ComplianceAsCode
diff --git a/‎.packit.yaml‎
Lines changed: 4 additions & 0 deletions b/‎.packit.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎components/chrony.yml‎
Lines changed: 1 addition & 0 deletions b/‎components/chrony.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎components/ntp.yml‎
Lines changed: 1 addition & 0 deletions b/‎components/ntp.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎components/pam.yml‎
Lines changed: 1 addition & 0 deletions b/‎components/pam.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎controls/cis_fedora.yml‎
Lines changed: 2 additions & 1 deletion b/‎controls/cis_fedora.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎controls/cusp_fedora.yml‎
Lines changed: 1 addition & 0 deletions b/‎controls/cusp_fedora.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎controls/nist_rhcos4.yml‎
Lines changed: 1 addition & 0 deletions b/‎controls/nist_rhcos4.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎controls/stig_ol9.yml‎
Lines changed: 1 addition & 0 deletions b/‎controls/stig_ol9.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/ansible/shared.yml‎
Lines changed: 2 additions & 1 deletion b/‎linux_os/guide/auditing/auditd_configure_rules/audit_rules_enable_syscall_auditing/ansible/shared.yml‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml‎
Lines changed: 2 additions & 1 deletion b/‎linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml‎
Lines changed: 2 additions & 1 deletion
@@ -43,6 +43,10 @@ jobs:
   tmt_plan: /plans/upstream-parallel/ansible
   identifier: contest-ansible
 
+- <<: *contest-oscap
+  tmt_plan: /plans/upstream-parallel/other
+  identifier: contest-other
+
 # when modifying anything below, modify also tests/tmt/
 
 - job: tests
 
@@ -14,6 +14,7 @@ rules:
 - service_chronyd_enabled
 - chrony_set_nts
 - chronyd_client_only
+- chronyd_configure_local_socket
 - chronyd_no_chronyc_network
 - chronyd_or_ntpd_specify_multiple_servers
 - chronyd_sync_clock
 
@@ -5,6 +5,7 @@ packages:
 - ntp
 rules:
 - chronyd_client_only
+- chronyd_configure_local_socket
 - chronyd_configure_pool_and_server
 - chronyd_no_chronyc_network
 - chronyd_or_ntpd_set_maxpoll
 
@@ -64,6 +64,7 @@ rules:
 - accounts_passwords_pam_faillock_deny
 - accounts_passwords_pam_faillock_deny_root
 - accounts_passwords_pam_faillock_dir
+- accounts_passwords_pam_faillock_even_deny_root_or_root_unlock_time
 - accounts_passwords_pam_faillock_enforce_local
 - accounts_passwords_pam_faillock_interval
 - accounts_passwords_pam_faillock_silent
 
@@ -2083,7 +2083,8 @@ controls:
           - l2_workstation
       status: automated
       rules:
-          - accounts_passwords_pam_faillock_deny_root
+          - accounts_passwords_pam_faillock_even_deny_root_or_root_unlock_time
+          - var_accounts_passwords_pam_faillock_root_unlock_time=60
 
     - id: 5.3.3.2.1
       title: Ensure password number of changed characters is configured (Automated)
 
@@ -271,6 +271,7 @@ controls:
           # chrony
           - chronyd_client_only
           - chronyd_no_chronyc_network
+          - chronyd_configure_local_socket
           - chronyd_or_ntpd_set_maxpoll
           - chronyd_run_as_chrony_user
           - chronyd_specify_remote_server
 
@@ -5222,6 +5222,7 @@ controls:
           https://issues.redhat.com/browse/CMP-274
       rules:
           - chronyd_no_chronyc_network
+          - chronyd_configure_local_socket
       description: |-
           The organization:
            (a)   Reviews the information system [Assignment: organization-defined frequency] to identify unnecessary and/or nonsecure functions, ports, protocols, and services; and
 
@@ -1416,6 +1416,7 @@ controls:
       title: OL 9 must disable network management of the chrony daemon.
       rules:
           - chronyd_no_chronyc_network
+          - chronyd_configure_local_socket
       status: automated
 
     - id: OL09-00-006003
 
@@ -57,6 +57,7 @@
     name: auditd.service
     state: restarted
   when:
-    - ansible_facts.services["auditd.service"].state == "running"
+    - ("auditd.service" in ansible_facts.services and
+       ansible_facts.services["auditd.service"].state == "running")
     - (augenrules_syscall_auditing_rule_update_result.changed or
        auditctl_syscall_auditing_rule_update_result.changed)
@@ -67,4 +67,5 @@
   when:
     - (augenrules_audit_rules_privilege_function_update_result.changed or
        auditctl_audit_rules_privilege_function_update_result.changed)
-    - ansible_facts.services["auditd.service"].state == "running"
+    - ("auditd.service" in ansible_facts.services and
+       ansible_facts.services["auditd.service"].state == "running")