-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
/etc/audit/audisp-remote.conf
{{% else %}}
/etc/audisp/audisp-remote.conf
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
index 866b268e026f..e27b4d5fe810 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
@@ -8,7 +8,7 @@ description: |-
Configure the audispd plugin to off-load audit records onto a different
system or media from the system being audited.
Set the remote_server option in
-{{%- if product in ["rhel8", "fedora", "ol8"] -%}}
+{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
/etc/audit/audisp-remote.conf
{{%- else -%}}
/etc/audisp/audisp-remote.conf
@@ -41,7 +41,7 @@ ocil_clause: 'audispd is not sending logs to a remote system'
ocil: |-
To verify the audispd plugin off-loads audit records onto a different system or
media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
$ sudo grep -i remote_server /etc/audit/audisp-remote.conf
{{% else %}}
$ sudo grep -i remote_server /etc/audisp/audisp-remote.conf
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
index a196e155d05f..344ff38442e4 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
@@ -1,7 +1,7 @@
# platform = multi_platform_wrlinux,multi_platform_all
. /usr/share/scap-security-guide/remediation_functions
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
AUDISP_REMOTE_CONFIG="/etc/audit/audisp-remote.conf"
option="^transport"
value="KRB5"
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
index 648aa5f5a9f7..6d82377bd567 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
@@ -5,7 +5,7 @@
multi_platform_all
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
transport setting in /etc/audit/audisp-remote.conf is set to 'KRB5'
{{% else %}}
enable_krb5 setting in /etc/audisp/audisp-remote.conf is set to 'yes'
@@ -23,14 +23,14 @@
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
/etc/audit/audisp-remote.conf
{{% else %}}
/etc/audisp/audisp-remote.conf
{{% endif %}}
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
^[ ]*transport[ ]+=[ ]+KRB5[ ]*$
{{% else %}}
^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
index c0160e20fa05..1844db5dc281 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
@@ -7,7 +7,7 @@ title: 'Encrypt Audit Records Sent With audispd Plugin'
description: |-
Configure the operating system to encrypt the transfer of off-loaded audit
records onto a different system or media from the system being audited.
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
Set the transport option in /etc/audit/audisp-remote.conf
to KRB5.
{{% else %}}
@@ -39,7 +39,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network
ocil: |-
To verify the audispd plugin encrypts audit records off-loaded onto a different
system or media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
$ sudo grep -i transport /etc/audit/audisp-remote.conf
The output should return the following:
transport = KRB5
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
index 53848de2ac14..56611725138f 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
@@ -6,7 +6,7 @@
- name: enable syslog plugin
lineinfile:
- {{% if product in ["rhel8", "fedora", "ol8"] -%}}
+ {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
dest: /etc/audit/plugins.d/syslog.conf
{{%- else -%}}
dest: /etc/audisp/plugins.d/syslog.conf
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
index 5b1b60b5e5b6..6f2b49d440c6 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
@@ -2,7 +2,7 @@
. /usr/share/scap-security-guide/remediation_functions
var_syslog_active="yes"
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
AUDISP_SYSLOGCONFIG=/etc/audit/plugins.d/syslog.conf
{{% else %}}
AUDISP_SYSLOGCONFIG=/etc/audisp/plugins.d/syslog.conf
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
index 32033337391c..5f1c548b745d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
@@ -5,7 +5,7 @@
multi_platform_all
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
active setting in /etc/audit/plugins.d/syslog.conf is set to 'yes'
{{% else %}}
active setting in /etc/audisp/plugins.d/syslog.conf is set to 'yes'
@@ -23,7 +23,7 @@
-{{% if product in ["rhel8", "fedora", "ol8"] %}}
+{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
/etc/audit/plugins.d/syslog.conf
{{% else %}}
/etc/audisp/plugins.d/syslog.conf
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
index 96f5da926b0b..8c21beeb7c1c 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
@@ -6,7 +6,7 @@ description: |-
To configure the auditd service to use the
syslog plug-in of the audispd audit event multiplexor, set
the active line in
-{{%- if product in ["rhel8", "fedora", "ol8"] -%}}
+{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
/etc/audit/plugins.d/syslog.conf
{{%- else -%}}
/etc/audisp/plugins.d/syslog.conf
@@ -51,7 +51,7 @@ ocil_clause: 'it is not activated'
ocil: |-
To verify the audispd's syslog plugin is active, run the following command:
-{{% if product in ["rhel8", "fedora"] %}}
+{{% if product in ["rhel8", "fedora", "rhv4"] %}}
$ sudo grep active /etc/audit/plugins.d/syslog.conf
{{% else %}}
$ sudo grep active /etc/audisp/plugins.d/syslog.conf
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
index c0d39f1e8cbc..eb21e5cf3bcc 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
@@ -8,7 +8,7 @@ description: |-
To ensure all processes can be audited, even those which start
prior to the audit daemon, add the argument audit=1 to the default
GRUB 2 command line for the Linux operating system in
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
/etc/default/grub, so that the line looks similar to
GRUB_CMDLINE_LINUX="... audit=1 ..."
In case the GRUB_DISABLE_RECOVERY is set to true, then the parameter should be added to the GRUB_CMDLINE_LINUX_DEFAULT instead.
@@ -50,7 +50,7 @@ references:
ocil_clause: 'auditing is not enabled at boot time'
ocil: |-
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
Inspect the form of default GRUB 2 command line for the Linux operating system
in /etc/default/grub. If it includes audit=1, then auditing
is enabled at boot time.
diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
index 669eef29a159..5351fdb0250b 100644
--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
+++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Install libreswan Package'
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
index e128654204d2..1876dae0a115 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
@@ -8,7 +8,7 @@ description: |-
To disable IPv6 protocol support in the Linux kernel,
add the argument ipv6.disable=1 to the default
GRUB2 command line for the Linux operating system in
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
/etc/default/grub, so that the line looks similar to
GRUB_CMDLINE_LINUX="... ipv6.disable=1 ..."
In case the GRUB_DISABLE_RECOVERY is set to true, then the parameter should be added to the GRUB_CMDLINE_LINUX_DEFAULT instead.
@@ -39,7 +39,7 @@ references:
ocil_clause: 'IPv6 is not disabled'
ocil: |-
- {{% if product in ["rhel7", "ol7", "rhv4"] %}}
+ {{% if product in ["rhel7", "ol7"] %}}
Inspect the form of default GRUB2 command line for the Linux operating system
in /etc/default/grub. Check if it includes ipv6.disable=1.
First check if the GRUB recovery is enabled:
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh
index 794451cf6a47..bbe14199d5a7 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
function remediate_bind_crypto_policy() {
CONFIG_FILE="/etc/named.conf"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
index aadab6a7c834..8a07e4b78daa 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: 'Configure BIND to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml
index 01cd7f673a28..9d3f9c0c65c6 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh
index c8a6f2eee32a..2cdba7d2b779 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
# include remediation functions library
. /usr/share/scap-security-guide/remediation_functions
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
index ad054096ee5c..ba235a2009af 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: 'Configure System Cryptography Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml
index e3de38109a62..0e0bb79ab248 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
# reboot = true
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh
index 3c127ae07360..be869edf9aab 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
# reboot = true
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
index 1fd1be2160c1..dac4c354837b 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: 'Configure Kerberos to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml
index 8a56ddb1ac5f..c529966c0a48 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh
index 166d9f62d012..ade7563b6999 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
function remediate_libreswan_crypto_policy() {
CONFIG_FILE="/etc/ipsec.conf"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
index 84a4f5c15554..cf961196652d 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: 'Configure Libreswan to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
index 959426abfff5..e6318f221c5c 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
index b7f36fc00208..0b3cbf3b46f6 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
OPENSSL_CRYPTO_POLICY_SECTION='[ crypto_policy ]'
OPENSSL_CRYPTO_POLICY_SECTION_REGEX='\[\s*crypto_policy\s*\]'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
index 2bdca08c651b..276a8ed41c19 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: 'Configure OpenSSL library to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/ansible/shared.yml
index e06e745abeed..f92a496e6f5a 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
# reboot = true
# strategy = disable
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/bash/shared.sh
index 6093b0a3e4ab..7f288499dca1 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8,Red Hat Virtualization 4
SSH_CONF="/etc/sysconfig/sshd"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/oval/shared.xml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/oval/shared.xml
index 637b76d22746..0597123d6f3f 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/oval/shared.xml
@@ -2,11 +2,7 @@
Configure SSH to use System Crypto Policy.
-
- multi_platform_fedora
- Red Hat Enterprise Linux 8
- Oracle Linux 8
-
+ {{{- oval_affected(products) }}}
SSH should be configured to use the system-wide crypto policy setting.
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
index db5ce07f0ecd..65f4342da607 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhv4
title: 'Configure SSH to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
index ac4560e10632..7e04bd27f918 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: "Enable Dracut FIPS Module"
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
index e5990c5128de..87476a7b3150 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,Red Hat Virtualization 4
fips-mode-setup --enable
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
index 4a0128d7f20b..bd956ed71084 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: Enable FIPS Mode
diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
index 29755ec0b128..a2d73bcf4f41 100644
--- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: Ensure '/etc/system-fips' exists
diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/ansible/shared.yml
index 5a8115ca6437..59078674e673 100644
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,multi_platform_rhv
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 7
# reboot = true
# strategy = restrict
# complexity = high
diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/bash/shared.sh
index 19fc3cae5475..463abd4434c4 100644
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,Red Hat Virtualization 4,multi_platform_rhv,multi_platform_wrlinux
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 7,multi_platform_wrlinux
# include remediation functions library
. /usr/share/scap-security-guide/remediation_functions
diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
index d65031b86f2f..335810bd2e1b 100644
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,rhel7,rhv4,wrlinux1019
+prodtype: ocp4,ol7,rhel7,wrlinux1019
title: 'Enable FIPS Mode in GRUB2'
diff --git a/linux_os/guide/system/software/integrity/fips/package_dracut-fips-aesni_installed/rule.yml b/linux_os/guide/system/software/integrity/fips/package_dracut-fips-aesni_installed/rule.yml
index 724970be083a..f9ca356aee38 100644
--- a/linux_os/guide/system/software/integrity/fips/package_dracut-fips-aesni_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/package_dracut-fips-aesni_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,rhel6,rhel7,rhv4
+prodtype: ocp4,ol7,rhel6,rhel7
title: 'Install the dracut-fips-aesni Package'
diff --git a/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/ansible/shared.yml
index a7c2d30f571f..aed9d35dd760 100644
--- a/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 7,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Virtualization 4,Red Hat OpenShift Container Platform 4
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat OpenShift Container Platform 4
# reboot = false
# strategy = enable
# complexity = low
diff --git a/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/bash/shared.sh
index a97827c1160d..ceddefc0d8ee 100644
--- a/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Oracle Linux 7,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Virtualization 4
+# platform = Oracle Linux 7,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7
{{{ bash_package_install("dracut-fips") }}}
diff --git a/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/rule.yml b/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/rule.yml
index 546cfc70b4a1..89754734e3db 100644
--- a/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,rhel6,rhel7,rhv4
+prodtype: ocp4,ol7,rhel6,rhel7
title: 'Install the dracut-fips Package'
diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
index 50079bf27040..8bf8b8549a28 100644
--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,ol8,rhel8,rhv4
title: "Set kernel parameter 'crypto.fips_enabled' to 1"
diff --git a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml
index 93771575571c..2021dc7763d7 100644
--- a/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_cryptsetup-luks_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,rhel6,rhel7,rhv4
+prodtype: fedora,ol7,rhel6,rhel7
title: 'Install cryptsetup-luks Package'
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh
index 13e9f6fa78ce..509543281ef9 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/bash/shared.sh
@@ -13,7 +13,7 @@ if [ "${RPM_GPG_DIR_PERMS}" -le "755" ]
then
# If they are safe, try to obtain fingerprints from the key file
# (to ensure there won't be e.g. CRC error).
-{{% if product == "rhel8" %}}
+{{% if product in ["rhel8", "rhv4"] %}}
readarray -t GPG_OUT < <(gpg --show-keys --with-fingerprint --with-colons "$REDHAT_RELEASE_KEY" | grep -A1 "^pub" | grep "^fpr" | cut -d ":" -f 10)
{{% else %}}
readarray -t GPG_OUT < <(gpg --with-fingerprint --with-colons "$REDHAT_RELEASE_KEY" | grep "^fpr" | cut -d ":" -f 10)
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
index abb1bfcef854..748f30a29347 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
@@ -14,7 +14,7 @@
{{%- if product == "rhel6" %}}
{{%- endif %}}
- {{%- if product == "rhel7" or product == "rhv4" %}}
+ {{%- if product == "rhel7" %}}
{{%- endif %}}
@@ -33,7 +33,7 @@
test_ref="test_package_gpgkey-c105b9de-4e0fd3a3_installed" />
{{%- endif %}}
- {{%- if product == "rhel7" or product == "rhv4" %}}
+ {{%- if product == "rhel7" %}}
{{{ aux_pkg_version }}}
- {{%- if product == "rhel7" or product == "rhv4" %}}
+ {{%- if product == "rhel7" %}}
-
+
Red Hat Virtualization 4 Host
installed_OS_is_rhv4
diff --git a/rhv4/product.yml b/rhv4/product.yml
index 7d2420931cde..10a2eda079af 100644
--- a/rhv4/product.yml
+++ b/rhv4/product.yml
@@ -13,8 +13,8 @@ init_system: "systemd"
# The fingerprints below are retrieved from https://access.redhat.com/security/team/key
pkg_release: "4ae0493b"
pkg_version: "fd431d51"
-aux_pkg_release: "45700c69"
-aux_pkg_version: "2fa658e0"
+aux_pkg_release: "5b32db75"
+aux_pkg_version: "d4082792"
release_key_fingerprint: "567E347AD0044ADE55BA8A5F199E2F91FD431D51"
-auxiliary_key_fingerprint: "43A6E49C4A38F4BE9ABF2A5345689C882FA658E0"
+auxiliary_key_fingerprint: "6A6AA7C97C8890AEC6AEBFE2F76F66C3D4082792"
diff --git a/rhv4/profiles/rhvh-stig.profile b/rhv4/profiles/rhvh-stig.profile
index 49fb81520f45..187de1511c2f 100644
--- a/rhv4/profiles/rhvh-stig.profile
+++ b/rhv4/profiles/rhvh-stig.profile
@@ -21,7 +21,7 @@ selections:
- accounts_password_pam_ucredit
- var_password_pam_lcredit=1
- accounts_password_pam_lcredit
- - package_screen_installed
+ - package_tmux_installed
- sshd_idle_timeout_value=10_minutes
- sshd_set_idle_timeout
- accounts_password_all_shadowed
@@ -180,41 +180,39 @@ selections:
- disable_ctrlaltdel_reboot
- disable_ctrlaltdel_burstaction
- libreswan_approved_tunnels
- - no_rsh_trust_files
- - package_rsh_removed
- package_rsh-server_removed
- package_talk_removed
- package_talk-server_removed
- package_telnet_removed
- package_telnet-server_removed
- package_xinetd_removed
- - package_ypbind_removed
- package_ypserv_removed
- service_crond_enabled
- service_rexec_disabled
- service_rlogin_disabled
- - service_rsh_disabled
- sshd_required=yes
- service_sshd_enabled
- service_telnet_disabled
- service_xinetd_disabled
- - service_ypbind_disabled
- service_zebra_disabled
- use_kerberos_security_all_exports
- disable_host_auth
- - sshd_allow_only_protocol2
- sshd_disable_compression
- sshd_disable_gssapi_auth
- sshd_disable_kerb_auth
- - sshd_disable_rhosts_rsa
- sshd_do_not_permit_user_env
- sshd_enable_strictmodes
- sshd_enable_warning_banner
- var_sshd_set_keepalive=3
- sshd_set_keepalive
- - sshd_use_approved_ciphers
- - sshd_use_approved_macs
- sshd_use_priv_separation
+ - var_system_crypto_policy=fips_ospp
+ - configure_crypto_policy
+ - configure_ssh_crypto_policy
+ - configure_openssl_crypto_policy
+ - configure_bind_crypto_policy
+ - configure_kerberos_crypto_policy
+ - configure_libreswan_crypto_policy
- var_accounts_user_umask=077
- var_selinux_policy_name=targeted
- var_selinux_state=enforcing
@@ -311,12 +309,12 @@ selections:
- aide_verify_acls
- aide_verify_ext_attributes
- disable_prelink
- - grub2_enable_fips_mode
+ - enable_fips_mode
- install_antivirus
- install_hids
- ldap_client_start_tls
- package_aide_installed
- - package_dracut-fips_installed
+ - enable_dracut_fips_module
- rpm_verify_hashes
- install_PAE_kernel_on_x86-32
- service_kdump_disabled
@@ -353,7 +351,6 @@ selections:
- set_password_hashing_algorithm_systemauth
- package_opensc_installed
- var_smartcard_drivers=cac
- - configure_opensc_nss_db
- configure_opensc_card_drivers
- force_opensc_card_drivers
- package_pcsc-lite_installed
@@ -413,6 +410,7 @@ selections:
- partition_for_var_log_audit
- partition_for_tmp
- grub2_no_removeable_media
+ - package_audispd-plugins_installed
- auditd_audispd_configure_remote_server
- auditd_audispd_encrypt_sent_records
- auditd_audispd_disk_full_action
diff --git a/rhv4/profiles/rhvh-vpp.profile b/rhv4/profiles/rhvh-vpp.profile
index 7fc89adcf2d5..ecd545237ffd 100644
--- a/rhv4/profiles/rhvh-vpp.profile
+++ b/rhv4/profiles/rhvh-vpp.profile
@@ -62,11 +62,9 @@ selections:
- file_permissions_sshd_private_key
- file_permissions_sshd_pub_key
- disable_host_auth
- - sshd_allow_only_protocol2
- sshd_disable_compression
- sshd_disable_gssapi_auth
- sshd_disable_kerb_auth
- - sshd_disable_rhosts_rsa
- sshd_disable_root_login
- sshd_do_not_permit_user_env
- sshd_enable_strictmodes
@@ -75,10 +73,12 @@ selections:
- sshd_set_idle_timeout
- sshd_set_keepalive
- sshd_set_loglevel_info
- - sshd_use_approved_ciphers
- - sshd_use_approved_macs
- sshd_use_priv_separation
- sshd_disable_empty_passwords
+ - var_system_crypto_policy=fips_ospp
+ - configure_crypto_policy
+ - configure_ssh_crypto_policy
+ - configure_openssl_crypto_policy
# AU -5(b)
- audit_rules_system_shutdown
@@ -169,7 +169,6 @@ selections:
# IA-2 (1)
- package_opensc_installed
- var_smartcard_drivers=cac
- - configure_opensc_nss_db
- configure_opensc_card_drivers
- force_opensc_card_drivers
- package_pcsc-lite_installed
@@ -198,13 +197,18 @@ selections:
# IA-7
- installed_OS_is_FIPS_certified
- - grub2_enable_fips_mode
+ - enable_fips_mode
# MP-7
- kernel_module_usb-storage_disabled
- kernel_module_bluetooth_disabled
- service_bluetooth_disabled
+ # SC-13
+ - configure_bind_crypto_policy
+ - configure_kerberos_crypto_policy
+ - configure_libreswan_crypto_policy
+
# SC-39
- sysctl_kernel_exec_shield
- sysctl_kernel_kptr_restrict
diff --git a/shared/checks/oval/installed_OS_is_rhv4.xml b/shared/checks/oval/installed_OS_is_rhv4.xml
index 1935f3c2f3c6..dd3152b6b7f5 100644
--- a/shared/checks/oval/installed_OS_is_rhv4.xml
+++ b/shared/checks/oval/installed_OS_is_rhv4.xml
@@ -9,9 +9,10 @@
The operating system installed on the system is
- Red Hat Virtualization Host 4 or Red Hat Enterprise Host.
+ Red Hat Virtualization Host 4.4+ or Red Hat Enterprise Host.
-
+
+
@@ -24,7 +25,7 @@
redhat-release-virtualization-host
- ^4.*$
+ 0:4.4
diff --git a/shared/templates/template_ANSIBLE_grub2_bootloader_argument b/shared/templates/template_ANSIBLE_grub2_bootloader_argument
index 13749232336c..e3549dcc3e86 100644
--- a/shared/templates/template_ANSIBLE_grub2_bootloader_argument
+++ b/shared/templates/template_ANSIBLE_grub2_bootloader_argument
@@ -4,7 +4,7 @@
# complexity = medium
# disruption = low
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
- name: check {{{ ARG_NAME }}} argument exists
command: grep 'GRUB_CMDLINE_LINUX.*{{{ ARG_NAME }}}=' /etc/default/grub
failed_when: False
diff --git a/shared/templates/template_BASH_grub2_bootloader_argument b/shared/templates/template_BASH_grub2_bootloader_argument
index 20faf05f32c7..65d851f6448b 100644
--- a/shared/templates/template_BASH_grub2_bootloader_argument
+++ b/shared/templates/template_BASH_grub2_bootloader_argument
@@ -1,6 +1,6 @@
# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
# Correct the form of default kernel command line in GRUB
if grep -q '^GRUB_CMDLINE_LINUX=.*{{{ ARG_NAME }}}=.*"' '/etc/default/grub' ; then
# modify the GRUB command-line if an {{{ ARG_NAME }}}= arg already exists
diff --git a/shared/templates/template_OVAL_grub2_bootloader_argument b/shared/templates/template_OVAL_grub2_bootloader_argument
index a18f85f5e821..aaaa0393b0e0 100644
--- a/shared/templates/template_OVAL_grub2_bootloader_argument
+++ b/shared/templates/template_OVAL_grub2_bootloader_argument
@@ -6,7 +6,7 @@
Ensure {{{ ARG_NAME_VALUE }}} is configured in the kernel line in /etc/default/grub.
- {{% if product in ["rhel7", "ol7", "rhv4"] %}}
+ {{% if product in ["rhel7", "ol7"] %}}
@@ -26,7 +26,7 @@
-{{% if product in ["rhel7", "ol7", "rhv4"] %}}
+{{% if product in ["rhel7", "ol7"] %}}
diff --git a/ssg/constants.py b/ssg/constants.py
index 46bb701ddf40..a3741f6d0049 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -254,7 +254,7 @@
],
"rhv4": [
"cpe:/a:redhat:enterprise_virtualization_manager:4",
- "cpe:/o:redhat:enterprise_linux:7::hypervisor",
+ "cpe:/o:redhat:enterprise_linux:8::hypervisor",
],
"sle11": [
"cpe:/o:suse:linux_enterprise_server:11",