products/alinux2 && controls: Add CIS Alibaba Cloud Linux (Aliyun Lin…

…ux) 2 profiles

CIS Aliyun Linux 2 Benchmark v1.0.0
(https://workbench.cisecurity.org/benchmarks/2228) was published
on Aug 16th 2019. Aliyun Linux 2 is compatible with CentOS 7 and it's
further renamed as Alibaba Cloud Linux 2.

I add the CIS Alibaba Cloud Linux (Aliyun Linux) 2 controls in the OpenSCAP
according to CIS Aliyun Linux 2 Benchmark v1.0.0
(https://workbench.cisecurity.org/benchmarks/2228)

Signed-off-by: YiLin.Li <[email protected]>
Signed-off-by: YuQing.Yang <[email protected]>

linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Disable Avahi Server Software'
 
@@ -22,6 +22,7 @@ identifiers:
 
 references:
     cis-csc: 11,14,3,9
+    cis@alinux2: 2.1.3
     cis@rhel7: 2.2.3
     cis@rhel8: 2.2.4
     cis@sle12: 2.2.3

linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Group Who Owns cron.d'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.7
     cis@rhel7: 5.1.7
     cis@rhel8: 5.1.7
     cis@sle12: 5.2.7

linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Group Who Owns cron.daily'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.4
     cis@rhel7: 5.1.4
     cis@rhel8: 5.1.4
     cis@sle12: 5.2.4

linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Group Who Owns cron.hourly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.3
     cis@rhel7: 5.1.3
     cis@rhel8: 5.1.3
     cis@sle12: 5.2.3

linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Group Who Owns cron.monthly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.6
     cis@rhel7: 5.1.6
     cis@rhel8: 5.1.6
     cis@sle12: 5.2.6

linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Group Who Owns cron.weekly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.5
     cis@rhel7: 5.1.5
     cis@rhel8: 5.1.5
     cis@sle12: 5.2.5

linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Group Who Owns Crontab'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.2
     cis@rhel7: 5.1.2
     cis@rhel8: 5.1.2
     cis@sle12: 5.2.2

linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Owner on cron.d'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.7
     cis@rhel7: 5.1.7
     cis@rhel8: 5.1.7
     cis@sle12: 5.2.7

linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Owner on cron.daily'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.4
     cis@rhel7: 5.1.4
     cis@rhel8: 5.1.4
     cis@sle12: 5.2.4

linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Owner on cron.hourly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.3
     cis@rhel7: 5.1.3
     cis@rhel8: 5.1.3
     cis@sle12: 5.2.3

linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Owner on cron.monthly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.6
     cis@rhel7: 5.1.6
     cis@rhel8: 5.1.6
     cis@sle12: 5.2.6

linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Owner on cron.weekly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.5
     cis@rhel7: 5.1.5
     cis@rhel8: 5.1.5
     cis@sle12: 5.2.5

linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Owner on crontab'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.2
     cis@rhel7: 5.1.2
     cis@rhel8: 5.1.2
     cis@sle12: 5.2.2

linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Permissions on cron.d'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.7
     cis@rhel7: 5.1.7
     cis@rhel8: 5.1.7
     cis@sle12: 5.2.7

linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Permissions on cron.daily'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.4
     cis@rhel7: 5.1.4
     cis@rhel8: 5.1.4
     cis@sle12: 5.2.4

linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Permissions on cron.hourly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.3
     cis@rhel7: 5.1.3
     cis@rhel8: 5.1.3
     cis@sle12: 5.2.3

linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Permissions on cron.monthly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.6
     cis@rhel7: 5.1.6
     cis@rhel8: 5.1.6
     cis@sle12: 5.2.6

linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Permissions on cron.weekly'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.5
     cis@rhel7: 5.1.5
     cis@rhel8: 5.1.5
     cis@sle12: 5.2.5

linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify Permissions on crontab'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.2
     cis@rhel7: 5.1.2
     cis@rhel8: 5.1.2
     cis@sle12: 5.2.2

linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: alinux2,fedora,rhel7,rhel8,rhel9
 
 title: 'Ensure that /etc/at.deny does not exist'
 
@@ -21,6 +21,7 @@ identifiers:
     cce@rhel9: CCE-86946-1
 
 references:
+    cis@alinux2: 5.1.8
     cis@rhel7: 5.1.9
     cis@rhel8: 5.1.8
 

linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9,sle15
+prodtype: alinux2,fedora,rhel7,rhel8,rhel9,sle15
 
 title: 'Ensure that /etc/cron.deny does not exist'
 
@@ -21,6 +21,7 @@ identifiers:
     cce@rhel9: CCE-86850-5
 
 references:
+    cis@alinxu2: 5.1.8
     cis@rhel7: 5.1.8
     cis@rhel8: 5.1.8
     cis@sle15: 5.1.8

linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: alinux2,rhel8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Verify Group Who Owns /etc/at.allow file'
 
@@ -20,6 +20,7 @@ identifiers:
     cce@rhel9: CCE-87103-8
 
 references:
+    cis@alinux2: 5.1.8
     cis@rhel7: 5.1.9
     cis@rhel8: 5.1.8
     cis@sle12: 5.2.9

linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Verify Group Who Owns /etc/cron.allow file'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.8
     cis@rhel7: 5.1.8
     cis@rhel8: 5.1.8
     cis@sle12: 5.2.8

linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_at_allow/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: sle12,sle15,ubuntu2004
+prodtype: alinux2,sle12,sle15,ubuntu2004
 
 title: 'Verify User Who Owns /etc/at.allow file'
 
@@ -20,6 +20,7 @@ identifiers:
     cce@rhel9: CCE-86346-4
 
 references:
+    cis@alinux2: 5.1.8
     cis@rhel7: 5.1.9
     cis@rhel8: 5.1.8
     cis@sle12: 5.2.9

linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml

@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Verify User Who Owns /etc/cron.allow file'
 
@@ -21,6 +21,7 @@ identifiers:
 
 references:
     cis-csc: 12,13,14,15,16,18,3,5
+    cis@alinux2: 5.1.8
     cis@rhel7: 5.1.8
     cis@rhel8: 5.1.8
     cis@sle12: 5.2.8