products/alinux2: fix some missing rules in the cis profile.

Signed-off-by: YuQing <yyq0391@163.com>
Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>

controls/cis_alinux2.yml

@@ -331,7 +331,10 @@ controls:
     title: Ensure remote login warning banner is configured properly (Scored)
     levels:
     - l1
-    automated: no # rule is missing
+    status: automated
+    rules:
+    - banner_etc_issue_net
+    - login_banner_text=cis_banners
 
   - id: 1.7.1.4
     title: Ensure permissions on /etc/motd are configured (Not Scored)
@@ -786,13 +789,17 @@ controls:
     title: Ensure default deny firewall policy (Scored)
     levels:
     - l1
-    automated: no # rule not completed
+    status: automated
+    rules:
+    - configured_firewalld_default_deny
 
   - id: 3.5.1.2
     title: Ensure loopback traffic is configured (Scored)
     levels:
     - l1
-    automated: no # rule missing
+    status: automated
+    rules:
+    - set_loopback_traffic
 
   - id: 3.5.1.3
     title: Ensure outbound and established connections are configured (Not Scored)
@@ -804,7 +811,9 @@ controls:
     title: Ensure firewall rules exist for all open ports (Scored)
     levels:
     - l1
-    automated: no # rule missing
+    status: automated
+    rules:
+    - ensure_firewall_rules_for_open_ports
 
   - id: 3.5.2.1
     title: Ensure IPv6 default deny firewall policy (Scored)
@@ -1203,7 +1212,9 @@ controls:
     title: Ensure permissions on SSH private host key files are configured (Scored)
     levels:
     - l1
-    automated: no # rule missing (we have similar)
+    status: automated
+    rules:
+    - file_permissions_sshd_private_key 
 
   - id: 5.2.4
     title: Ensure permissions on SSH public host key files are configured (Scored)
@@ -1375,7 +1386,9 @@ controls:
     title: Ensure lockout for failed password attempts is configured (Scored)
     levels:
     - l1
-    automated: no # we can check only certain parts, we need probably some complex rule for this
+    status: automated
+    rules:
+    - account_password_pam_faillock_password_auth
 
   - id: 5.3.3
     title: Ensure password reuse is limited (Scored)
@@ -1687,13 +1700,17 @@ controls:
     title: Ensure users' dot files are not group or world writable (Scored)
     levels:
     - l1
-    automated: no # rule missing
+    status: automated
+    rules:
+    - accounts_user_dot_no_world_writable_programs
 
   - id: 6.2.11
     title: Ensure no users have .forward files (Scored)
     levels:
     - l1
-    automated: no # rule missing
+    status: automated
+    rules:
+    - no_forward_files
 
   - id: 6.2.12
     title: Ensure no users have .netrc files (Scored)

linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux2,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Modify the System Login Banner for Remote Connections'
 
@@ -56,6 +56,7 @@ identifiers:
     cce@sle15: CCE-91350-9
 
 references:
+    cis@alinux2: 1.7.1.3
     cis@rhel7: 1.7.3
     cis@rhel8: 1.7.3
     cis@rhel9: 1.7.3

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8,rhel9
+prodtype: alinux2,rhel8,rhel9
 
 title: 'Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.'
 
@@ -18,6 +18,7 @@ identifiers:
     cce@rhel9: CCE-86932-1
 
 references:
+    cis@alinux2: 5.3.2
     disa: CCI-000044
     nist: AC-7 (a)
     srg: SRG-OS-000021-GPOS-00005

linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle12,sle15,ubuntu2004
+prodtype: alinux2,sle12,sle15,ubuntu2004
 
 title: 'Verify No .forward Files Exist'
 
@@ -20,6 +20,7 @@ identifiers:
     cce@sle15: CCE-92622-0
 
 references:
+    cis@alinux2: 6.2.11
     cis@sle12: 6.2.9
     cis@sle15: 6.2.9
     cis@ubuntu2004: 6.2.8

linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
+prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
 
 title: 'User Initialization Files Must Not Run World-Writable Programs'
 
@@ -26,6 +26,7 @@ identifiers:
     cce@sle15: CCE-85632-8
 
 references:
+    cis@alinux2: 6.2.10
     cis@rhel8: 6.2.12
     cis@rhel9: 6.2.16
     cis@sle12: 6.2.8

linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8,rhel9
+prodtype: alinux2,rhel8,rhel9
 
 title: 'Firewalld Must Employ a Deny-all, Allow-by-exception Policy for Allowing Connections to Other Systems'
 
@@ -20,6 +20,7 @@ identifiers:
     cce@rhel9: CCE-86049-4
 
 references:
+    cis@alinux2: 3.5.1.1
     disa: CCI-002314
     nist: AC-17 (1)
     srg: SRG-OS-000297-GPOS-00115

linux_os/guide/system/network/network-firewalld/ruleset_modifications/ensure_firewall_rules_for_open_ports/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle15
+prodtype: alinux2,sle15
 
 title: 'Ensure firewall rules exist for all open ports'
 
@@ -18,6 +18,7 @@ identifiers:
     cce@sle15: CCE-91411-9
 
 references:
+    cis@alinux2: 3.5.1.4
     cis@sle15: 3.5.3.2.4,3.5.3.3.4
     pcidss: Req-1.4
 

linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/rule.yml

@@ -21,6 +21,7 @@ identifiers:
     cce@sle15: CCE-91345-9
 
 references:
+    cis@alinux2: 3.5.1.2
     cis@sle12: 3.5.2.1
     cis@sle15: 3.5.2.6,3.5.3.2.2
     cis@ubuntu2004: 3.5.3.2.2