diff --git a/CMakeLists.txt b/CMakeLists.txt
index 97bf79767822..b1544519fe6e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -73,6 +73,7 @@ option(SSG_PRODUCT_JRE "If enabled, the JRE SCAP content will be built" ${SSG_PR
option(SSG_PRODUCT_MACOS1015 "If enabled, the Apple macOS 10.15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_OCP3 "If enabled, the OCP3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_OCP4 "If enabled, the OCP4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
+option(SSG_PRODUCT_RHCOS4 "If enabled, the RHCOS4 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_OL7 "If enabled, the Oracle Linux 7 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_OL8 "If enabled, the Oracle Linux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
option(SSG_PRODUCT_OPENSUSE "If enabled, the openSUSE SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -245,6 +246,7 @@ message(STATUS "JRE: ${SSG_PRODUCT_JRE}")
message(STATUS "MacOS 1015: ${SSG_PRODUCT_MACOS1015}")
message(STATUS "OCP3: ${SSG_PRODUCT_OCP3}")
message(STATUS "OCP4: ${SSG_PRODUCT_OCP4}")
+message(STATUS "RHCOS4: ${SSG_PRODUCT_RHCOS4}")
message(STATUS "Oracle Linux 7: ${SSG_PRODUCT_OL7}")
message(STATUS "Oracle Linux 8: ${SSG_PRODUCT_OL8}")
message(STATUS "openSUSE: ${SSG_PRODUCT_OPENSUSE}")
@@ -332,6 +334,9 @@ endif()
if (SSG_PRODUCT_OCP4)
add_subdirectory("ocp4")
endif()
+if (SSG_PRODUCT_RHCOS4)
+ add_subdirectory("rhcos4")
+endif()
if (SSG_PRODUCT_OL7)
add_subdirectory("ol7")
endif()
diff --git a/Dockerfiles/ocp4_content b/Dockerfiles/ocp4_content
index 8add6b77e326..17270647da9d 100644
--- a/Dockerfiles/ocp4_content
+++ b/Dockerfiles/ocp4_content
@@ -7,10 +7,11 @@ COPY . .
RUN microdnf -y install cmake make git /usr/bin/python3 python3-pyyaml python3-jinja2 openscap-utils
-RUN ./build_product --debug ocp4 rhel7 rhel8
+RUN ./build_product --debug ocp4 rhel7 rhel8 rhcos4
FROM registry.access.redhat.com/ubi8/ubi-minimal
WORKDIR /
COPY --from=builder /content/build/ssg-ocp4-ds.xml .
COPY --from=builder /content/build/ssg-rhel7-ds.xml .
COPY --from=builder /content/build/ssg-rhel8-ds.xml .
+COPY --from=builder /content/build/ssg-rhcos4-ds.xml .
diff --git a/Dockerfiles/quay_publish b/Dockerfiles/quay_publish
index 19c795021216..6f4e0fcf42cb 100644
--- a/Dockerfiles/quay_publish
+++ b/Dockerfiles/quay_publish
@@ -3,8 +3,9 @@ FROM fedora:latest as builder
RUN dnf -y install cmake make git /usr/bin/python3 python3-pyyaml python3-jinja2 openscap-utils
RUN git clone --depth 1 https://github.com/ComplianceAsCode/content
WORKDIR /content
-RUN ./build_product --debug ocp4
+RUN ./build_product --debug ocp4 rhcos4
FROM registry.access.redhat.com/ubi8/ubi-minimal
WORKDIR /
COPY --from=builder /content/build/ssg-ocp4-ds.xml .
+COPY --from=builder /content/build/ssg-rhcos4-ds.xml .
diff --git a/build_product b/build_product
index 3a126e8f05ec..59eaeed7df78 100755
--- a/build_product
+++ b/build_product
@@ -274,6 +274,7 @@ all_cmake_products=(
JRE
OCP3
OCP4
+ RHCOS4
OL7
OL8
OPENSUSE
diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
index 88d46a5d5cc2..8e80db3f1e30 100644
--- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
+++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Uninstall bind Package'
diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
index e77aa8756f40..6c55f4b551ca 100644
--- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
+++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Install fapolicyd Package'
diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
index f64501a9c4a3..172a7a4a0e4b 100644
--- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
+++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol8,rhel8
+prodtype: ocp4,rhcos4,ol8,rhel8
title: 'Enable the File Access Policy Service'
diff --git a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml
index 2cd949f361b1..3d54a6cf3aa5 100644
--- a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml
+++ b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,rhel6,rhel7,rhel8
+prodtype: ocp4,rhcos4,rhel6,rhel7,rhel8
title: 'Uninstall 389-ds-base Package'
diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
index f42784f6628c..8befc19166da 100644
--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
+++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
title: 'Ensure LDAP client is not installed'
diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
index 233eaa6bb460..7e6d4ca60242 100644
--- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Disable chrony daemon from acting as server'
diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
index 9b44f47e901f..eeceb477489b 100644
--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Disable network management of chrony daemon'
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
index 621a1f34d238..00d255faba33 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Configure Time Service Maxpoll Interval'
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml
index 0fa5b676d21c..5bc8d96b00d6 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Specify Additional Remote NTP Servers'
diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml
index 09716f29205b..2641306fadb9 100644
--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Specify a Remote NTP Server'
diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
index d6444264f114..4da4b6ec74e3 100644
--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
+++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Enable the NTP Daemon'
diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
index e87b379cbb82..507eb86ce18c 100644
--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
+++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,ocp4
+prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,ocp4,rhcos4
title: 'Ensure rsyncd service is diabled'
diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
index 237267ef9061..f751b60875f7 100644
--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
+++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Enable the Hardware RNG Entropy Gatherer Service'
diff --git a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml
index 3093ab8adef8..c24ffa076b25 100644
--- a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml
+++ b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: ocp4,rhcos4,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Install the Samba Common Package'
diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
index caa6d185c590..a703efd463d5 100644
--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
+++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: debian10,debian9,fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: debian10,debian9,fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Uninstall net-snmp Package'
diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
index 2ffed0e44576..82978f46f08d 100644
--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel6,rhel7,rhel8,rhv4,sle15,ocp4
+prodtype: rhel6,rhel7,rhel8,rhv4,sle15,ocp4,rhcos4
title: 'Verify Group Who Owns SSH Server config file'
diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
index 3713dbce3d46..2a16e31f205a 100644
--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel6,rhel7,rhel8,rhv4,sle15,ocp4
+prodtype: rhel6,rhel7,rhel8,rhv4,sle15,ocp4,rhcos4
title: 'Verify Owner on SSH Server config file'
diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
index 3de148f5097e..5b1df3066009 100644
--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel6,rhel7,rhel8,rhv4,sle15,ocp4
+prodtype: rhel6,rhel7,rhel8,rhv4,sle15,ocp4,rhcos4
title: 'Verify Permissions on SSH Server config file'
diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
index 4172ee500e16..43166e43dec2 100644
--- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
+++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: debian10,debian8,debian9,fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1404,ubuntu1604,ubuntu1804,wrlinux1019,wrlinux8
+prodtype: debian10,debian8,debian9,fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1404,ubuntu1604,ubuntu1804,wrlinux1019,wrlinux8
title: 'Install the OpenSSH Server Package'
diff --git a/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml
index 162fac24aee5..c5c900855621 100644
--- a/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml
+++ b/linux_os/guide/services/ssh/package_openssh-server_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: debian10,debian8,debian9,fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1404,ubuntu1604,ubuntu1804,wrlinux1019,wrlinux8
+prodtype: debian10,debian8,debian9,fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1404,ubuntu1604,ubuntu1804,wrlinux1019,wrlinux8
title: 'Remove the OpenSSH Server Package'
diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_x11_forwarding/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_info/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_info/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_info/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_info/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_loglevel_verbose/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_priv_separation/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/ignition/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/ignition/shared.yml
index e69401daa92b..11954b4c758b 100644
--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/ignition/shared.yml
+++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml
index dec733138a29..5ff87b2daccd 100644
--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Configure SSSD to run as user sssd'
diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
index 7d77556aeae3..039183c06435 100644
--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
+++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Log USBGuard daemon audit events using Linux Audit'
diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
index cee1664606d9..989f45a1d5bb 100644
--- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
+++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Install usbguard Package'
diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
index 73666d6592ff..d8fa9c472a63 100644
--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
+++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Enable the USBGuard Service'
diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml
index 0e9f356a0d3f..e9071b613dba 100644
--- a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Authorize Human Interface Devices in USBGuard daemon'
diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml
index 00d647bae3a8..fa87541982b2 100644
--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Authorize Human Interface Devices and USB hubs in USBGuard daemon'
diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml
index 1555a8b3e067..79e1bb849e74 100644
--- a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Authorize USB hubs in USBGuard daemon'
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
index 89d991bb49bd..3d0c412ae1ad 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Modify the System Login Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
index 6ff4e0a95abc..e9bb8038db98 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Verify Group Ownership of System Login Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
index 1a96fc1bee29..5d3443a00bef 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Verify ownership of System Login Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
index 41a7b036ba9f..f06728c61bf8 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Verify permissions on System Login Banner'
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ignition/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ignition/shared.yml
index 64cae24f3d62..3373205e92f7 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ignition/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
index e0f646e08dca..cc0e18406756 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Disable Ctrl-Alt-Del Burst Action'
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
index 69c4945cc087..4fc35d6cac09 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Disable Ctrl-Alt-Del Reboot Activation'
diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
index 6cb263a0d5d7..22f9d1e0fa1f 100644
--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Verify that Interactive Boot is Disabled'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
index 0134e85de621..e41772623208 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Require Authentication for Single User Mode'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/ignition/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/ignition/shared.yml
index 690b946af1c4..7b7a0dbe9009 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/ignition/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
index 6c92fd134d3e..ddb9691daa66 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,ocp4
+prodtype: fedora,ol8,rhel8,ocp4,rhcos4
title: 'Prevent user from disabling the screen lock'
diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/ignition/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/ignition/shared.yml
index 2a13f7172acd..512397095973 100644
--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
index cfda54db0d98..e59619207639 100644
--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Disable debug-shell SystemD Service'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
index eb2f9c02e0da..23dc19910d74 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Set Account Expiration Following Inactivity'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ignition/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ignition/shared.yml
index f86b6faae73d..bd07d2635807 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ignition/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ocp
+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
index b415655c64b0..db51343e0d5a 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/group'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
index 496270d63939..c0fbf6a48412 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/passwd'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
index 8ab7cbb6c45e..48b4039a015c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/shadow'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ignition/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ignition/shared.yml
index c4afc5e5a373..78aae301e581 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ignition/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
index 85b1663b2c00..1fa8db8cb029 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Ensure that System Accounts Do Not Run a Shell Upon Login'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
index 6df9d27ad78f..29d566a3750b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Any Attempts to Run chcon'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
index 42d55c14c107..1fb3d47fdbbb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Record Any Attempts to Run restorecon'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
index e62ffec66136..3cfd57db4c9f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Any Attempts to Run semanage'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
index 57cb8eabbcf2..ae9c67c6cdc3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Record Any Attempts to Run setfiles'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
index ad20e676d63b..7032329ab596 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Any Attempts to Run setsebool'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
index f3d39e857f6e..fddc9220047b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Any Attempts to Run seunshare'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
index 89c64a670879..9447f5706858 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - chmod'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
index beb12523e17e..72feb58d86f5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Ownership Changes to Files - chown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
index 10b9c13a33ef..6ea16f51c6b7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Unsuccessful Access Attempts to Files - creat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
index cedf35da78c6..0d5542e3c684 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - fchmod'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
index 106bcde2602e..641831afc3f6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - fchmodat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
index 24f0684abccf..b7e3e9021bdb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Ownership Changes to Files - fchown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
index 9e3a97efecf0..13104475e838 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Ownership Changes to Files - fchownat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
index eb9bad4b36ca..d86f6806e8a6 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - fremovexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
index c12277ad9ff8..1b8cb40f701d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - fsetxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
index 3837f724963e..41284a979294 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Unsuccessful Access Attempts to Files - ftruncate'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
index 2a73ebf09308..5706381e9ef8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Ownership Changes to Files - lchown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
index 3838f41651bb..f55cbe0218be 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - lremovexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
index 9de54c2abf7f..09119ec32ca2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - lsetxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
index 395ece46ebb6..454af97b3cf9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Unsuccessful Access Attempts to Files - open'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
index 0a1b43ec87dc..a8b124a9940b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
index a08e18b19715..f4f8a1362e52 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
index 86188ccbc14d..f8b750078f7e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
index 689b292d1aa7..bbb5307a716c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
index b98cb96695df..2e1a60d8162a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessful Creation Attempts to Files - open O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
index d0e3ce67cbfd..86b3bc38cd48 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
index 84496372e431..e1774b453640 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
index 68ba1c44ee49..30f563901b6f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Unsuccessful Access Attempts to Files - openat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
index 5f31da893d33..c7d19bb97a22 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessful Creation Attempts to Files - openat O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
index 2c78ccd82f14..4d0d898a5c7f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
index e9058b11fabf..59492f7ad6f2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
index 99f3cfa8843c..5e5ee33a509d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - removexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
index 1b6d4a674094..3119fe936072 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Delete Attempts to Files - rename'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
index 7bd557284c52..f63e35c1ee0e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Delete Attempts to Files - renameat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
index 58ef4cc79501..ce861b063883 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Permission Changes to Files - setxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
index 2974dfc0f9e6..b3edb94b8643 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Unsuccessful Access Attempts to Files - truncate'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
index 0be528b23ea9..b6e051ed4917 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Delete Attempts to Files - unlink'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
index 59f6d0ddfd9b..624a593262f9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Record Unsuccessul Delete Attempts to Files - unlinkat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/oval/shared.xml
index c1256cbeeade..54f5716d4dad 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/oval/shared.xml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/oval/shared.xml
@@ -9,6 +9,7 @@
multi_platform_rhel
multi_platform_sle
multi_platform_ocp
+ multi_platform_rhcos
The audit rules should be configured to log information about kernel module loading and unloading.
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
index 29b247236382..32116c1b6082 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
index fd3afd9e00ab..b9051084324c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
index 0e5c914a7e45..1eeacd4f2464 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/oval/shared.xml
index 414045b16f18..9217b7b2c810 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/oval/shared.xml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/oval/shared.xml
@@ -8,6 +8,7 @@
multi_platform_ol
multi_platform_rhel
multi_platform_ocp
+ multi_platform_rhcos
Audit rules should be configured to log successful and unsuccessful login and logout events.
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
index cddd7663b400..e337944149f2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Record Attempts to Alter Logon and Logout Events - faillock'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
index a85eac9f0399..c1648b139393 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Record Attempts to Alter Logon and Logout Events - lastlog'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
index 7c27c227ec83..5f76b948dce0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Record Attempts to Alter Logon and Logout Events - tallylog'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
index 96a2d9fce90b..adffc2d46a5e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
index 1dadebc00b2f..3229d732b203 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
index 8c3d46e9e3ae..ccabd56d479b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
index 5669f2a346e6..0775d11795db 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - crontab'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
index 82031694c16b..f4a83b1b0044 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
index 7c80cd756344..9b753cfb6cce 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - mount'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
index da33e0f4a330..fcf5554d817e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
index 1af98e4b6451..942110fed57b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
index 1aa10941d2dd..435f98546b88 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
index 599eba4ed316..8bf75e662e9d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
index 57855a3e05d8..24aa32516bc9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - passwd'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
index 896dfbbec611..2c6a18eeb082 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postdrop'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
index 0139032a2381..4afa9f89adb1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postqueue'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
index 9ee5aa7b2c59..345316c4defb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
index 8e54eaf910d7..e60a0e9bc737 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
index 2413cb21c2c9..08bd099e8f79 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - su'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
index 6cfb070a5d46..50aebe0e7265 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
index c7eed2a8c83a..9fd6b6e290ea 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
index c3a64f899d6c..d8ce83ff37cd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - umount'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
index e8a6294d0b1d..13ba39757d9b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
index 0f856ad5661a..36fc3b9e8ada 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - userhelper'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
index 7031b58fd33e..2f04c9cd42b1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml
index 482fee42195d..627c40d4c1a2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via open syscall - /etc/group'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml
index 04d71843d819..687f941e55eb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml
index b04a79bdb8bf..ad2dcc07e59d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via openat syscall - /etc/group'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml
index 612a6bc91543..74493bada3d2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via open syscall - /etc/gshadow'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml
index b304c31485b0..d75964917bc2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml
index ceb4bdc58416..f47c8e190cc5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via openat syscall - /etc/gshadow'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml
index 30937223ddad..dcbe3cec2228 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via open syscall - /etc/passwd'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml
index d47385efb1c9..b1b3a3affd66 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml
index c8951e4811aa..1589252b00b4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via openat syscall - /etc/passwd'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml
index a3a6e1cd2805..d6e399899eeb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via open syscall - /etc/shadow'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml
index 9079b4a5a51c..752d57c16b4a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml
index 2918c51182dd..7523367a2947 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Record Events that Modify User/Group Information via openat syscall - /etc/shadow'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ignition/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ignition/shared.yml
index 3197deeaff42..f1a95b7913e2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp
+# platform = multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/ignition/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/ignition/shared.yml
index 8fba78535621..602bcf970a43 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp
+# platform = multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/oval/shared.xml
index 6aded81aad1c..a05ae268b216 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/oval/shared.xml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/oval/shared.xml
@@ -9,6 +9,7 @@
multi_platform_rhel
multi_platform_wrlinux
multi_platform_ocp
+ multi_platform_rhcos
Audit rules should detect modification to system files that hold information about users and groups.
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
index 8d4c5df53754..aa87e9a1305e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Events that Modify User/Group Information - /etc/group'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
index 22e286852306..f4bc4c99b4fe 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Events that Modify User/Group Information - /etc/gshadow'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
index 63c588e3c6d9..961a0751debb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Events that Modify User/Group Information - /etc/security/opasswd'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
index 431be0d54cd8..ddb47da79210 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Events that Modify User/Group Information - /etc/passwd'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
index 34901d3a6209..b986474b53b1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Record Events that Modify User/Group Information - /etc/shadow'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
index ebfc0defc2f5..7e7c48534b3e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'System Audit Logs Must Have Mode 0640 or Less Permissive'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
index 48ff6ac9f378..b80b93a4a0ff 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Configure audispd Plugin To Send Logs To Remote Server'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
index fca0e420058b..790e4f8329ec 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Configure audispd''s Plugin disk_full_action When Disk Is Full'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
index 04fd900bccde..b05d1d478e8e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Encrypt Audit Records Sent With audispd Plugin'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
index 692082378556..5aa8ba2334e8 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Configure audispd''s Plugin network_failure_action On Network Failure'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
index a72fce3ef2e7..37bba53dc8ea 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
index 1d052b81c954..05a47e186563 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Configure auditd flush priority'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
index d3222680fde9..86d9cf906604 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Configure auditd space_left on Low Disk Space'
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
index a72fce3ef2e7..37bba53dc8ea 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
index a72fce3ef2e7..37bba53dc8ea 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
index a72fce3ef2e7..37bba53dc8ea 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
index a72fce3ef2e7..37bba53dc8ea 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
index a72fce3ef2e7..37bba53dc8ea 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/ignition/shared.yml b/linux_os/guide/system/auditing/grub2_audit_argument/ignition/shared.yml
index 457cf47385b6..331d624e0e7f 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
index d6c7460d74f0..133c4ac7eb28 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon'
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/ignition/shared.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/ignition/shared.yml
index 44b22cd7220b..b3f49de4099d 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
index 1f4f41fcb5f5..6468cc1cf5c2 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,sle15
title: 'Extend Audit Backlog Limit for the Audit Daemon'
diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
index fd5f0639cbe5..b685d9114a7e 100644
--- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Install audispd-plugins Package'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/ignition/shared.yml
index 68d85d05ca4b..d37de12ad5de 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/ignition/shared.yml
index 91175de6ac54..253994ebdf98 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/ignition/shared.yml
index dd374f70a257..94401b41e42f 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
index 9017a9cb8626..bbc5547a6991 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,ocp4
+prodtype: ol8,rhel8,ocp4,rhcos4
title: 'Configure basic parameters of Audit system'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/ignition/shared.yml
index ec81a2f0e696..bc4a72e1461d 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/ignition/shared.yml
index b4e144e8b415..190a4551e799 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/ignition/shared.yml
index d5aa696f0603..1b5469854311 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/ignition/shared.yml
index aa13c5c31629..d05efa1e6dc4 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
index 312e42a84fe2..cc71b666ba38 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,ocp4
+prodtype: ol8,rhel8,ocp4,rhcos4
title: 'Configure auditing of unsuccessful file modifications'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/ignition/shared.yml
index 5f3f949ee1bd..b996169c5111 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
index 01f6a192b0fa..8315207282d5 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,ocp4
+prodtype: ol8,rhel8,ocp4,rhcos4
title: 'Configure auditing of loading and unloading of kernel modules'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/ignition/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/ignition/shared.yml
index ce3a763730e5..39f6517df25f 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
index 4403a8cf3135..76c8a0f5a76c 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,ocp4
+prodtype: ol8,rhel8,ocp4,rhcos4
title: 'Perform general configuration of Audit for OSPP'
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/ignition/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/ignition/shared.yml
index afb5c1fea2dc..fa208c8be16f 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/ignition/shared.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ocp
+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/ignition/shared.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/ignition/shared.yml
index 3895742a326e..8ad930d012d5 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/ignition/shared.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
index ce24d9701715..215d8f1ae855 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Enable Kernel Page-Table Isolation (KPTI)'
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
index 003f06497fbb..f3c23206b238 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_admin_username/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Set the UEFI Boot Loader Admin Username to a Non-Default Value'
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
index 9b564e6eda64..bf2328c63c3b 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_uefi_password/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Set the UEFI Boot Loader Password'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
index ce75b06631c6..d6dc49df26ef 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,sle15
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,sle15
title: 'Install firewalld Package'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index 73e81c8fbd60..1f11be648dff 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
title: 'Verify firewalld Enabled'
diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
index 5351fdb0250b..b22f197b1557 100644
--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
+++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Install libreswan Package'
diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
index 87cbf3623b25..7243f28aef1d 100644
--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Install iptables Package'
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
index 15d753114610..06a7f72b6b2a 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces'
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
index ec1d22925a98..075e7169c4d7 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces'
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/ignition/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/ignition/shared.yml
index ef2ad5899424..1fd5dbb9f7e9 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
index 3687e9e0d924..0c5ec81e6df8 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,wrlinux1019
title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces'
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/ignition/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/ignition/shared.yml
index bcc8f9641a80..9eb2f880a1f5 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
index 508f5e4121a7..0eb2e04930d3 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default'
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/ignition/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/ignition/shared.yml
index 1175885ae1c0..c0284f9bcef2 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
index 0edc87f5272c..88bdc4ba04b2 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces'
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/ignition/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/ignition/shared.yml
index c29ad59267fe..405d6c59a911 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
index 915fbff2b389..cc3fe54c3a75 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default'
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
index 78778cd0bb64..eac05d9d9ad2 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
title: 'Ensure IPv6 is disabled through kernel boot parameter'
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
index 3ec092f248a6..60e81a3f3b59 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/sysctl_net_ipv6_conf_all_disable_ipv6/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Disable IPv6 Networking Support Automatic Loading'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/ignition/shared.yml
index fa8554c1a77c..292f0eb192fb 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
index 11d299080de1..159924f54ba9 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/ignition/shared.yml
index c89da4f5e156..d62f11e052a4 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
index d62df77b7e54..3463a7a6f0d1 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/ignition/shared.yml
index 6948b629aa6d..13466975d1ea 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
index 903a97e5af41..27b9197082a1 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/ignition/shared.yml
index d638d5e723a9..e578d1a75850 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
index 1d629744e02d..174285836a5b 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/ignition/shared.yml
index bbf74003d750..59093ed474d7 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
index 845337e3e336..e6f1c024fc66 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/ignition/shared.yml
index b38ae9e2c5c2..471335b0e9f0 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
index 72b525be00cd..92c0d5af18aa 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/ignition/shared.yml
index 168f1a98f37e..15ba6c896057 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
index b34b867e3813..45aa46de2f66 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/ignition/shared.yml
index fbf6b0cae263..2f153c8e6531 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
index 6031dc2704af..3a8ae6690641 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/ignition/shared.yml
index 629e8ac99382..f67280b12d74 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
index b1bfda6985e1..605af0c6b8cb 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/ignition/shared.yml
index a6ccc9c29648..2db9694b2e81 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
index d6abf5d0a523..cd08bf20f263 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/ignition/shared.yml
index b713b6c2d9c7..59fc6d0e9d0d 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
index cd4d9932b148..3572edc04d66 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/ignition/shared.yml
index 75107433e46e..4950592357df 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
index ef548b1a0c3b..e3e4465f7606 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
index 3948ff2678ba..001c98c0a8a9 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel7,rhel8,sle15,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,ol8,rhel7,rhel8,sle15,wrlinux1019
title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/ignition/shared.yml
index 7b4434c7bd4a..1d312543633e 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
index dd7720eb77dd..0a94a1baceeb 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Enable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/ignition/shared.yml
index c1ed66425dd6..c0575f105d71 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
index dd8104456d81..e2245a9ed987 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/ignition/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/ignition/shared.yml
index 65e01968c942..ebf2ff4ab832 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
index bf9cd7d6b89f..5564556b6d35 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
index a5a41d90c759..469fede2d0af 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ocp4
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ocp4,rhcos4
title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/ignition/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/ignition/shared.yml
index 1bf60c463999..9213df0b16e4 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
index bb3245257a96..c1bdc066099f 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel6,rhel7,rhel8
title: 'Disable ATM Support'
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/ignition/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/ignition/shared.yml
index 63abbc11a3c9..adcee1d32b58 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
index 14a8e8d7298a..177688b4a377 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel6,rhel7,rhel8
title: 'Disable CAN Support'
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/ignition/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/ignition/shared.yml
index 167a533a0884..90f363fc0526 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
index 6ec08964d14d..21fb57d0bf6c 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel7,rhel8
title: 'Disable IEEE 1394 (FireWire) Support'
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/ignition/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/ignition/shared.yml
index cc6d46868577..8bf332a2e440 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
index b57f1a767a72..c6b8f4fc8116 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Disable SCTP Support'
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/ignition/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/ignition/shared.yml
index 0666a68bacf4..9b9216244a9c 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/ignition/shared.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/ignition/shared.yml
index 4ee2b3c786ef..ce8314a4559b 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
index 3e4c5c0dae78..b3933a391611 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4
title: 'Disable Bluetooth Kernel Module'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
index 7b2d6f71a637..0c6e1ee6dad6 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel6,rhel7,rhel8,rhv4,ocp4
+prodtype: fedora,rhel6,rhel7,rhel8,rhv4,ocp4,rhcos4
title: 'Disable Bluetooth Service'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
index c7fb605e55f5..3590a47e11f0 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8
title: 'Disable WiFi or Bluetooth in BIOS'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index 718285d25a7c..bb610219a2f4 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Deactivate Wireless Network Interfaces'
diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
index 8f8d4dbcd47e..038aefcdaab4 100644
--- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
+++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel7,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,rhel7,rhel8,rhv4
title: 'Prevent non-Privileged Users from Modifying Network Interfaces using nmcli'
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/ignition/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/ignition/shared.yml
index 523eae5fcc76..5350fa0592b2 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/ignition/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/ignition/shared.yml
index b3deda506536..06f3cbcaf35f 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
index 66204a0e0576..4411b56ec27c 100644
--- a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8
title: 'Disable Booting from USB Devices in Boot Firmware'
diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
index c555e294a630..8297a302d1d7 100644
--- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,rhel7,rhel8
title: 'Disable Kernel Support for USB via Bootloader Configuration'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/ignition/shared.yml
index e831c5b51cbb..9a838d6b05a1 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
index ee777d7d9382..121f593a74a5 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
title: 'Disable Mounting of cramfs'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/ignition/shared.yml
index 358ea421b530..95047cd6ebb5 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
index bf351846722a..16d1057065d8 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
title: 'Disable Mounting of freevxfs'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/ignition/shared.yml
index 5eef93dc4f35..7071318dd666 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
index 1e988e452841..50200144de03 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
title: 'Disable Mounting of hfs'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/ignition/shared.yml
index 481a3dcf16b0..674fc0133a09 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
index 9d771e378134..9243051188c1 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
title: 'Disable Mounting of hfsplus'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/ignition/shared.yml
index a762e37dce55..3fcd3f4ff49f 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
index a4ae7f01f069..b3b1467fbd05 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8,rhv4,sle15,ubuntu1804
title: 'Disable Mounting of jffs2'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/ignition/shared.yml
index 59e1038f38f3..65865d1e5bf1 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
index 9ee312210924..c5e54e6caf34 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8,sle15
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8,sle15
title: 'Disable Mounting of squashfs'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/ignition/shared.yml
index 4dd79dd909c2..21fb2b1536d3 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
index 1947d328ded1..12a68f243e5b 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8,sle15,ubuntu1804
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8,sle15,ubuntu1804
title: 'Disable Mounting of udf'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/ignition/shared.yml
index 4a17fbb6d0a9..8c6bdf022231 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
index 9a6a64079415..6e06ccf4c661 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Disable Modprobe Loading of USB Storage Driver'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/ignition/shared.yml
index f927b0c3bf97..fc4d4cb7df9a 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
index 2338a991511b..d5bf7339a31a 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Disable Mounting of vFAT filesystems'
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/ignition/shared.yml
index 38acbef89123..f6f72975eef3 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
index c44116e5d493..bbbb7d7bdcd8 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ubuntu1804
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ubuntu1804
title: 'Disable the Automounter'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
index 25e3b32e8e01..c403de2c2587 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,ocp4,rhcos4,sle15,ubuntu1804
title: 'Add noexec Option to /dev/shm'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
index 092798449a10..973e53645418 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804
+prodtype: ol7,ol8,rhel7,rhel8,ocp4,rhcos4,sle15,ubuntu1804
title: 'Add nodev Option to /home'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
index 34cd50db8f73..68039200d9d3 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,rhcos4,sle15,ubuntu1804
title: 'Add nodev Option to Removable Media Partitions'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
index d717a49b3f9f..4a6c80edb06e 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,ocp4,rhcos4,sle15,ubuntu1804
title: 'Add noexec Option to Removable Media Partitions'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
index 782907824174..f15a0d8ff306 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ocp4,ubuntu1804
+prodtype: fedora,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019,ocp4,rhcos4,ubuntu1804
title: 'Add nosuid Option to Removable Media Partitions'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
index 462656741b43..f3b1eaa8cefb 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804
+prodtype: ol7,ol8,rhel7,rhel8,ocp4,rhcos4,sle15,ubuntu1804
title: 'Add nodev Option to /var/tmp'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
index b8c627a45ece..a11255ffe268 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804
+prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,rhcos4,sle15,ubuntu1804
title: 'Add noexec Option to /var/tmp'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
index 622ab1e28a4f..2566ebd85065 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,sle15,ubuntu1804
+prodtype: ol7,ol8,rhel6,rhel7,rhel8,ocp4,rhcos4,sle15,ubuntu1804
title: 'Add nosuid Option to /var/tmp'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/ignition/shared.yml
index 31a57bd4d50f..c989c6c311af 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/ignition/shared.yml
index 31a57bd4d50f..c989c6c311af 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/ignition/shared.yml
index 7c966b5a5f63..37351f555e87 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
index 3fd071df6f92..a28358ac948f 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,sle15
title: 'Disable Core Dumps for All Users'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
index 70c4d319cdd6..abfa2d8d318c 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Disable acquiring, saving, and processing core dumps'
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/ignition/shared.yml
index 6322b70c8439..5fc768fcf894 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument/rule.yml
index 2fb262810698..2b804dc58620 100644
--- a/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/grub2_vsyscall_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Disable vsyscalls'
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/ignition/shared.yml
index ffef36d07463..b10ef277127f 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
index 7ad330a49e8b..c2ed5a5d6c81 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Enable page allocator poisoning'
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/ignition/shared.yml
index 2ea1f9933552..0938da9185ec 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
index b902b857123e..2a387b4eb32b 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8
title: 'Enable SLUB/SLAB allocator poisoning'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/ignition/shared.yml
index 6181111e02dc..5f86acf060c8 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
index 7286b94ec2fb..3361aa58fa1c 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Disable storing core dumps'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/ignition/shared.yml
index 3863f6c59a47..ceccece33a47 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
index 8335bee8c3a2..c2f2960f9ef0 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Restrict Access to Kernel Message Buffer'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/ignition/shared.yml
index da7850987b43..d9a1741322d6 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
index 9137af5af9d3..53446ac028a8 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Disable Kernel Image Loading'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/ignition/shared.yml
index 0eee561b0797..e9cf8d0ddc0e 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
index 2e90c97d2685..20e891ad4b32 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel7,rhel8
title: 'Disallow kernel profiling by unprivileged users'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/ignition/shared.yml
index 99fe82edaff6..6d44c009800e 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
index c64bdfe80a97..c16ef957ac59 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/ignition/shared.yml
index 8deca3aae9ed..a87e99f67b70 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ocp,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_ocp,multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
index cd07fd0197dc..49c02dded5dc 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8
title: 'Restrict usage of ptrace to descendant processes'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
index de26919f33d2..34743daad736 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Harden the operation of the BPF just-in-time compiler'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/ignition/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/ignition/shared.yml
index f437b89bbcb9..67c3cf6e0f75 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/ignition/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/ignition/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
index 32fb9800db1b..c4328998c1f3 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8
title: 'Disable the use of user namespaces'
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
index fdee8abc2689..9978552f3278 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
title: 'Ensure SELinux Not Disabled in /etc/default/grub'
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
index fb9bc40dae4b..0815107806b5 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,ocp4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,ocp4,rhcos4,sle15
title: 'Install libselinux Package'
diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
index 3ab4d54a863a..4b54a40b5cfa 100644
--- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Ensure No Daemons are Unconfined by SELinux'
diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
index 54545a2fb490..4078d1a847e4 100644
--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Configure SELinux Policy'
diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml
index 23204d8c3fec..bf735ace6154 100644
--- a/linux_os/guide/system/selinux/selinux_state/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_state/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Ensure SELinux State is Enforcing'
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
index 504c65f5c5cd..2bf1bb260061 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,ocp4,sle15,ubuntu1804
+prodtype: ol7,ol8,rhel7,rhel8,ocp4,rhcos4,sle15,ubuntu1804
title: 'Ensure /var/tmp Located On Separate Partition'
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
index 6700a609bab7..2c923db337f2 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle12,sle15
title: 'The Installed Operating System Is FIPS 140-2 Certified'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
index 8a07e4b78daa..f06b7284355b 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: 'Configure BIND to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
index ba235a2009af..a4a45dd8a044 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: 'Configure System Cryptography Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
index dac4c354837b..7df3b1b279a6 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: 'Configure Kerberos to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
index cf961196652d..0d76deb7c0f1 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: 'Configure Libreswan to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
index 276a8ed41c19..d80c0ed54ddf 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: 'Configure OpenSSL library to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
index 701049fa756b..61d460966d69 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhv4,ocp4
+prodtype: fedora,ol8,rhel8,rhv4,ocp4,rhcos4
title: 'Configure SSH to use System Crypto Policy'
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
index 7e04bd27f918..4eae9da608a5 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: "Enable Dracut FIPS Module"
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
index bd956ed71084..43c0b839e125 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: Enable FIPS Mode
diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
index a2d73bcf4f41..2ec453d18c3d 100644
--- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: Ensure '/etc/system-fips' exists
diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
index 1bb5fcd2df97..14c38b375678 100644
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,rhel7,wrlinux1019
+prodtype: ocp4,rhcos4,ol7,rhel7,wrlinux1019
title: 'Enable FIPS Mode in GRUB2'
diff --git a/linux_os/guide/system/software/integrity/fips/package_dracut-fips-aesni_installed/rule.yml b/linux_os/guide/system/software/integrity/fips/package_dracut-fips-aesni_installed/rule.yml
index f9ca356aee38..3e6541be45f8 100644
--- a/linux_os/guide/system/software/integrity/fips/package_dracut-fips-aesni_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/package_dracut-fips-aesni_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,rhel6,rhel7
+prodtype: ocp4,rhcos4,ol7,rhel6,rhel7
title: 'Install the dracut-fips-aesni Package'
diff --git a/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/rule.yml b/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/rule.yml
index 89754734e3db..655753a60e78 100644
--- a/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/package_dracut-fips_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,rhel6,rhel7
+prodtype: ocp4,rhcos4,ol7,rhel6,rhel7
title: 'Install the dracut-fips Package'
diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
index 8bf8b8549a28..f72497b59382 100644
--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol8,rhel8,rhv4
+prodtype: fedora,ocp4,rhcos4,ol8,rhel8,rhv4
title: "Set kernel parameter 'crypto.fips_enabled' to 1"
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
index 2fe895dac963..e1637a0643ec 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Install AIDE'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
index e353ecef4c48..37bbd73a1d3a 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Verify and Correct Ownership with RPM'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
index 677a239f3a37..226c2e2886c5 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15,wrlinux1019
title: 'Verify and Correct File Permissions with RPM'
diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
index 5b8f12fc21c4..68e7fe85f95f 100644
--- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
+++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ocp4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ocp4,rhcos4,ol7,ol8,rhel6,rhel7,rhel8,rhv4,sle15
title: 'Install sudo Package'
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
index 2b33a31f8f78..c4a9468fae07 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel6,rhel7,rhel8,rhv4,ocp4
+prodtype: rhel6,rhel7,rhel8,rhv4,ocp4,rhcos4
title: 'Ensure Red Hat GPG Key Installed'
diff --git a/ocp-resources/ds-build.yaml b/ocp-resources/ds-build.yaml
index 4c439e761612..ed8b21655ccd 100644
--- a/ocp-resources/ds-build.yaml
+++ b/ocp-resources/ds-build.yaml
@@ -1,12 +1,12 @@
kind: ImageStream
apiVersion: image.openshift.io/v1
metadata:
- name: "openscap-$PRODUCT-ds"
+ name: "openscap-ocp4-ds"
---
kind: BuildConfig
apiVersion: build.openshift.io/v1
metadata:
- name: "openscap-$PRODUCT-ds"
+ name: "openscap-ocp4-ds"
spec:
runPolicy: "Serial"
triggers:
@@ -16,11 +16,14 @@ spec:
dockerfile: |
FROM registry.access.redhat.com/ubi8/ubi-minimal
WORKDIR /
- COPY ssg-$PRODUCT-ds.xml .
+ COPY ssg-ocp4-ds.xml .
+ COPY ssg-rhel7-ds.xml .
+ COPY ssg-rhel8-ds.xml .
+ COPY ssg-rhcos4-ds.xml .
strategy:
dockerStrategy:
noCache: true
output:
to:
kind: "ImageStreamTag"
- name: "openscap-$PRODUCT-ds:latest"
+ name: "openscap-ocp4-ds:latest"
diff --git a/rhcos4/CMakeLists.txt b/rhcos4/CMakeLists.txt
new file mode 100644
index 000000000000..3102291e2066
--- /dev/null
+++ b/rhcos4/CMakeLists.txt
@@ -0,0 +1,9 @@
+# Sometimes our users will try to do: "cd rhcos4; cmake ." That needs to error in a nice way.
+if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
+ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the developer_guide.adoc for more details!")
+endif()
+
+set(PRODUCT "rhcos4")
+set(DISA_SRG_TYPE "os")
+
+ssg_build_product(${PRODUCT})
diff --git a/rhcos4/cpe/rhcos4-cpe-dictionary.xml b/rhcos4/cpe/rhcos4-cpe-dictionary.xml
new file mode 100644
index 000000000000..867b51277a42
--- /dev/null
+++ b/rhcos4/cpe/rhcos4-cpe-dictionary.xml
@@ -0,0 +1,60 @@
+
+
+
+ Red Hat Enterprise Linux CoreOS 4
+
+ installed_OS_is_rhcos4
+
+
+ Bare-metal or Virtual Machine
+
+ installed_env_is_a_machine
+
+
+ Package chrony is installed
+
+ installed_env_has_chrony_package
+
+
+ Package gdm is installed
+
+ installed_env_has_gdm_package
+
+
+ Package providing /etc/login.defs is installed
+
+ installed_env_has_login_defs
+
+
+ Package sssd-common is installed
+
+ installed_env_has_sssd-common_package
+
+
+ Package pam is installed
+
+ installed_env_has_pam_package
+
+
+ Package libuser is installed
+
+ installed_env_has_libuser_package
+
+
+ Package nss-pam-ldapd is installed
+
+ installed_env_has_nss-pam-ldapd_package
+
+
+ Package systemd is installed
+
+ installed_env_has_systemd_package
+
+
+ Package yum is installed
+
+ installed_env_has_yum_package
+
+
diff --git a/rhcos4/product.yml b/rhcos4/product.yml
new file mode 100644
index 000000000000..7d5122295261
--- /dev/null
+++ b/rhcos4/product.yml
@@ -0,0 +1,11 @@
+product: rhcos4
+full_name: Red Hat Enterprise Linux CoreOS 4
+type: platform
+
+benchmark_root: "../linux_os/guide"
+
+profiles_root: "./profiles"
+
+pkg_system: "rpm"
+
+init_system: "systemd"
diff --git a/rhcos4/profiles/coreos-ncp.profile b/rhcos4/profiles/coreos-ncp.profile
new file mode 100644
index 000000000000..004ad27dd4fd
--- /dev/null
+++ b/rhcos4/profiles/coreos-ncp.profile
@@ -0,0 +1,603 @@
+documentation_complete: true
+
+title: 'NIST National Checklist for Red Hat Enterprise Linux CoreOS'
+
+description: |-
+ This compliance profile reflects the core set of security
+ related configuration settings for deployment of Red Hat Enterprise
+ Linux CoreOS into U.S. Defense, Intelligence, and Civilian agencies.
+ Development partners and sponsors include the U.S. National Institute
+ of Standards and Technology (NIST), U.S. Department of Defense,
+ the National Security Agency, and Red Hat.
+
+ This baseline implements configuration requirements from the following
+ sources:
+
+ - Committee on National Security Systems Instruction No. 1253 (CNSSI 1253)
+ - NIST Controlled Unclassified Information (NIST 800-171)
+ - NIST 800-53 control selections for Moderate-Impact systems (NIST 800-53)
+ - U.S. Government Configuration Baseline (USGCB)
+ - NIAP Protection Profile for General Purpose Operating Systems v4.2.1 (OSPP v4.2.1)
+ - DISA Operating System Security Requirements Guide (OS SRG)
+
+ For any differing configuration requirements, e.g. password lengths, the stricter
+ security setting was chosen. Security Requirement Traceability Guides (RTMs) and
+ sample System Security Configuration Guides are provided via the
+ scap-security-guide-docs package.
+
+ This profile reflects U.S. Government consensus content and is developed through
+ the ComplianceAsCode initiative, championed by the National
+ Security Agency. Except for differences in formatting to accommodate
+ publishing processes, this profile mirrors ComplianceAsCode
+ content as minor divergences, such as bugfixes, work through the
+ consensus and release processes.
+
+selections:
+ #######################################################
+ ### GENERAL REQUIREMENTS
+ ### Things needed to meet OSPP functional requirements.
+ #######################################################
+
+ ### Partitioning
+ #- mount_option_home_nodev
+ #- mount_option_home_nosuid
+ #- mount_option_tmp_nodev
+ #- mount_option_tmp_noexec
+ #- mount_option_tmp_nosuid
+ #- mount_option_var_tmp_nodev
+ #- mount_option_var_tmp_noexec
+ #- mount_option_var_tmp_nosuid
+ #- mount_option_dev_shm_nodev
+ #- mount_option_dev_shm_noexec
+ #- mount_option_dev_shm_nosuid
+ #- mount_option_nodev_nonroot_local_partitions
+ #- mount_option_boot_nodev
+ #- mount_option_boot_nosuid
+ #- partition_for_home
+ #- partition_for_var
+ #- mount_option_var_nodev
+ #- partition_for_var_log
+ #- mount_option_var_log_nodev
+ #- mount_option_var_log_nosuid
+ #- mount_option_var_log_noexec
+ #- partition_for_var_log_audit
+ #- mount_option_var_log_audit_nodev
+ #- mount_option_var_log_audit_nosuid
+ #- mount_option_var_log_audit_noexec
+
+ ### Services
+ # sshd
+ #- sshd_disable_root_login
+ #- sshd_enable_strictmodes
+ #- disable_host_auth
+ #- sshd_disable_empty_passwords
+ #- sshd_disable_kerb_auth
+ #- sshd_disable_gssapi_auth
+ #- var_sshd_set_keepalive=0
+ #- sshd_set_keepalive
+ #- sshd_enable_warning_banner
+ #- sshd_rekey_limit
+
+
+ # Time Server
+ - chronyd_client_only
+ - chronyd_no_chronyc_network
+
+ ### Network Settings
+ - sysctl_net_ipv6_conf_all_accept_ra
+ - sysctl_net_ipv6_conf_default_accept_ra
+ - sysctl_net_ipv4_conf_all_accept_redirects
+ - sysctl_net_ipv4_conf_default_accept_redirects
+ - sysctl_net_ipv6_conf_all_accept_redirects
+ - sysctl_net_ipv6_conf_default_accept_redirects
+ - sysctl_net_ipv4_conf_all_accept_source_route
+ - sysctl_net_ipv4_conf_default_accept_source_route
+ - sysctl_net_ipv6_conf_all_accept_source_route
+ - sysctl_net_ipv6_conf_default_accept_source_route
+ - sysctl_net_ipv4_conf_all_secure_redirects
+ - sysctl_net_ipv4_conf_default_secure_redirects
+ - sysctl_net_ipv4_conf_all_send_redirects
+ - sysctl_net_ipv4_conf_default_send_redirects
+ - sysctl_net_ipv4_conf_all_log_martians
+ - sysctl_net_ipv4_conf_default_log_martians
+ - sysctl_net_ipv4_conf_all_rp_filter
+ - sysctl_net_ipv4_conf_default_rp_filter
+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+ - sysctl_net_ipv4_tcp_syncookies
+
+ ### systemd
+ - disable_ctrlaltdel_reboot
+ - disable_ctrlaltdel_burstaction
+ - service_debug-shell_disabled
+
+ ### umask
+ #- var_accounts_user_umask=027
+ #- accounts_umask_etc_profile
+ #- accounts_umask_etc_bashrc
+ #- accounts_umask_etc_csh_cshrc
+
+ ### Software update
+ #- ensure_redhat_gpgkey_installed
+ #- ensure_gpgcheck_globally_activated
+ #- ensure_gpgcheck_local_packages
+ #- ensure_gpgcheck_never_disabled
+
+ ### Passwords
+ #- var_password_pam_difok=4
+ #- accounts_password_pam_difok
+ #- var_password_pam_maxrepeat=3
+ #- accounts_password_pam_maxrepeat
+ #- var_password_pam_maxclassrepeat=4
+ #- accounts_password_pam_maxclassrepeat
+
+ ### Kernel Config
+ ## Boot prompt
+ - grub2_audit_argument
+ - grub2_audit_backlog_limit_argument
+ - grub2_slub_debug_argument
+ - grub2_page_poison_argument
+ - grub2_vsyscall_argument
+ - grub2_vsyscall_argument.role=unscored
+ - grub2_vsyscall_argument.severity=info
+ - grub2_pti_argument
+
+ ## Security Settings
+ - sysctl_kernel_kptr_restrict
+ - sysctl_kernel_dmesg_restrict
+ - sysctl_kernel_kexec_load_disabled
+ - sysctl_kernel_yama_ptrace_scope
+ - sysctl_kernel_perf_event_paranoid
+ - sysctl_kernel_unprivileged_bpf_disabled
+ - sysctl_net_core_bpf_jit_harden
+
+ ## File System Settings
+ - sysctl_fs_protected_hardlinks
+ - sysctl_fs_protected_symlinks
+
+ ### Audit
+ - service_auditd_enabled
+ - var_auditd_flush=incremental_async
+ - auditd_data_retention_flush
+ - auditd_local_events
+ - auditd_write_logs
+ - auditd_log_format
+ - auditd_freq
+ - auditd_name_format
+ - var_auditd_action_mail_acct=root
+ - var_auditd_space_left_action=email
+
+ #####
+ # Need to replace with fluentd checks
+ #- auditd_audispd_configure_remote_server
+ #- auditd_audispd_encrypt_sent_records
+ #- auditd_audispd_disk_full_action
+ #- auditd_audispd_network_failure_action
+ #####
+
+ ### Module Blacklist
+ - kernel_module_cramfs_disabled
+ - kernel_module_bluetooth_disabled
+ - kernel_module_sctp_disabled
+ - kernel_module_firewire-core_disabled
+ - kernel_module_atm_disabled
+ - kernel_module_can_disabled
+ - kernel_module_tipc_disabled
+
+ ### rpcbind
+
+ ### Install Required Packages
+ #- package_sssd-ipa_installed
+ - package_aide_installed
+ - package_iptables_installed
+ #- package_libcap-ng-utils_installed
+ #- package_openscap-scanner_installed
+ #- package_policycoreutils_installed
+ #- package_rng-tools_installed
+ - package_sudo_installed
+ - package_usbguard_installed
+ ####
+ # Need to replace with fluentd checks
+ #- package_audispd-plugins_installed
+ ####
+ #- package_scap-security-guide_installed
+ - package_audit_installed
+
+ ### Remove Prohibited Packages
+ #- package_sendmail_removed
+ #- package_iprutils_removed
+ #- package_gssproxy_removed
+ #- package_nfs-utils_removed
+ #- package_krb5-workstation_removed
+ #- package_abrt-addon-kerneloops_removed
+ #- package_abrt-addon-python_removed
+ #- package_abrt-addon-ccpp_removed
+ #- package_abrt-plugin-rhtsupport_removed
+ #- package_abrt-plugin-logger_removed
+ #- package_abrt-plugin-sosreport_removed
+ #- package_abrt-cli_removed
+ #- package_tuned_removed
+ #- package_abrt_removed
+
+ ### Login
+ - disable_users_coredumps
+ - sysctl_kernel_core_pattern
+ - coredump_disable_storage
+ - coredump_disable_backtraces
+ - service_systemd-coredump_disabled
+ #- var_accounts_max_concurrent_login_sessions=10
+ #- accounts_max_concurrent_login_sessions
+ #- securetty_root_login_console_only
+ #- var_password_pam_unix_remember=5
+ #- accounts_password_pam_unix_remember
+
+ ### SELinux Configuration
+ - var_selinux_state=enforcing
+ - selinux_state
+ - var_selinux_policy_name=targeted
+ - selinux_policytype
+
+ ### Application Whitelisting (RHEL 8)
+ - package_fapolicyd_installed
+ - service_fapolicyd_enabled
+
+ ### Enable the Hardware RNG Entropy Gatherer Service
+ - service_rngd_enabled
+
+ ### Configure SSSD
+ - sssd_run_as_sssd_user
+
+ ### Configure USBGuard
+ - service_usbguard_enabled
+ - configure_usbguard_auditbackend
+ - usbguard_allow_hid_and_hub
+
+ ### Enable / Configure FIPS
+ - enable_fips_mode
+ - var_system_crypto_policy=fips
+ - configure_crypto_policy
+ - harden_sshd_crypto_policy
+ - harden_ssh_client_crypto_policy
+ - configure_openssl_crypto_policy
+ - configure_kerberos_crypto_policy
+ - enable_dracut_fips_module
+
+ #######################################################
+ ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE
+ ### FOR GENERAL PURPOSE OPERATING SYSTEMS
+ ### ANNEX RELEASE 1
+ ### FOR PROTECTION PROFILE VERSIONS 4.2
+ ###
+ ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/
+ #######################################################
+
+ ## Configure Minimum Password Length to 12 Characters
+ ## IA-5 (1)(a) / FMT_MOF_EXT.1
+ #- var_accounts_password_minlen_login_defs=12
+ #- accounts_password_minlen_login_defs
+ #- var_password_pam_minlen=12
+ #- accounts_password_pam_minlen
+
+ ## Require at Least 1 Special Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ #- var_password_pam_ocredit=1
+ #- accounts_password_pam_ocredit
+
+ ## Require at Least 1 Numeric Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ #- var_password_pam_dcredit=1
+ #- accounts_password_pam_dcredit
+
+ ## Require at Least 1 Uppercase Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ #- var_password_pam_ucredit=1
+ #- accounts_password_pam_ucredit
+
+ ## Require at Least 1 Lowercase Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ #- var_password_pam_lcredit=1
+ #- accounts_password_pam_lcredit
+
+ ## Enable Screen Lock
+ ## FMT_MOF_EXT.1
+ #- package_tmux_installed
+ #- configure_bashrc_exec_tmux
+ #- no_tmux_in_shells
+ #- configure_tmux_lock_command
+ #- configure_tmux_lock_after_time
+
+ ## Set Screen Lock Timeout Period to 30 Minutes or Less
+ ## AC-11(a) / FMT_MOF_EXT.1
+ #- sshd_idle_timeout_value=10_minutes
+ #- sshd_set_idle_timeout
+
+ ## Disable Unauthenticated Login (such as Guest Accounts)
+ ## FIA_AFL.1
+ - require_singleuser_auth
+ - grub2_disable_interactive_boot
+ - grub2_uefi_password
+ - no_empty_passwords
+
+ ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes
+ ## AC-7(a) / FMT_MOF_EXT.1
+ #- var_accounts_passwords_pam_faillock_deny=3
+ #- accounts_passwords_pam_faillock_deny
+ #- var_accounts_passwords_pam_faillock_fail_interval=900
+ #- accounts_passwords_pam_faillock_interval
+ #- var_accounts_passwords_pam_faillock_unlock_time=never
+ #- accounts_passwords_pam_faillock_unlock_time
+ #- accounts_passwords_pam_faillock_deny_root
+ #- accounts_logon_fail_delay
+
+ ## Enable Host-Based Firewall
+ ## SC-7(12) / FMT_MOF_EXT.1
+ # TODO (Check for iptables and the kubelet config instead)
+
+ ## Configure Name/Addres of Remote Management Server
+ ## From Which to Receive Config Settings
+ ## CM-3(3) / FMT_MOF_EXT.1
+
+ ## Configure the System to Offload Audit Records to a Log
+ ## Server
+ ## AU-4(1) / FAU_GEN.1.1.c
+ #####
+ # Need to replace with fluentd checks
+ #- auditd_audispd_syslog_plugin_activated
+ #####
+
+ ## Set Logon Warning Banner
+ ## AC-8(a) / FMT_MOF_EXT.1
+ - banner_etc_issue
+
+ ## Audit All Logons (Success/Failure) and Logoffs (Success)
+ ## CNSSI 1253 Value or DoD-Specific Values:
+ ## (1) Logons (Success/Failure)
+ ## (2) Logoffs (Success)
+ ## AU-2(a) / FAU_GEN.1.1.c
+
+ ## Audit File and Object Events (Unsuccessful)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## (1) Create (Success/Failure)
+ ## (2) Access (Success/Failure)
+ ## (3) Delete (Sucess/Failure)
+ ## (4) Modify (Success/Failure)
+ ## (5) Permission Modification (Sucess/Failure)
+ ## (6) Ownership Modification (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ##
+ ##
+ ## (1) Create (Success/Failure)
+ ## (open with O_CREAT)
+ ## (2) Access (Success/Failure)
+ ## (3) Delete (Success/Failure)
+ ## (4) Modify (Success/Failure)
+ ## (5) Permission Modification (Success/Failure)
+ ## (6) Ownership Modification (Success/Failure)
+
+ ## Audit User and Group Management Events (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## (1) User add, delete, modify, disable, enable (Success/Failure)
+ ## (2) Group/Role add, delete, modify (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ##
+ ## Generic User and Group Management Events (Success/Failure)
+ ## Selection of setuid programs that relate to
+ ## user accounts.
+ ##
+ ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure)
+ ##
+ ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure)
+ ##
+ ## Audit Privilege or Role Escalation Events (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Privilege/Role escalation (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit All Audit and Log Data Accesses (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Audit and log data access (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit Cryptographic Verification of Software (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Applications (e.g. Firefox, Internet Explorer, MS Office Suite,
+ ## etc) initialization (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit Kernel Module Loading and Unloading Events (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_chown
+ - audit_rules_dac_modification_fchmod
+ - audit_rules_dac_modification_fchmodat
+ - audit_rules_dac_modification_fchown
+ - audit_rules_dac_modification_fchownat
+ - audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_fsetxattr
+ - audit_rules_dac_modification_lchown
+ - audit_rules_dac_modification_lremovexattr
+ - audit_rules_dac_modification_lsetxattr
+ - audit_rules_dac_modification_removexattr
+ - audit_rules_dac_modification_setxattr
+ - audit_rules_execution_chcon
+ - audit_rules_execution_restorecon
+ - audit_rules_execution_semanage
+ - audit_rules_execution_setfiles
+ - audit_rules_execution_setsebool
+ - audit_rules_execution_seunshare
+ - audit_rules_file_deletion_events_rename
+ - audit_rules_file_deletion_events_renameat
+ - audit_rules_file_deletion_events_rmdir
+ - audit_rules_file_deletion_events_unlink
+ - audit_rules_file_deletion_events_unlinkat
+ - audit_rules_kernel_module_loading_delete
+ - audit_rules_kernel_module_loading_finit
+ - audit_rules_kernel_module_loading_init
+ - audit_rules_login_events_faillock
+ - audit_rules_login_events_lastlog
+ - audit_rules_login_events_tallylog
+ - audit_rules_mac_modification
+ - audit_rules_media_export
+ - audit_rules_networkconfig_modification
+ - audit_rules_privileged_commands
+ - audit_rules_privileged_commands_at
+ - audit_rules_privileged_commands_chage
+ - audit_rules_privileged_commands_chsh
+ - audit_rules_privileged_commands_crontab
+ - audit_rules_privileged_commands_gpasswd
+ - audit_rules_privileged_commands_mount
+ - audit_rules_privileged_commands_newgidmap
+ - audit_rules_privileged_commands_newgrp
+ - audit_rules_privileged_commands_newuidmap
+ - audit_rules_privileged_commands_pam_timestamp_check
+ - audit_rules_privileged_commands_passwd
+ - audit_rules_privileged_commands_postdrop
+ - audit_rules_privileged_commands_postqueue
+ - audit_rules_privileged_commands_pt_chown
+ - audit_rules_privileged_commands_ssh_keysign
+ - audit_rules_privileged_commands_su
+ - audit_rules_privileged_commands_sudo
+ - audit_rules_privileged_commands_sudoedit
+ - audit_rules_privileged_commands_umount
+ - audit_rules_privileged_commands_unix_chkpwd
+ - audit_rules_privileged_commands_userhelper
+ - audit_rules_privileged_commands_usernetctl
+ - audit_rules_session_events
+ - audit_rules_sysadmin_actions
+ - audit_rules_time_adjtimex
+ - audit_rules_time_clock_settime
+ - audit_rules_time_settimeofday
+ - audit_rules_time_stime
+ - audit_rules_time_watch_localtime
+ - audit_rules_unsuccessful_file_modification_chmod
+ - audit_rules_unsuccessful_file_modification_chown
+ - audit_rules_unsuccessful_file_modification_creat
+ - audit_rules_unsuccessful_file_modification_fchmod
+ - audit_rules_unsuccessful_file_modification_fchmodat
+ - audit_rules_unsuccessful_file_modification_fchown
+ - audit_rules_unsuccessful_file_modification_fchownat
+ - audit_rules_unsuccessful_file_modification_fremovexattr
+ - audit_rules_unsuccessful_file_modification_fsetxattr
+ - audit_rules_unsuccessful_file_modification_ftruncate
+ - audit_rules_unsuccessful_file_modification_lchown
+ - audit_rules_unsuccessful_file_modification_lremovexattr
+ - audit_rules_unsuccessful_file_modification_lsetxattr
+ - audit_rules_unsuccessful_file_modification_open
+ - audit_rules_unsuccessful_file_modification_openat
+ - audit_rules_unsuccessful_file_modification_openat_o_creat
+ - audit_rules_unsuccessful_file_modification_openat_o_trunc_write
+ - audit_rules_unsuccessful_file_modification_openat_rule_order
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order
+ - audit_rules_unsuccessful_file_modification_open_o_creat
+ - audit_rules_unsuccessful_file_modification_open_o_trunc_write
+ - audit_rules_unsuccessful_file_modification_open_rule_order
+ - audit_rules_unsuccessful_file_modification_removexattr
+ - audit_rules_unsuccessful_file_modification_rename
+ - audit_rules_unsuccessful_file_modification_renameat
+ - audit_rules_unsuccessful_file_modification_setxattr
+ - audit_rules_unsuccessful_file_modification_truncate
+ - audit_rules_unsuccessful_file_modification_unlink
+ - audit_rules_unsuccessful_file_modification_unlinkat
+ - audit_rules_usergroup_modification_group
+ - audit_rules_usergroup_modification_gshadow
+ - audit_rules_usergroup_modification_opasswd
+ - audit_rules_usergroup_modification_passwd
+ - audit_rules_usergroup_modification_shadow
+
+ ## Enable Automatic Software Updates
+ ## SI-2 / FMT_MOF_EXT.1
+ # Configure dnf-automatic to Install Only Security Updates
+ #- dnf-automatic_security_updates_only
+
+ # Configure dnf-automatic to Install Available Updates Automatically
+ #- dnf-automatic_apply_updates
+
+ # Enable dnf-automatic Timer
+ #- timer_dnf-automatic_enabled
+
+ # Prevent Kerberos use by system daemons
+ #- kerberos_disable_no_keytab
+
+ # AC-18
+ - wireless_disable_in_bios
+ - wireless_disable_interfaces
+
+ # AC-19
+ - grub2_nousb_argument
+ - bios_disable_usb_boot
+ #- service_autofs_disabled
+ #- mount_option_nosuid_removable_partitions
+ #- mount_option_nodev_removable_partitions
+ #- mount_option_noexec_removable_partitions
+
+ # AC-3
+ - sshd_limit_user_access
+ - sshd_disable_rhosts
+ #- xwindows_runlevel_target
+ - grub2_enable_selinux
+ #- require_emergency_target_auth
+ - no_netrc_files
+
+ # AU-1
+ - audit_rules_immutable
+
+ # AU-4
+ - auditd_data_retention_action_mail_acct
+ - auditd_data_disk_full_action
+ - auditd_data_retention_admin_space_left_action
+ - auditd_data_retention_space_left_action
+ - auditd_data_disk_error_action
+ - auditd_data_retention_max_log_file_action
+ - auditd_data_retention_space_left
+
+ # AU-8
+ - service_chronyd_or_ntpd_enabled
+ - chronyd_or_ntpd_specify_remote_server
+ - chronyd_or_ntpd_set_maxpoll
+ - chronyd_or_ntpd_specify_multiple_servers
+
+ # AU-9
+ #- rpm_verify_ownership
+ #- rpm_verify_permissions
+ - selinux_confinement_of_daemons
+ #- ensure_logrotate_activated
+ - file_permissions_var_log_audit
+ - file_ownership_var_log_audit
+ - directory_permissions_var_log_audit
+
+ # AU-11
+ - auditd_data_retention_num_logs
+ - auditd_data_retention_max_log_file
+
+ # AC-2(5), AC-12
+ #- accounts_tmout
+
+ # AC-17
+ #- sshd_disable_rhosts_rsa
+ #- sshd_disable_user_known_hosts
+ #- sshd_do_not_permit_user_env
+ #- sshd_print_last_log
+ #- sshd_use_priv_separation
+
+ # AC-18(4)
+ - network_nmcli_permissions
+
+ # AC-6(5)
+ - no_shelllogin_for_systemaccounts
+ - no_direct_root_logins
+
+ # AC-6(9)
+ - accounts_no_uid_except_zero
+ - audit_rules_etc_group_open
+ - audit_rules_etc_group_openat
+ - audit_rules_etc_group_open_by_handle_at
+ - audit_rules_etc_gshadow_open
+ - audit_rules_etc_gshadow_openat
+ - audit_rules_etc_gshadow_open_by_handle_at
+ - audit_rules_etc_passwd_open
+ - audit_rules_etc_passwd_openat
+ - audit_rules_etc_passwd_open_by_handle_at
+ - audit_rules_etc_shadow_open
+ - audit_rules_etc_shadow_openat
+ - audit_rules_etc_shadow_open_by_handle_at
+ - directory_access_var_log_audit
diff --git a/rhcos4/profiles/e8.profile b/rhcos4/profiles/e8.profile
new file mode 100644
index 000000000000..a0d84893cb71
--- /dev/null
+++ b/rhcos4/profiles/e8.profile
@@ -0,0 +1,141 @@
+documentation_complete: true
+
+title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
+
+description: |-
+ This profile contains configuration checks for Red Hat Enterprise Linux CoreOS
+ that align to the Australian Cyber Security Centre (ACSC) Essential Eight.
+
+ A copy of the Essential Eight in Linux Environments guide can be found at the
+ ACSC website:
+
+ https://www.cyber.gov.au/publications/essential-eight-in-linux-environments
+
+selections:
+
+ ### Remove obsolete packages
+ #- package_talk_removed
+ #- package_talk-server_removed
+ #- package_xinetd_removed
+ #- service_xinetd_disabled
+ #- package_ypbind_removed
+ #- package_telnet_removed
+ #- service_telnet_disabled
+ #- package_telnet-server_removed
+ #- package_rsh_removed
+ #- package_rsh-server_removed
+ #- service_zebra_disabled
+ #- package_quagga_removed
+ #- service_avahi-daemon_disabled
+ #- package_squid_removed
+ #- service_squid_disabled
+
+ ### Software update
+ #- ensure_redhat_gpgkey_installed
+ #- ensure_gpgcheck_never_disabled
+ #- ensure_gpgcheck_local_packages
+ #- ensure_gpgcheck_globally_activated
+ #- security_patches_up_to_date
+ #- dnf-automatic_security_updates_only
+
+ ### System security settings
+ - sysctl_kernel_randomize_va_space
+# - sysctl_kernel_exec_shield
+ - sysctl_kernel_kptr_restrict
+ - sysctl_kernel_dmesg_restrict
+ - sysctl_kernel_kexec_load_disabled
+ - sysctl_kernel_yama_ptrace_scope
+ - sysctl_kernel_unprivileged_bpf_disabled
+ - sysctl_net_core_bpf_jit_harden
+
+ ### SELinux
+ - var_selinux_state=enforcing
+ - selinux_state
+ - var_selinux_policy_name=targeted
+ - selinux_policytype
+
+ ### Filesystem integrity
+ #- rpm_verify_hashes
+ #- rpm_verify_permissions
+ #- rpm_verify_ownership
+ #- file_permissions_unauthorized_sgid
+ #- file_permissions_unauthorized_suid
+ #- file_permissions_unauthorized_world_writable
+ #- dir_perms_world_writable_sticky_bits
+ #- file_permissions_library_dirs
+ #- file_ownership_binary_dirs
+ #- file_permissions_binary_dirs
+ #- file_ownership_library_dirs
+
+ ### Passwords
+ - no_empty_passwords
+
+ ### Partitioning
+ #- mount_option_dev_shm_nodev
+ #- mount_option_dev_shm_nosuid
+ #- mount_option_dev_shm_noexec
+
+ ### Network
+ #- package_firewalld_installed
+ #- service_firewalld_enabled
+ #- network_sniffer_disabled
+
+ ### Admin privileges
+ - accounts_no_uid_except_zero
+ #- sudo_remove_nopasswd
+ #- sudo_remove_no_authenticate
+ #- sudo_require_authentication
+
+ ### Audit
+ #- package_rsyslog_installed
+ #- service_rsyslog_enabled
+ - service_auditd_enabled
+ - var_auditd_flush=incremental_async
+ - auditd_data_retention_flush
+ - auditd_local_events
+ - auditd_write_logs
+ - auditd_log_format
+ - auditd_freq
+ - auditd_name_format
+ - audit_rules_login_events_tallylog
+ - audit_rules_login_events_faillock
+ - audit_rules_login_events_lastlog
+ - audit_rules_login_events
+ - audit_rules_time_adjtimex
+ - audit_rules_time_clock_settime
+ - audit_rules_time_watch_localtime
+ - audit_rules_time_settimeofday
+ - audit_rules_time_stime
+ - audit_rules_execution_restorecon
+ - audit_rules_execution_chcon
+ - audit_rules_execution_semanage
+ - audit_rules_execution_setsebool
+ - audit_rules_execution_setfiles
+ - audit_rules_execution_seunshare
+ - audit_rules_sysadmin_actions
+ - audit_rules_networkconfig_modification
+ - audit_rules_usergroup_modification
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_chown
+ - audit_rules_kernel_module_loading
+
+ ### Secure access
+ - sshd_disable_root_login
+ - sshd_disable_gssapi_auth
+ - sshd_print_last_log
+ - sshd_use_priv_separation
+ - sshd_do_not_permit_user_env
+ - sshd_disable_rhosts
+ - sshd_set_loglevel_info
+ - sshd_disable_empty_passwords
+ - sshd_disable_user_known_hosts
+ - sshd_enable_strictmodes
+
+ # See also: https://www.cyber.gov.au/ism/guidelines-using-cryptography
+ - var_system_crypto_policy=future
+ - configure_crypto_policy
+ - configure_ssh_crypto_policy
+
+ ### Application whitelisting
+ #- package_fapolicyd_installed
+ #- service_fapolicyd_enabled
diff --git a/rhcos4/profiles/moderate.profile b/rhcos4/profiles/moderate.profile
new file mode 100644
index 000000000000..b67fac626f4f
--- /dev/null
+++ b/rhcos4/profiles/moderate.profile
@@ -0,0 +1,631 @@
+documentation_complete: true
+
+title: 'NIST 800-53 Moderate-Impact Baseline for Red Hat Enterprise Linux CoreOS'
+
+description: |-
+ This compliance profile reflects the core set of Moderate-Impact Baseline
+ configuration settings for deployment of Red Hat Enterprise
+ Linux CoreOS into U.S. Defense, Intelligence, and Civilian agencies.
+ Development partners and sponsors include the U.S. National Institute
+ of Standards and Technology (NIST), U.S. Department of Defense,
+ the National Security Agency, and Red Hat.
+
+ This baseline implements configuration requirements from the following
+ sources:
+
+ - NIST 800-53 control selections for Moderate-Impact systems (NIST 800-53)
+
+ For any differing configuration requirements, e.g. password lengths, the stricter
+ security setting was chosen. Security Requirement Traceability Guides (RTMs) and
+ sample System Security Configuration Guides are provided via the
+ scap-security-guide-docs package.
+
+ This profile reflects U.S. Government consensus content and is developed through
+ the ComplianceAsCode initiative, championed by the National
+ Security Agency. Except for differences in formatting to accommodate
+ publishing processes, this profile mirrors ComplianceAsCode
+ content as minor divergences, such as bugfixes, work through the
+ consensus and release processes.
+
+selections:
+ #######################################################
+ ### GENERAL REQUIREMENTS
+ ### Things needed to meet OSPP functional requirements.
+ #######################################################
+
+ ### Partitioning
+ #- mount_option_home_nodev
+ #- mount_option_home_nosuid
+ #- mount_option_tmp_nodev
+ #- mount_option_tmp_noexec
+ #- mount_option_tmp_nosuid
+ #- mount_option_var_tmp_nodev
+ #- mount_option_var_tmp_noexec
+ #- mount_option_var_tmp_nosuid
+ #- mount_option_dev_shm_nodev
+ #- mount_option_dev_shm_noexec
+ #- mount_option_dev_shm_nosuid
+ #- mount_option_nodev_nonroot_local_partitions
+ #- mount_option_boot_nodev
+ #- mount_option_boot_nosuid
+ #- partition_for_home
+ #- partition_for_var
+ #- mount_option_var_nodev
+ #- partition_for_var_log
+ #- mount_option_var_log_nodev
+ #- mount_option_var_log_nosuid
+ #- mount_option_var_log_noexec
+ #- partition_for_var_log_audit
+ #- mount_option_var_log_audit_nodev
+ #- mount_option_var_log_audit_nosuid
+ #- mount_option_var_log_audit_noexec
+
+ ### Services
+ # sshd
+ #- sshd_disable_root_login
+ #- sshd_enable_strictmodes
+ #- disable_host_auth
+ #- sshd_disable_empty_passwords
+ #- sshd_disable_kerb_auth
+ #- sshd_disable_gssapi_auth
+ #- var_sshd_set_keepalive=0
+ # AC-2(5)
+ - sshd_set_keepalive
+ #- sshd_enable_warning_banner
+ #- sshd_rekey_limit
+
+ # Time Server
+ - chronyd_client_only
+ - chronyd_no_chronyc_network
+
+ ### Network Settings
+ - sysctl_net_ipv4_conf_all_accept_redirects
+ - sysctl_net_ipv4_conf_all_accept_source_route
+ - sysctl_net_ipv4_conf_all_log_martians
+ - sysctl_net_ipv4_conf_all_rp_filter
+ - sysctl_net_ipv4_conf_all_secure_redirects
+ - sysctl_net_ipv4_conf_all_send_redirects
+ - sysctl_net_ipv4_conf_default_accept_redirects
+ - sysctl_net_ipv4_conf_default_accept_source_route
+ - sysctl_net_ipv4_conf_default_log_martians
+ - sysctl_net_ipv4_conf_default_rp_filter
+ - sysctl_net_ipv4_conf_default_secure_redirects
+ - sysctl_net_ipv4_conf_default_send_redirects
+ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+ - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+ - sysctl_net_ipv4_tcp_syncookies
+ - sysctl_net_ipv6_conf_all_accept_ra
+ - sysctl_net_ipv6_conf_all_accept_redirects
+ - sysctl_net_ipv6_conf_all_accept_source_route
+ - sysctl_net_ipv6_conf_default_accept_ra
+ - sysctl_net_ipv6_conf_default_accept_redirects
+ - sysctl_net_ipv6_conf_default_accept_source_route
+
+ ### systemd
+ - disable_ctrlaltdel_reboot
+ - disable_ctrlaltdel_burstaction
+ - service_debug-shell_disabled
+
+ ### umask
+ #- var_accounts_user_umask=027
+ #- accounts_umask_etc_profile
+ #- accounts_umask_etc_bashrc
+ #- accounts_umask_etc_csh_cshrc
+
+ ### Software update
+ #- ensure_redhat_gpgkey_installed
+ #- ensure_gpgcheck_globally_activated
+ #- ensure_gpgcheck_local_packages
+ #- ensure_gpgcheck_never_disabled
+
+ ### Passwords
+ #- var_password_pam_difok=4
+ #- accounts_password_pam_difok
+ #- var_password_pam_maxrepeat=3
+ #- accounts_password_pam_maxrepeat
+ #- var_password_pam_maxclassrepeat=4
+ #- accounts_password_pam_maxclassrepeat
+
+ ### Kernel Config
+ ## Boot prompt
+ - grub2_vsyscall_argument.role=unscored
+ - grub2_vsyscall_argument.severity=info
+ - grub2_pti_argument
+
+ ## Security Settings
+ - sysctl_kernel_kptr_restrict
+ - sysctl_kernel_dmesg_restrict
+ - sysctl_kernel_kexec_load_disabled
+ - sysctl_kernel_yama_ptrace_scope
+ - sysctl_kernel_perf_event_paranoid
+ - sysctl_kernel_unprivileged_bpf_disabled
+ - sysctl_net_core_bpf_jit_harden
+
+ ## File System Settings
+ - sysctl_fs_protected_hardlinks
+ - sysctl_fs_protected_symlinks
+
+ ### Audit
+ # AC-2(4) and others
+ - service_auditd_enabled
+ - var_auditd_flush=incremental_async
+ - auditd_data_retention_flush
+ - auditd_local_events
+ - auditd_write_logs
+ - auditd_log_format
+ - auditd_freq
+ - auditd_name_format
+ - var_auditd_action_mail_acct=root
+ - var_auditd_space_left_action=email
+
+ #####
+ # Need to replace with fluentd checks
+ #- auditd_audispd_configure_remote_server
+ #- auditd_audispd_encrypt_sent_records
+ #- auditd_audispd_disk_full_action
+ #- auditd_audispd_network_failure_action
+ #####
+
+ ### Module Blacklist
+ - kernel_module_cramfs_disabled
+ - kernel_module_bluetooth_disabled
+ - kernel_module_sctp_disabled
+ - kernel_module_firewire-core_disabled
+ - kernel_module_atm_disabled
+ - kernel_module_can_disabled
+ - kernel_module_tipc_disabled
+
+ ### rpcbind
+
+ ### Install Required Packages
+ #- package_sssd-ipa_installed
+ # We won't check AIDE directly, we'll need to check cluster-wide for the
+ # file-integrity-operator
+ # package_aide_installed
+ - package_iptables_installed
+ #- package_libcap-ng-utils_installed
+ #- package_openscap-scanner_installed
+ #- package_policycoreutils_installed
+ #- package_rng-tools_installed
+ - package_sudo_installed
+ - package_usbguard_installed
+ ####
+ # Need to replace with fluentd checks
+ #- package_audispd-plugins_installed
+ ####
+ #- package_scap-security-guide_installed
+
+ ### Remove Prohibited Packages
+ #- package_sendmail_removed
+ #- package_iprutils_removed
+ #- package_gssproxy_removed
+ #- package_nfs-utils_removed
+ #- package_krb5-workstation_removed
+ #- package_abrt-addon-kerneloops_removed
+ #- package_abrt-addon-python_removed
+ #- package_abrt-addon-ccpp_removed
+ #- package_abrt-plugin-rhtsupport_removed
+ #- package_abrt-plugin-logger_removed
+ #- package_abrt-plugin-sosreport_removed
+ #- package_abrt-cli_removed
+ #- package_tuned_removed
+ #- package_abrt_removed
+
+ ### Login
+ - disable_users_coredumps
+ - sysctl_kernel_core_pattern
+ - coredump_disable_storage
+ - coredump_disable_backtraces
+ - service_systemd-coredump_disabled
+ #- var_accounts_max_concurrent_login_sessions=10
+ #- accounts_max_concurrent_login_sessions
+ #- securetty_root_login_console_only
+ #- var_password_pam_unix_remember=5
+ #- accounts_password_pam_unix_remember
+
+ ### SELinux Configuration
+ - var_selinux_state=enforcing
+ - selinux_state
+ - var_selinux_policy_name=targeted
+ - selinux_policytype
+
+ ### Enable the Hardware RNG Entropy Gatherer Service
+ - service_rngd_enabled
+
+ ### Configure SSSD
+ - sssd_run_as_sssd_user
+
+ ### Configure USBGuard
+ - service_usbguard_enabled
+ - configure_usbguard_auditbackend
+ - usbguard_allow_hid_and_hub
+
+ ### Enable / Configure FIPS
+ - enable_fips_mode
+ - var_system_crypto_policy=fips
+ - configure_crypto_policy
+ - harden_sshd_crypto_policy
+ - harden_ssh_client_crypto_policy
+ - configure_openssl_crypto_policy
+ - configure_kerberos_crypto_policy
+ - enable_dracut_fips_module
+
+ #######################################################
+ ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE
+ ### FOR GENERAL PURPOSE OPERATING SYSTEMS
+ ### ANNEX RELEASE 1
+ ### FOR PROTECTION PROFILE VERSIONS 4.2
+ ###
+ ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/
+ #######################################################
+
+ ## Configure Minimum Password Length to 12 Characters
+ ## IA-5 (1)(a) / FMT_MOF_EXT.1
+ #- var_accounts_password_minlen_login_defs=12
+ #- accounts_password_minlen_login_defs
+ #- var_password_pam_minlen=12
+ #- accounts_password_pam_minlen
+
+ ## Require at Least 1 Special Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ #- var_password_pam_ocredit=1
+ #- accounts_password_pam_ocredit
+
+ ## Require at Least 1 Numeric Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ #- var_password_pam_dcredit=1
+ #- accounts_password_pam_dcredit
+
+ ## Require at Least 1 Uppercase Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ #- var_password_pam_ucredit=1
+ #- accounts_password_pam_ucredit
+
+ ## Require at Least 1 Lowercase Character in Password
+ ## IA-5(1)(a) / FMT_MOF_EXT.1
+ #- var_password_pam_lcredit=1
+ #- accounts_password_pam_lcredit
+
+ ## Enable Screen Lock
+ ## FMT_MOF_EXT.1
+ #- package_tmux_installed
+ #- configure_bashrc_exec_tmux
+ - no_tmux_in_shells
+ #- configure_tmux_lock_command
+ #- configure_tmux_lock_after_time
+
+ ## Set Screen Lock Timeout Period to 30 Minutes or Less
+ ## AC-11(a) / FMT_MOF_EXT.1
+ #- sshd_idle_timeout_value=10_minutes
+ # AC-2(5)
+ - sshd_set_idle_timeout
+
+ ## Disable Unauthenticated Login (such as Guest Accounts)
+ ## FIA_AFL.1
+ - require_singleuser_auth
+ - grub2_disable_interactive_boot
+ - grub2_uefi_password
+ - no_empty_passwords
+
+ ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes
+ ## AC-7(a) / FMT_MOF_EXT.1
+ #- var_accounts_passwords_pam_faillock_deny=3
+ #- accounts_passwords_pam_faillock_deny
+ #- var_accounts_passwords_pam_faillock_fail_interval=900
+ #- accounts_passwords_pam_faillock_interval
+ #- var_accounts_passwords_pam_faillock_unlock_time=never
+ #- accounts_passwords_pam_faillock_unlock_time
+ #- accounts_passwords_pam_faillock_deny_root
+ #- accounts_logon_fail_delay
+
+ ## Enable Host-Based Firewall
+ ## SC-7(12) / FMT_MOF_EXT.1
+ # TODO (Check for iptables and the kubelet config instead)
+
+ ## Configure Name/Addres of Remote Management Server
+ ## From Which to Receive Config Settings
+ ## CM-3(3) / FMT_MOF_EXT.1
+
+ ## Configure the System to Offload Audit Records to a Log
+ ## Server
+ ## AU-4(1) / FAU_GEN.1.1.c
+ #####
+ # Need to replace with fluentd checks
+ #- auditd_audispd_syslog_plugin_activated
+ #####
+
+ ## Set Logon Warning Banner
+ ## AC-8(a) / FMT_MOF_EXT.1
+ - banner_etc_issue
+
+ ## Audit All Logons (Success/Failure) and Logoffs (Success)
+ ## CNSSI 1253 Value or DoD-Specific Values:
+ ## (1) Logons (Success/Failure)
+ ## (2) Logoffs (Success)
+ ## AU-2(a) / FAU_GEN.1.1.c
+
+ ## Audit File and Object Events (Unsuccessful)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## (1) Create (Success/Failure)
+ ## (2) Access (Success/Failure)
+ ## (3) Delete (Sucess/Failure)
+ ## (4) Modify (Success/Failure)
+ ## (5) Permission Modification (Sucess/Failure)
+ ## (6) Ownership Modification (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ##
+ ##
+ ## (1) Create (Success/Failure)
+ ## (open with O_CREAT)
+ ## (2) Access (Success/Failure)
+ ## (3) Delete (Success/Failure)
+ ## (4) Modify (Success/Failure)
+ ## (5) Permission Modification (Success/Failure)
+ ## (6) Ownership Modification (Success/Failure)
+
+ ## Audit User and Group Management Events (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## (1) User add, delete, modify, disable, enable (Success/Failure)
+ ## (2) Group/Role add, delete, modify (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ##
+ ## Generic User and Group Management Events (Success/Failure)
+ ## Selection of setuid programs that relate to
+ ## user accounts.
+ ##
+ ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure)
+ ##
+ ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure)
+ ##
+ ## Audit Privilege or Role Escalation Events (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Privilege/Role escalation (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit All Audit and Log Data Accesses (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Audit and log data access (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit Cryptographic Verification of Software (Success/Failure)
+ ## CNSSI 1253 Value or DoD-specific Values:
+ ## - Applications (e.g. Firefox, Internet Explorer, MS Office Suite,
+ ## etc) initialization (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ ## Audit Kernel Module Loading and Unloading Events (Success/Failure)
+ ## AU-2(a) / FAU_GEN.1.1.c
+ - audit_rules_dac_modification_chmod
+ - audit_rules_dac_modification_chown
+ - audit_rules_dac_modification_fchmod
+ - audit_rules_dac_modification_fchmodat
+ - audit_rules_dac_modification_fchown
+ - audit_rules_dac_modification_fchownat
+ - audit_rules_dac_modification_fremovexattr
+ - audit_rules_dac_modification_fsetxattr
+ - audit_rules_dac_modification_lchown
+ - audit_rules_dac_modification_lremovexattr
+ - audit_rules_dac_modification_lsetxattr
+ - audit_rules_dac_modification_removexattr
+ - audit_rules_dac_modification_setxattr
+ - audit_rules_execution_chcon
+ - audit_rules_execution_restorecon
+ - audit_rules_execution_semanage
+ - audit_rules_execution_setfiles
+ - audit_rules_execution_setsebool
+ - audit_rules_execution_seunshare
+ - audit_rules_file_deletion_events_rename
+ - audit_rules_file_deletion_events_renameat
+ - audit_rules_file_deletion_events_rmdir
+ - audit_rules_file_deletion_events_unlink
+ - audit_rules_file_deletion_events_unlinkat
+ - audit_rules_kernel_module_loading_delete
+ - audit_rules_kernel_module_loading_finit
+ - audit_rules_kernel_module_loading_init
+ - audit_rules_login_events_faillock
+ - audit_rules_login_events_lastlog
+ - audit_rules_login_events_tallylog
+ - audit_rules_mac_modification
+ - audit_rules_media_export
+ - audit_rules_networkconfig_modification
+ - audit_rules_privileged_commands
+ - audit_rules_privileged_commands_at
+ - audit_rules_privileged_commands_chage
+ - audit_rules_privileged_commands_chsh
+ - audit_rules_privileged_commands_crontab
+ - audit_rules_privileged_commands_gpasswd
+ - audit_rules_privileged_commands_mount
+ - audit_rules_privileged_commands_newgidmap
+ - audit_rules_privileged_commands_newgrp
+ - audit_rules_privileged_commands_newuidmap
+ - audit_rules_privileged_commands_pam_timestamp_check
+ - audit_rules_privileged_commands_passwd
+ - audit_rules_privileged_commands_postdrop
+ - audit_rules_privileged_commands_postqueue
+ - audit_rules_privileged_commands_pt_chown
+ - audit_rules_privileged_commands_ssh_keysign
+ - audit_rules_privileged_commands_su
+ - audit_rules_privileged_commands_sudo
+ - audit_rules_privileged_commands_sudoedit
+ - audit_rules_privileged_commands_umount
+ - audit_rules_privileged_commands_unix_chkpwd
+ - audit_rules_privileged_commands_userhelper
+ - audit_rules_privileged_commands_usernetctl
+ - audit_rules_session_events
+ - audit_rules_sysadmin_actions
+ - audit_rules_time_adjtimex
+ - audit_rules_time_clock_settime
+ - audit_rules_time_settimeofday
+ - audit_rules_time_stime
+ - audit_rules_time_watch_localtime
+ - audit_rules_unsuccessful_file_modification_chmod
+ - audit_rules_unsuccessful_file_modification_chown
+ - audit_rules_unsuccessful_file_modification_creat
+ - audit_rules_unsuccessful_file_modification_fchmod
+ - audit_rules_unsuccessful_file_modification_fchmodat
+ - audit_rules_unsuccessful_file_modification_fchown
+ - audit_rules_unsuccessful_file_modification_fchownat
+ - audit_rules_unsuccessful_file_modification_fremovexattr
+ - audit_rules_unsuccessful_file_modification_fsetxattr
+ - audit_rules_unsuccessful_file_modification_ftruncate
+ - audit_rules_unsuccessful_file_modification_lchown
+ - audit_rules_unsuccessful_file_modification_lremovexattr
+ - audit_rules_unsuccessful_file_modification_lsetxattr
+ - audit_rules_unsuccessful_file_modification_open
+ - audit_rules_unsuccessful_file_modification_openat
+ - audit_rules_unsuccessful_file_modification_openat_o_creat
+ - audit_rules_unsuccessful_file_modification_openat_o_trunc_write
+ - audit_rules_unsuccessful_file_modification_openat_rule_order
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write
+ - audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order
+ - audit_rules_unsuccessful_file_modification_open_o_creat
+ - audit_rules_unsuccessful_file_modification_open_o_trunc_write
+ - audit_rules_unsuccessful_file_modification_open_rule_order
+ - audit_rules_unsuccessful_file_modification_removexattr
+ - audit_rules_unsuccessful_file_modification_rename
+ - audit_rules_unsuccessful_file_modification_renameat
+ - audit_rules_unsuccessful_file_modification_setxattr
+ - audit_rules_unsuccessful_file_modification_truncate
+ - audit_rules_unsuccessful_file_modification_unlink
+ - audit_rules_unsuccessful_file_modification_unlinkat
+ # AC-2(4)
+ - audit_rules_usergroup_modification_group
+ - audit_rules_usergroup_modification_gshadow
+ - audit_rules_usergroup_modification_opasswd
+ - audit_rules_usergroup_modification_passwd
+ - audit_rules_usergroup_modification_shadow
+
+ ## Enable Automatic Software Updates
+ ## SI-2 / FMT_MOF_EXT.1
+ # Configure dnf-automatic to Install Only Security Updates
+ #- dnf-automatic_security_updates_only
+
+ # Configure dnf-automatic to Install Available Updates Automatically
+ #- dnf-automatic_apply_updates
+
+ # Enable dnf-automatic Timer
+ #- timer_dnf-automatic_enabled
+
+ # Prevent Kerberos use by system daemons
+ #- kerberos_disable_no_keytab
+
+ # AC-18
+ - wireless_disable_in_bios
+ - wireless_disable_interfaces
+
+ # AC-19
+ - grub2_nousb_argument
+ - bios_disable_usb_boot
+ - service_autofs_disabled
+ #- mount_option_nosuid_removable_partitions
+ #- mount_option_nodev_removable_partitions
+ #- mount_option_noexec_removable_partitions
+
+ # AC-1
+ - configure_ssh_crypto_policy
+ - service_bluetooth_disabled
+ #- sshd_use_approved_macs
+ #- sshd_use_approved_ciphers
+ #- sshd_set_loglevel_verbose
+ #- sshd_set_loglevel_info
+ #- sshd_disable_compression
+ #- sshd_allow_only_protocol2
+ - file_permissions_sshd_pub_key
+ - file_permissions_sshd_private_key
+ - file_permissions_sshd_config
+ - file_owner_sshd_config
+ - file_groupowner_sshd_config
+
+ # AC-3
+ - sshd_limit_user_access
+ - sshd_disable_rhosts
+ #- xwindows_runlevel_target
+ - grub2_enable_selinux
+ #- require_emergency_target_auth
+ - no_netrc_files
+
+ # AU-1
+ - audit_rules_immutable
+
+ # AU-3
+ - package_audit_installed
+ - grub2_audit_argument
+ - grub2_audit_backlog_limit_argument
+ #- grub2_slub_debug_argument
+ - grub2_page_poison_argument
+ - grub2_vsyscall_argument
+
+ # AU-4
+ - auditd_data_retention_action_mail_acct
+ - auditd_data_disk_full_action
+ - auditd_data_retention_admin_space_left_action
+ - auditd_data_retention_space_left_action
+ - auditd_data_disk_error_action
+ - auditd_data_retention_max_log_file_action
+ - auditd_data_retention_space_left
+
+ # AU-8
+ - service_chronyd_or_ntpd_enabled
+ - chronyd_or_ntpd_specify_remote_server
+ - chronyd_or_ntpd_set_maxpoll
+ - chronyd_or_ntpd_specify_multiple_servers
+
+ # AU-9
+ - rpm_verify_ownership
+ - rpm_verify_permissions
+ - selinux_confinement_of_daemons
+ # TODO - we should update this rule to parameterize the rotation cadence.
+ # The check curently expects it to be daily, but OCP4 nodes rotate weekly.
+ - ensure_logrotate_activated
+ - file_permissions_var_log_audit
+ - file_ownership_var_log_audit
+ - directory_permissions_var_log_audit
+
+ # AU-11
+ - auditd_data_retention_num_logs
+ - auditd_data_retention_max_log_file
+
+ # AC-2(3)
+ - account_disable_post_pw_expiration
+
+ # AC-2(5), AC-12
+ #- accounts_tmout
+
+ # AC-17
+ #- sshd_disable_rhosts_rsa
+ #- sshd_disable_user_known_hosts
+ #- sshd_do_not_permit_user_env
+ #- sshd_print_last_log
+ #- sshd_use_priv_separation
+
+ # AC-18(4)
+ - network_nmcli_permissions
+
+ # AC-6(5)
+ - no_shelllogin_for_systemaccounts
+ - no_direct_root_logins
+
+ # AC-6(9)
+ - accounts_no_uid_except_zero
+ - audit_rules_etc_group_open
+ - audit_rules_etc_group_openat
+ - audit_rules_etc_group_open_by_handle_at
+ - audit_rules_etc_gshadow_open
+ - audit_rules_etc_gshadow_openat
+ - audit_rules_etc_gshadow_open_by_handle_at
+ - audit_rules_etc_passwd_open
+ - audit_rules_etc_passwd_openat
+ - audit_rules_etc_passwd_open_by_handle_at
+ - audit_rules_etc_shadow_open
+ - audit_rules_etc_shadow_openat
+ - audit_rules_etc_shadow_open_by_handle_at
+ - directory_access_var_log_audit
+
+ # CM-7
+ - kernel_module_freevxfs_disabled
+ - kernel_module_hfs_disabled
+ - kernel_module_hfsplus_disabled
+ - kernel_module_jffs2_disabled
+ - kernel_module_squashfs_disabled
+ - kernel_module_udf_disabled
+ - kernel_module_usb-storage_disabled
+ - kernel_module_vfat_disabled
diff --git a/rhcos4/transforms/constants.xslt b/rhcos4/transforms/constants.xslt
new file mode 100644
index 000000000000..eee9e6735b6d
--- /dev/null
+++ b/rhcos4/transforms/constants.xslt
@@ -0,0 +1,21 @@
+
+
+
+
+Red Hat Enterprise Linux CoreOS 4
+RHCOS 4
+RHCOS_4_STIG
+RHCOS-4
+rhcos4
+
+empty
+
+
+
+
+
+
+
+
+
+
diff --git a/rhcos4/transforms/shorthand2xccdf.xslt b/rhcos4/transforms/shorthand2xccdf.xslt
new file mode 100644
index 000000000000..e017cf6f3fde
--- /dev/null
+++ b/rhcos4/transforms/shorthand2xccdf.xslt
@@ -0,0 +1,8 @@
+
+
+
+
+
+unknown
+
+
diff --git a/shared/checks/oval/installed_OS_is_rhcos4.xml b/shared/checks/oval/installed_OS_is_rhcos4.xml
new file mode 100644
index 000000000000..d6bc550e19f4
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_rhcos4.xml
@@ -0,0 +1,16 @@
+
+
+
+ Red Hat Enterprise Linux CoreOS
+
+ multi_platform_all
+
+
+ The operating system installed on the system is
+ Red Hat Enterprise Linux CoreOS
+
+
+
+
+
+
diff --git a/shared/templates/template_IGNITION_service_disabled b/shared/templates/template_IGNITION_service_disabled
index 5b04145a5399..9f271f4319ea 100644
--- a/shared/templates/template_IGNITION_service_disabled
+++ b/shared/templates/template_IGNITION_service_disabled
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos
# reboot = true
# strategy = disable
# complexity = low
diff --git a/shared/templates/template_KUBERNETES_service_disabled b/shared/templates/template_KUBERNETES_service_disabled
index 5b04145a5399..29ebc7fc8666 100644
--- a/shared/templates/template_KUBERNETES_service_disabled
+++ b/shared/templates/template_KUBERNETES_service_disabled
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp
+# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos4
# reboot = true
# strategy = disable
# complexity = low
diff --git a/ssg/constants.py b/ssg/constants.py
index bdc054fd6cbd..49313eb186a1 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -15,6 +15,7 @@
'jre',
'macos1015',
'ocp3', 'ocp4',
+ 'rhcos4',
'ol7', 'ol8',
'opensuse',
'rhel6', 'rhel7', 'rhel8',
@@ -152,6 +153,7 @@
"Apple macOS 10.15": "macos1015",
"Red Hat OpenShift Container Platform 3": "ocp3",
"Red Hat OpenShift Container Platform 4": "ocp4",
+ "Red Hat Enterprise Linux CoreOS 4": "rhcos4",
"Oracle Linux 7": "ol7",
"Oracle Linux 8": "ol8",
"openSUSE": "opensuse",
@@ -253,6 +255,9 @@
"ocp4": [
"cpe:/a:redhat:openshift_container_platform:4.1",
],
+ "rhcos4": [
+ "cpe:/a:redhat:enterprise_linux_coreos:4",
+ ],
"ol7": [
"cpe:/o:oracle:linux:7",
],
@@ -335,7 +340,7 @@
}
MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
- "wrlinux", "opensuse", "sle", "ol", "ocp", "example"]
+ "wrlinux", "opensuse", "sle", "ol", "ocp", "rhcos", "example"]
MULTI_PLATFORM_MAPPING = {
"multi_platform_debian": ["debian8", "debian9", "debian10"],
@@ -344,6 +349,7 @@
"multi_platform_opensuse": ["opensuse"],
"multi_platform_ol": ["ol7", "ol8"],
"multi_platform_ocp": ["ocp3", "ocp4"],
+ "multi_platform_rhcos": ["rhcos4"],
"multi_platform_rhel": ["rhel6", "rhel7", "rhel8"],
"multi_platform_rhosp": ["rhosp10", "rhosp13"],
"multi_platform_rhv": ["rhv4"],
@@ -516,6 +522,7 @@
'example': 'Example Linux Content',
'ol': 'Oracle Linux',
'ocp': 'Red Hat OpenShift Container Platform',
+ 'rhcos': 'Red Hat Enterprise Linux CoreOS',
}
diff --git a/tests/ocp4e2e/Makefile b/tests/ocp4e2e/Makefile
index d98fcac2f938..345660e45ace 100644
--- a/tests/ocp4e2e/Makefile
+++ b/tests/ocp4e2e/Makefile
@@ -26,7 +26,7 @@ else ifeq ($(SKIP_CONTAINER_PUSH), true)
@echo "Skipping content image upload, will use '$(CONTENT_IMAGE)'"
else
@echo "Building content image"
- $(ROOT_DIR)/utils/build_ds_container.sh ocp4
+ $(ROOT_DIR)/utils/build_ds_container.sh
$(eval CONTENT_IMAGE = image-registry.openshift-image-registry.svc:5000/openshift-compliance/openscap-ocp4-ds:latest)
@echo "Content image built and available through: $(CONTENT_IMAGE)"
endif
diff --git a/tests/ocp4e2e/helpers.go b/tests/ocp4e2e/helpers.go
index f224d7899fc1..bb10f7aee796 100644
--- a/tests/ocp4e2e/helpers.go
+++ b/tests/ocp4e2e/helpers.go
@@ -254,7 +254,7 @@ func (ctx *e2econtext) createComplianceSuiteForProfile(suffix string, autoApply
ComplianceScanSpec: cmpv1alpha1.ComplianceScanSpec{
ContentImage: ctx.ContentImage,
Profile: "xccdf_org.ssgproject.content_profile_" + ctx.Profile,
- Content: "ssg-ocp4-ds.xml",
+ Content: "ssg-rhcos4-ds.xml",
Debug: true,
NodeSelector: map[string]string{
"node-role.kubernetes.io/master": "",
@@ -266,7 +266,7 @@ func (ctx *e2econtext) createComplianceSuiteForProfile(suffix string, autoApply
ComplianceScanSpec: cmpv1alpha1.ComplianceScanSpec{
ContentImage: ctx.ContentImage,
Profile: "xccdf_org.ssgproject.content_profile_" + ctx.Profile,
- Content: "ssg-ocp4-ds.xml",
+ Content: "ssg-rhcos4-ds.xml",
Debug: true,
NodeSelector: map[string]string{
"node-role.kubernetes.io/worker": "",
diff --git a/utils/build_ds_container.sh b/utils/build_ds_container.sh
index 8e7be4afe7db..92366bde4192 100755
--- a/utils/build_ds_container.sh
+++ b/utils/build_ds_container.sh
@@ -1,17 +1,18 @@
#!/bin/bash
-product=$1
-
# Build container in specified namespace. Else default to
# "openshift-compliance"
-namespace=${2:-"openshift-compliance"}
+namespace=${1:-"openshift-compliance"}
+
+echo "* Pushing datastream content image to namespace: $namespace"
root_dir=$(git rev-parse --show-toplevel)
pushd $root_dir
+echo "* Building ocp4, rhel7, rhel8, rhcos4 products"
# build the product's content
-"$root_dir/build_product" "$product"
+"$root_dir/build_product" ocp4 rhel7 rhel8 rhcos4
if [ "$namespace" == "openshift-compliance" ]; then
# Ensure openshift-compliance namespace exists. If it already exists, this
@@ -23,26 +24,33 @@ fi
# This enables us to create a configuration so we can build a container
# with the datastream
# If they already exist, this is not a problem
-cat "$root_dir/ocp-resources/ds-build.yaml" | sed "s/\$PRODUCT/$product/" | \
- oc apply -n "$namespace" -f -
+oc apply -n "$namespace" -f "$root_dir/ocp-resources/ds-build.yaml"
+
+# Create output directory
+ds_dir=$(mktemp -d)
+
+# Copy datastream files to output directory
+cp "$root_dir/build/"*-ds.xml "$ds_dir"
# Start build
-oc start-build -n "$namespace" "openscap-$product-ds" \
- --from-file="$root_dir/build/ssg-$product-ds.xml"
+oc start-build -n "$namespace" "openscap-ocp4-ds" --from-dir="$ds_dir"
+
+# Clean output directory
+rm -rf "$ds_dir"
# Wait some seconds until the object gets persisted
sleep 5
-latest_build=$(oc get -n "$namespace" --no-headers buildconfigs "openscap-$product-ds" | awk '{print $4}')
+latest_build=$(oc get -n "$namespace" --no-headers buildconfigs "openscap-ocp4-ds" | awk '{print $4}')
popd
while true; do
- build_status=$(oc get builds -n "$namespace" --no-headers "openscap-$product-ds-$latest_build" | awk '{print $4}')
+ build_status=$(oc get builds -n "$namespace" --no-headers "openscap-ocp4-ds-$latest_build" | awk '{print $4}')
if [ "$build_status" == "Complete" ]; then
# Get built image
- image=$(oc get imagestreams -n "$namespace" --no-headers "openscap-$product-ds" | awk '{printf "%s:%s",$2, $3}')
+ image=$(oc get imagestreams -n "$namespace" --no-headers "openscap-ocp4-ds" | awk '{printf "%s:%s",$2, $3}')
echo "Success!"
echo "********"