd8e1 
index dd62afa..c2aedce 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage.rule
0cd8e1 
@@ -47,5 +47,3 @@ ocil: |-
0cd8e1 
     
$ sudo grep "path=/usr/sbin/semanage" /etc/audit/audit.rules /etc/audit/rules.d/*
0cd8e1 
     The output should return something similar to:
0cd8e1 
     
-a always,exit -F path=/usr/sbin/semanage -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
0cd8e1 
-
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule
0cd8e1 
index 2804b8d..247453e 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool.rule
0cd8e1 
@@ -47,5 +47,3 @@ ocil: |-
0cd8e1 
     
$ sudo grep "path=/usr/sbin/setsebool" /etc/audit/audit.rules /etc/audit/rules.d/*
0cd8e1 
     The output should return something similar to:
0cd8e1 
     
-a always,exit -F path=/usr/sbin/setsebool -F perm=x -F auid>=1000 -F auid!=4294967295 -F key=privileged-priv_change
0cd8e1 
-
0cd8e1 
-platform: machine
0cd8e1 
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
0cd8e1 
index d110f8a..916af4c 100644
0cd8e1 
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
0cd8e1 
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events.rule
0cd8e1 
@@ -66,4 +66,3 @@ warnings:
0cd8e1 
         
  • <tt>audit_rules_file_deletion_events_unlinkat</tt>
    		•
    0cd8e1
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule
    0cd8e1 
    index 51b1d54..80eb011 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename.rule
    0cd8e1 
    @@ -41,4 +41,3 @@ references:
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="rename") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule
    0cd8e1 
    index 96133fc..b219eda 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat.rule
    0cd8e1 
    @@ -41,4 +41,3 @@ references:
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule
    0cd8e1 
    index 21abd3a..37e7fb2 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir.rule
    0cd8e1 
    @@ -41,4 +41,3 @@ references:
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule
    0cd8e1 
    index 25c2ec2..7c392bc 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink.rule
    0cd8e1 
    @@ -41,4 +41,3 @@ references:
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule
    0cd8e1 
    index 390a4e5..793f9b0 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat.rule
    0cd8e1 
    @@ -41,4 +41,3 @@ references:
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule
    0cd8e1 
    index 370fbab..58e81a1 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete.rule
    0cd8e1 
    @@ -39,4 +39,3 @@ references:
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="delete_module") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule
    0cd8e1 
    index d86680d..992bce9 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit.rule
    0cd8e1 
    @@ -37,4 +37,3 @@ references:
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="finit_module") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule
    0cd8e1 
    index 01de6c8..7631ecd 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init.rule
    0cd8e1 
    @@ -38,4 +38,3 @@ references:
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="init_module") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule
    0cd8e1 
    index 9610d30..3c4e05f 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_insmod.rule
    0cd8e1 
    @@ -41,5 +41,3 @@ ocil_clause: 'there is not output'
    0cd8e1 
     ocil: |-
    0cd8e1 
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1 
         
    $ sudo auditctl -l | grep "watch=/usr/sbin/insmod"
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule
    0cd8e1 
    index bd266b8..8ce37aa 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_modprobe.rule
    0cd8e1 
    @@ -41,5 +41,3 @@ ocil_clause: 'there is not output'
    0cd8e1 
     ocil: |-
    0cd8e1 
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1 
         
    $ sudo auditctl -l | grep "watch=/usr/sbin/modprobe"
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule
    0cd8e1 
    index b913129..7ab7824 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_rmmod.rule
    0cd8e1 
    @@ -41,5 +41,3 @@ ocil_clause: 'there is not output'
    0cd8e1 
     ocil: |-
    0cd8e1 
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1 
         
    $ sudo auditctl -l | grep "watch=/usr/sbin/rmmod"
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule
    0cd8e1 
    index 11d187d..20edbdf 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events.rule
    0cd8e1 
    @@ -54,4 +54,3 @@ warnings:
    0cd8e1 
             
  • <tt>audit_rules_login_events_lastlog</tt>
    		•
    0cd8e1
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule
    0cd8e1 
    index b730fdd..78f9d91 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock.rule
    0cd8e1 
    @@ -43,5 +43,3 @@ ocil_clause: 'there is not output'
    0cd8e1 
     ocil: |-
    0cd8e1 
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1 
         
    $ sudo auditctl -l | grep "watch=/var/log/faillock"
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule
    0cd8e1 
    index 83c5cb7..6c1919d 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog.rule
    0cd8e1 
    @@ -43,5 +43,3 @@ ocil_clause: 'there is not output'
    0cd8e1 
     ocil: |-
    0cd8e1 
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1 
         
    $ sudo auditctl -l | grep "watch=/var/log/lastlog"
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule
    0cd8e1 
    index 9a9770a..b0eed40 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog.rule
    0cd8e1 
    @@ -43,5 +43,3 @@ ocil_clause: 'there is not output'
    0cd8e1 
     ocil: |-
    0cd8e1 
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1 
         
    $ sudo auditctl -l | grep "watch=/var/log/tallylog"
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule
    0cd8e1 
    index 3815429..b6ec543 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands.rule
    0cd8e1 
    @@ -82,4 +82,3 @@ warnings:
    0cd8e1 
             
  • <tt>audit_rules_privileged_commands_passwd</tt>
    		•
    0cd8e1
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule
    0cd8e1 
    index 9d6c828..5d0478a 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage.rule
    0cd8e1 
    @@ -49,4 +49,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep chage /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule
    0cd8e1 
    index ac5c38a..e89b93f 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh.rule
    0cd8e1 
    @@ -49,4 +49,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep chsh /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule
    0cd8e1 
    index 03bcb6c..dfffee9 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab.rule
    0cd8e1 
    @@ -49,4 +49,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep crontab /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule
    0cd8e1 
    index 5c8c407..7d77eb9 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep gpasswd /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule
    0cd8e1 
    index b8f8e5c..e97e83c 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep newgrp /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule
    0cd8e1 
    index fda2e0c..6398885 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check.rule
    0cd8e1 
    @@ -49,4 +49,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep pam_timestamp_check /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule
    0cd8e1 
    index cb41772..fc955cd 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep passwd /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule
    0cd8e1 
    index 6f3f787..1f55e04 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop.rule
    0cd8e1 
    @@ -49,4 +49,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep postdrop /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule
    0cd8e1 
    index d6f4eeb..91a9d64 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue.rule
    0cd8e1 
    @@ -49,4 +49,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep postqueue /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule
    0cd8e1 
    index 21e0a11..293a033 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown.rule
    0cd8e1 
    @@ -47,4 +47,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep pt_chown /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule
    0cd8e1 
    index fa7ff2b..4bb59ae 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep ssh-keysign /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule
    0cd8e1 
    index d791805..7c2e986 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep su /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule
    0cd8e1 
    index e8b3585..4103c8a 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep sudo /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule
    0cd8e1 
    index 8984a84..6f2fd62 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep sudoedit /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule
    0cd8e1 
    index 5b636ea..db6d4db 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount.rule
    0cd8e1 
    @@ -49,4 +49,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep umount /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule
    0cd8e1 
    index 205bf97..743ea9f 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep unix_chkpwd /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule
    0cd8e1 
    index 91f31f3..97c3683 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper.rule
    0cd8e1 
    @@ -50,4 +50,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep userhelper /etc/audit/audit.rules /etc/audit/rules.d/*
    0cd8e1 
         It should return a relevant line in the audit rules.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule
    0cd8e1 
    index 2c42c74..991abcf 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable.rule
    0cd8e1 
    @@ -37,5 +37,3 @@ references:
    0cd8e1 
         hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3)(ii)(A),164.308(a)(5)(ii)(C),164.312(a)(2)(i),164.310(a)(2)(iv),164.312(d),164.310(d)(2)(iii),164.312(b),164.312(e)
    0cd8e1 
         nist: AC-6,AU-1(b),AU-2(a),AU-2(c),AU-2(d),IR-5
    0cd8e1 
         pcidss: Req-10.5.2
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule
    0cd8e1 
    index 5952dbb..0636d42 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification.rule
    0cd8e1 
    @@ -48,4 +48,3 @@ ocil: |-
    0cd8e1 
         configuration, a line should be returned (including
    0cd8e1 
         <tt>perm=wa</tt> indicating permissions that are watched).
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule
    0cd8e1 
    index 28c64ca..2ec5b8d 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export.rule
    0cd8e1 
    @@ -51,4 +51,3 @@ ocil: |-
    0cd8e1 
         To verify that auditing is configured for all media exportation events, run the following command:
    0cd8e1 
         
    $ sudo auditctl -l | grep syscall | grep mount
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule
    0cd8e1 
    index 55e1893..9ee65de 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification.rule
    0cd8e1 
    @@ -56,4 +56,3 @@ ocil: |-
    0cd8e1 
         If the system is configured to watch for network configuration changes, a line should be returned for
    0cd8e1 
         each file specified (and <tt>perm=wa</tt> should be indicated for each).
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule
    0cd8e1 
    index 017a053..e63f61a 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events.rule
    0cd8e1 
    @@ -41,5 +41,3 @@ references:
    0cd8e1 
         nist: AC-17(7),AU-1(b),AU-2(a),AU-2(c),AU-2(d),AU-12(a),AU-12(c),IR-5
    0cd8e1 
         ospp@rhel7: FAU_GEN.1.1.c
    0cd8e1 
         pcidss: Req-10.2.3
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule
    0cd8e1 
    index 3be1932..15c33a2 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions.rule
    0cd8e1 
    @@ -47,5 +47,3 @@ ocil_clause: 'there is not output'
    0cd8e1 
     ocil: |-
    0cd8e1 
         To verify that auditing is configured for system administrator actions, run the following command:
    0cd8e1 
         
    $ sudo auditctl -l | grep "watch=/etc/sudoers\|watch=/etc/sudoers.d"
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule
    0cd8e1 
    index d40c9df..7be7503 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown.rule
    0cd8e1 
    @@ -47,4 +47,3 @@ ocil: |-
    0cd8e1 
         The output should contain:
    0cd8e1 
         
    -f 2
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule
    0cd8e1 
    index 2838470..2278906 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification.rule
    0cd8e1 
    @@ -69,4 +69,3 @@ warnings:
    0cd8e1 
             
  • <tt>audit_rules_usergroup_modification_passwd</tt>
    		•
    0cd8e1
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule
    0cd8e1 
    index 143e63b..1a5251f 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group.rule
    0cd8e1 
    @@ -53,4 +53,3 @@ ocil: |-
    0cd8e1 
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1 
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule
    0cd8e1 
    index 5e14989..0d54b2f 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow.rule
    0cd8e1 
    @@ -53,4 +53,3 @@ ocil: |-
    0cd8e1 
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1 
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule
    0cd8e1 
    index 9e7ce3d..0567184 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd.rule
    0cd8e1 
    @@ -53,4 +53,3 @@ ocil: |-
    0cd8e1 
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1 
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule
    0cd8e1 
    index 76bce57..1c97a40 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd.rule
    0cd8e1 
    @@ -53,4 +53,3 @@ ocil: |-
    0cd8e1 
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1 
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule
    0cd8e1 
    index 74819f5..4076bac 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow.rule
    0cd8e1 
    @@ -53,4 +53,3 @@ ocil: |-
    0cd8e1 
         If the system is configured to watch for account changes, lines should be returned for
    0cd8e1 
         each file specified (and with <tt>perm=wa</tt> for each).
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule
    0cd8e1 
    index 9dc2ceb..6e86964 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex.rule
    0cd8e1 
    @@ -52,4 +52,3 @@ ocil_clause: 'the system is not configured to audit time changes'
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="adjtimex") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule
    0cd8e1 
    index 436f5f0..66e7f7c 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime.rule
    0cd8e1 
    @@ -52,4 +52,3 @@ ocil_clause: 'the system is not configured to audit time changes'
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="clock_settime") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule
    0cd8e1 
    index 22ec976..654fd13 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday.rule
    0cd8e1 
    @@ -52,4 +52,3 @@ ocil_clause: 'the system is not configured to audit time changes'
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_audit_syscall(syscall="settimeofday") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule
    0cd8e1 
    index 0572156..4c0ca3c 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime.rule
    0cd8e1 
    @@ -58,4 +58,3 @@ ocil: |-
    0cd8e1 
         If the system is 64-bit only, this is not applicable
    0cd8e1 
         {{{ complete_ocil_entry_audit_syscall(syscall="stime") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule
    0cd8e1 
    index 2fb8f7d..d4c02a2 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime.rule
    0cd8e1 
    @@ -51,4 +51,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo auditctl -l | grep "watch=/etc/localtime"
    0cd8e1 
         If the system is configured to audit this activity, it will return a line.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule
    0cd8e1 
    index ea42793..1e2437a 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification.rule
    0cd8e1 
    @@ -70,4 +70,3 @@ warnings:
    0cd8e1 
             
  • <tt>audit_rules_unsuccessful_file_modification_creat</tt>
    		•
    0cd8e1
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule
    0cd8e1 
    index a328ff9..bd91a9f 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_creat.rule
    0cd8e1 
    @@ -55,4 +55,3 @@ warnings:
    0cd8e1 
             have been placed independent of other system calls. Grouping these system
    0cd8e1 
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule
    0cd8e1 
    index 6229398..8fadeaa 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_ftruncate.rule
    0cd8e1 
    @@ -55,4 +55,3 @@ warnings:
    0cd8e1 
             have been placed independent of other system calls. Grouping these system
    0cd8e1 
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule
    0cd8e1 
    index 13f12fe..656de99 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open.rule
    0cd8e1 
    @@ -55,4 +55,3 @@ warnings:
    0cd8e1 
             have been placed independent of other system calls. Grouping these system
    0cd8e1 
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule
    0cd8e1 
    index ce4193a..30ee748 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at.rule
    0cd8e1 
    @@ -55,4 +55,3 @@ warnings:
    0cd8e1 
             have been placed independent of other system calls. Grouping these system
    0cd8e1 
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule
    0cd8e1 
    index 6f3c38a..532f355 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_openat.rule
    0cd8e1 
    @@ -55,4 +55,3 @@ warnings:
    0cd8e1 
             have been placed independent of other system calls. Grouping these system
    0cd8e1 
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule
    0cd8e1 
    index f6e0263..d7d37ac 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_unsuccessful_file_modification/audit_rules_unsuccessful_file_modification_truncate.rule
    0cd8e1 
    @@ -55,4 +55,3 @@ warnings:
    0cd8e1 
             have been placed independent of other system calls. Grouping these system
    0cd8e1 
             calls with others as identifying earlier in this guide is more efficient.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit.rule
    0cd8e1 
    index acf6fc6..b892c5a 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit.rule
    0cd8e1 
    @@ -31,3 +31,5 @@ ocil: |-
    0cd8e1 
         /var/log/audit directory, run the following command:
    0cd8e1 
         
    $ sudo grep "dir=/var/log/audit" /etc/audit/audit.rules
    0cd8e1 
         If the system is configured to audit this activity, it will return a line.
    0cd8e1 
    +
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule
    0cd8e1 
    index 14d41d0..543f887 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit.rule
    0cd8e1 
    @@ -34,4 +34,3 @@ ocil: |-
    0cd8e1 
         {{{ describe_file_owner(file="/var/log/audit", owner="root") }}}
    0cd8e1 
         {{{ describe_file_owner(file="/var/log/audit/*", owner="root") }}}
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule
    0cd8e1 
    index 319b1bb..39ddc5b 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit.rule
    0cd8e1 
    @@ -36,4 +36,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo ls -l /var/log/audit
    0cd8e1 
         Audit logs must be mode 0640 or less permissive.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule
    0cd8e1 
    index 94af473..c5cf669 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server.rule
    0cd8e1 
    @@ -38,4 +38,3 @@ ocil: |-
    0cd8e1 
         is an IP address or hostname:
    0cd8e1 
         
    remote_server = REMOTE_SYSTEM
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule
    0cd8e1 
    index 502843d..e4e96d4 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action.rule
    0cd8e1 
    @@ -41,4 +41,3 @@ ocil: |-
    0cd8e1 
         Acceptable values also include <tt>syslog</tt> and
    0cd8e1 
         <tt>halt</tt>.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule
    0cd8e1 
    index 07d36df..94292ff 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records.rule
    0cd8e1 
    @@ -34,5 +34,3 @@ ocil: |-
    0cd8e1 
         
    $ sudo grep -i enable_krb5 /etc/audisp/audisp-remote.conf
    0cd8e1 
         The output should return the following:
    0cd8e1 
         
    enable_krb5 = yes
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule
    0cd8e1 
    index 7fc5566..79b8909 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action.rule
    0cd8e1 
    @@ -41,4 +41,3 @@ ocil: |-
    0cd8e1 
         Acceptable values also include <tt>syslog</tt> and
    0cd8e1 
         <tt>halt</tt>.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule
    0cd8e1 
    index c2891ab..75edf6a 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated.rule
    0cd8e1 
    @@ -40,5 +40,3 @@ ocil: |-
    0cd8e1 
         To verify the audispd's syslog plugin is active, run the following command:
    0cd8e1 
         
    $ sudo grep active /etc/audisp/plugins.d/syslog.conf
    0cd8e1 
         If the plugin is active, the output will show <tt>yes</tt>.
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule
    0cd8e1 
    index cabdc03..3b45bc2 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct.rule
    0cd8e1 
    @@ -44,4 +44,3 @@ ocil: |-
    0cd8e1 
         account when it needs to notify an administrator:
    0cd8e1 
         
    action_mail_acct = root
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule
    0cd8e1 
    index 7bad632..46102a1 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action.rule
    0cd8e1 
    @@ -49,4 +49,3 @@ ocil: |-
    0cd8e1 
         or halt when disk space has run low:
    0cd8e1 
         
    admin_space_left_action single
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule
    0cd8e1 
    index 5475a85..a070c4a 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush.rule
    0cd8e1 
    @@ -38,4 +38,3 @@ ocil: |-
    0cd8e1 
         Acceptable values are <tt>DATA</tt>, and <tt>SYNC</tt>. The setting is
    0cd8e1 
         case-insensitive.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule
    0cd8e1 
    index 06ec11d..b123481 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file.rule
    0cd8e1 
    @@ -41,4 +41,3 @@ ocil: |-
    0cd8e1 
         <tt>$ sudo grep max_log_file /etc/audit/auditd.conf</tt>
    0cd8e1 
         
    max_log_file = 6
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule
    0cd8e1 
    index 609ca46..1c90f9e 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action.rule
    0cd8e1 
    @@ -52,4 +52,3 @@ ocil: |-
    0cd8e1 
         <tt>$ sudo grep max_log_file_action /etc/audit/auditd.conf</tt>
    0cd8e1 
         
    max_log_file_action <tt>rotate</tt>
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule
    0cd8e1 
    index 5b1debc..619b19e 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs.rule
    0cd8e1 
    @@ -40,4 +40,3 @@ ocil: |-
    0cd8e1 
         <tt>$ sudo grep num_logs /etc/audit/auditd.conf</tt>
    0cd8e1 
         
    num_logs = 5
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule
    0cd8e1 
    index d86ae02..c6fd4ea 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left.rule
    0cd8e1 
    @@ -40,4 +40,3 @@ ocil: |-
    0cd8e1 
         determine if the system is configured correctly:
    0cd8e1 
         
    space_left SIZE_in_MB
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule
    0cd8e1 
    index 7b4360f..65523e0 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action.rule
    0cd8e1 
    @@ -58,4 +58,3 @@ ocil: |-
    0cd8e1 
         
    space_left_action
    0cd8e1 
         Acceptable values are <tt>email</tt>, <tt>suspend</tt>, <tt>single</tt>, and <tt>halt</tt>.
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/grub2_audit_argument.rule b/linux_os/guide/system/auditing/grub2_audit_argument.rule
    0cd8e1 
    index 29c451c..68d4f49 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/grub2_audit_argument.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/grub2_audit_argument.rule
    0cd8e1 
    @@ -57,5 +57,3 @@ warnings:
    0cd8e1 
             
  • On UEFI-based machines, issue the following command as <tt>root</tt>:
    		•
    0cd8e1 
             
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    0cd8e1
    0cd8e1 
    -
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument.rule b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument.rule
    0cd8e1 
    index 361a6b9..82cd257 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument.rule
    0cd8e1 
    @@ -49,3 +49,5 @@ warnings:
    0cd8e1 
             
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    0cd8e1 
     {{% endif %}}
    0cd8e1
    0cd8e1 
    +
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/auditing/service_auditd_enabled.rule b/linux_os/guide/system/auditing/service_auditd_enabled.rule
    0cd8e1 
    index ce32390..058a689 100644
    0cd8e1 
    --- a/linux_os/guide/system/auditing/service_auditd_enabled.rule
    0cd8e1 
    +++ b/linux_os/guide/system/auditing/service_auditd_enabled.rule
    0cd8e1 
    @@ -42,4 +42,3 @@ references:
    0cd8e1
    0cd8e1 
     ocil: '{{{ ocil_service_enabled(service="auditd") }}}'
    0cd8e1
    0cd8e1 
    -platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule
    0cd8e1 
    index 492d2e7..eb56d1c 100644
    0cd8e1 
    --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule
    0cd8e1 
    +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict.rule
    0cd8e1 
    @@ -17,3 +17,5 @@ references:
    0cd8e1 
         anssi: NT28(R23)
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kptr_restrict", value="1") }}}
    0cd8e1 
    +
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument.rule b/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument.rule
    0cd8e1 
    index 8773f24..d9d53c2 100644
    0cd8e1 
    --- a/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument.rule
    0cd8e1 
    +++ b/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument.rule
    0cd8e1 
    @@ -47,3 +47,5 @@ warnings:
    0cd8e1 
             
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    0cd8e1 
     {{% endif %}}
    0cd8e1
    0cd8e1 
    +
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument.rule b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument.rule
    0cd8e1 
    index 9056613..b72c6b5 100644
    0cd8e1 
    --- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument.rule
    0cd8e1 
    +++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument.rule
    0cd8e1 
    @@ -50,3 +50,5 @@ warnings:
    0cd8e1 
             
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    0cd8e1 
     {{% endif %}}
    0cd8e1
    0cd8e1 
    +
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument.rule b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument.rule
    0cd8e1 
    index ea982ee..970025d 100644
    0cd8e1 
    --- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument.rule
    0cd8e1 
    +++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument.rule
    0cd8e1 
    @@ -50,3 +50,5 @@ warnings:
    0cd8e1 
             
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    0cd8e1 
     {{% endif %}}
    0cd8e1
    0cd8e1 
    +
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled.rule b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled.rule
    0cd8e1 
    index a8fc871..463cda6 100644
    0cd8e1 
    --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled.rule
    0cd8e1 
    +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled.rule
    0cd8e1 
    @@ -15,3 +15,4 @@ severity: unknown
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}}
    0cd8e1
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope.rule b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope.rule
    0cd8e1 
    index 67b7ff8..44febe9 100644
    0cd8e1 
    --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope.rule
    0cd8e1 
    +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope.rule
    0cd8e1 
    @@ -17,3 +17,4 @@ severity: unknown
    0cd8e1
    0cd8e1 
     {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}}
    0cd8e1
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles.rule b/linux_os/guide/system/selinux/selinux_user_login_roles.rule
    0cd8e1 
    index 47690e0..65cbf1f 100644
    0cd8e1 
    --- a/linux_os/guide/system/selinux/selinux_user_login_roles.rule
    0cd8e1 
    +++ b/linux_os/guide/system/selinux/selinux_user_login_roles.rule
    0cd8e1 
    @@ -54,3 +54,5 @@ ocil: |-
    0cd8e1 
         All authorized non-administrative
    0cd8e1 
         users must be mapped to the <tt>user_u</tt> role or the appropriate domain
    0cd8e1 
         (user_t).
    0cd8e1 
    +
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/software/integrity/fips/group.yml b/linux_os/guide/system/software/integrity/fips/group.yml
    0cd8e1 
    index 75916e9..e9ff7cb 100644
    0cd8e1 
    --- a/linux_os/guide/system/software/integrity/fips/group.yml
    0cd8e1 
    +++ b/linux_os/guide/system/software/integrity/fips/group.yml
    0cd8e1 
    @@ -14,3 +14,5 @@ description: |-
    0cd8e1 
         Security Levels 1, 2, 3, or 4 for use on Red Hat Enterprise Linux.
    0cd8e1

    0cd8e1 
         See {{{ weblink(link="http://csrc.nist.gov/publications/PubsFIPS.html") }}} for more information.
    0cd8e1 
    +
    0cd8e1 
    +platform: machine
    0cd8e1 
    diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule
    0cd8e1 
    index c1223d6..4f70107 100644
    0cd8e1 
    --- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule
    0cd8e1 
    +++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode.rule
    0cd8e1 
    @@ -60,5 +60,3 @@ warnings:
    0cd8e1

    0cd8e1 
             See {{{ weblink(link="http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401vend.htm") }}}
    0cd8e1 
             for a list of FIPS certified vendors.
    0cd8e1 
    -
    0cd8e1 
    -platform: machine

    Powered by Pagure 5.14.1

    SSH Hostkey/Fingerprint | Documentation