products/alinux3: fix some missing rules in the cis profile.

Signed-off-by: YuQing <yyq0391@163.com>
Signed-off-by: YiLin.Li <YiLin.Li@linux.alibaba.com>

linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Verify Group Who Owns cron.monthly'
 
@@ -24,6 +24,7 @@ identifiers:
 references:
     cis-csc: 12,13,14,15,16,18,3,5
     cis@alinux2: 5.1.6
+    cis@alinux3: 5.1.6
     cis@rhel7: 5.1.6
     cis@rhel8: 5.1.6
     cis@rhel9: 5.1.6

linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Verify Owner on cron.monthly'
 
@@ -24,6 +24,7 @@ identifiers:
 references:
     cis-csc: 12,13,14,15,16,18,3,5
     cis@alinux2: 5.1.6
+    cis@alinux3: 5.1.6
     cis@rhel7: 5.1.6
     cis@rhel8: 5.1.6
     cis@rhel9: 5.1.6

linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Verify Permissions on cron.monthly'
 
@@ -24,6 +24,7 @@ identifiers:
 references:
     cis-csc: 12,13,14,15,16,18,3,5
     cis@alinux2: 5.1.6
+    cis@alinux3: 5.1.6
     cis@rhel7: 5.1.6
     cis@rhel8: 5.1.6
     cis@rhel9: 5.1.6

linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,rhel8,rhel9
+prodtype: alinux2,alinux3,rhel8,rhel9
 
 title: 'Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.'
 
@@ -19,6 +19,7 @@ identifiers:
 
 references:
     cis@alinux2: 5.3.2
+    cis@alinux3: 5.5.2
     disa: CCI-000044
     nist: AC-7 (a)
     srg: SRG-OS-000021-GPOS-00005

linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,sle12,sle15,ubuntu2004
 
 title: 'Verify No .forward Files Exist'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis@alinux2: 6.2.11
+    cis@alinux3: 6.2.7
     cis@sle12: 6.2.9
     cis@sle15: 6.2.9
     cis@ubuntu2004: 6.2.8

linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
 
 title: 'User Initialization Files Must Not Run World-Writable Programs'
 
@@ -27,6 +27,7 @@ identifiers:
 
 references:
     cis@alinux2: 6.2.10
+    cis@alinux3: 6.2.6
     cis@rhel8: 6.2.12
     cis@rhel9: 6.2.16
     cis@sle12: 6.2.8

linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'All Interactive Users Home Directories Must Exist'
 
@@ -28,6 +28,7 @@ identifiers:
 
 references:
     cis@alinux2: 6.2.7
+    cis@alinux3: 6.2.16
     cis@rhel7: 6.2.11
     cis@rhel8: 6.2.9
     cis@rhel9: 6.2.10

linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive'
 
@@ -25,6 +25,7 @@ identifiers:
 
 references:
     cis@alinux2: 6.2.8
+    cis@alinux3: 6.2.4
     cis@rhel7: 6.2.13
     cis@rhel8: 6.2.11
     cis@rhel9: 6.2.12

linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Record Any Attempts to Run chacl'
 
@@ -33,6 +33,7 @@ identifiers:
     cce@sle15: CCE-85595-7
 
 references:
+    cis@alinux3: 4.1.3.19
     cis@rhel8: 4.1.3.17
     cis@rhel9: 4.1.3.17
     cis@ubuntu2204: 4.1.3.17

linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Record Any Attempts to Run setfacl'
 
@@ -33,6 +33,7 @@ identifiers:
     cce@sle15: CCE-85594-0
 
 references:
+    cis@alinux3: 4.1.3.18
     cis@rhel8: 4.1.3.16
     cis@rhel9: 4.1.3.16
     cis@ubuntu2204: 4.1.3.16

linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml

@@ -4,7 +4,7 @@
 
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Record Any Attempts to Run chcon'
 
@@ -44,6 +44,7 @@ identifiers:
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
+    cis@alinux3: 4.1.3.15
     cis@rhel8: 4.1.3.15
     cis@rhel9: 4.1.3.15
     cis@ubuntu2204: 4.1.3.15

linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml

@@ -34,6 +34,7 @@ identifiers:
 references:
     cis-csc: 1,11,12,13,14,15,16,19,2,3,4,5,6,7,8,9
     cis@alinux2: 4.1.14
+    cis@alinux3: 4.1.3.13
     cis@rhel7: 4.1.13
     cis@rhel8: 4.1.3.13
     cis@rhel9: 4.1.3.13

linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,rhel7
+prodtype: alinux3,ol7,rhel7
 
 title: 'Ensure auditd Collects Information on Kernel Module Unloading - create_module'
 
@@ -27,6 +27,7 @@ identifiers:
     cce@rhel7: CCE-86115-3
 
 references:
+    cis@alinux3: 4.1.3.26
     disa: CCI-000172
     srg: SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222
     stigid@ol7: OL07-00-030819

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml

@@ -4,7 +4,7 @@
 
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage'
 
@@ -44,6 +44,7 @@ identifiers:
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
+    cis@alinux3: 4.1.3.22
     cis@ubuntu2004: 4.1.11
     cis@ubuntu2204: 4.1.3.6
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml

@@ -4,7 +4,7 @@
 
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh'
 
@@ -44,6 +44,7 @@ identifiers:
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
+    cis@alinux3: 4.1.3.16
     cis@ubuntu2004: 4.1.11
     cis@ubuntu2204: 4.1.3.6
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml

@@ -4,7 +4,7 @@
 
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd'
 
@@ -44,6 +44,7 @@ identifiers:
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
+    cis@alinux3: 4.1.3.21
     cis@ubuntu2004: 4.1.11
     cis@ubuntu2204: 4.1.3.6
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml

@@ -8,7 +8,7 @@
 
 documentation_complete: true
 
-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - kmod'
 
@@ -43,6 +43,7 @@ identifiers:
     cce@sle15: CCE-85591-6
 
 references:
+    cis@alinux3: 4.1.3.20
     disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884
     nist: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)AU-12(c),MA-4(1)(a)
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml

@@ -4,7 +4,7 @@
 
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp'
 
@@ -44,6 +44,7 @@ identifiers:
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
+    cis@alinux3: 4.1.3.17
     cis@ubuntu2004: 4.1.11
     cis@ubuntu2204: 4.1.3.6
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml

@@ -10,7 +10,7 @@
 
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check'
 
@@ -52,6 +52,7 @@ identifiers:
 
 references:
     cis-csc: 1,12,13,14,15,16,2,3,5,6,7,8,9
+    cis@alinux3: 4.1.3.24
     cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
     cui: 3.1.7
     disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884

linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usermod'
 
@@ -37,6 +37,7 @@ identifiers:
     cce@sle15: CCE-85600-5
 
 references:
+    cis@alinux3: 4.1.3.23
     cis@rhel8: 4.1.3.18
     cis@rhel9: 4.1.3.18
     cis@ubuntu2204: 4.1.3.18

linux_os/guide/system/network/network-firewalld/firewalld_deactivation/package_firewalld_removed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle15
+prodtype: alinux3,sle15
 
 title: 'Uninstall firewalld Package'
 
@@ -22,6 +22,7 @@ identifiers:
     cce@sle15: CCE-92471-2
 
 references:
+    cis@alinux3: 3.4.4.1.3
     cis@sle15: 3.5.2.2,3.5.3.1.3
 
 {{{ complete_ocil_entry_package(package="firewalld") }}}

linux_os/guide/system/network/network-firewalld/firewalld_deactivation/service_firewalld_disabled/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle15
+prodtype: alinux3,sle15
 
 title: 'Verify firewalld service disabled'
 
@@ -22,6 +22,7 @@ identifiers:
     cce@sle15: CCE-92472-0
 
 references:
+    cis@alinux3: 3.4.4.1.3
     cis@sle15: 3.5.2.2,3.5.3.1.3
 
 

linux_os/guide/system/network/network-nftables/package_nftables_removed/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,sle15,ubuntu2004,ubuntu2204
 
 title: 'Uninstall nftables package'
 
@@ -18,6 +18,7 @@ identifiers:
     cce@sle15: CCE-92518-0
 
 references:
+    cis@alinux3: 3.4.4.1.2
     cis@sle15: 3.5.1.2,3.5.3.1.2
     cis@ubuntu2004: 3.5.3.1.2
     cis@ubuntu2204: 3.5.3.1.2

linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,sle15,ubuntu2004,ubuntu2204
 
 title: 'Verify nftables service disabled'
 
@@ -18,6 +18,7 @@ identifiers:
     cce@sle15: CCE-92529-7
 
 references:
+    cis@alinux3: 3.4.2.3
     cis@sle15: 3.5.1.2
     cis@ubuntu2004: 3.5.3.1.2
     cis@ubuntu2204: 3.5.3.1.2

linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+prodtype: alinux3,fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
 
 title: 'Configure AIDE to Verify the Audit Tools'
 
@@ -37,6 +37,7 @@ identifiers:
     cce@sle15: CCE-85610-4
 
 references:
+    cis@alinux3: 4.1.4.11
     cis@ubuntu2204: 4.1.4.11
     disa: CCI-001496
     nist: AU-9(3),AU-9(3).1