Added rule for tracking user sessions and locking screen when status changes

3 days ago · 8ba4485703
parent 3b4beaf3e2
commit 8ba4485703
3 changed files with 548 additions and 20744 deletions
--- a/SOURCES/0001-Add-session-monitor-rule.patch
+++ b/SOURCES/0001-Add-session-monitor-rule.patch
@ -0,0 +1,541 @@
 From 76c7cb36ce7552702001d11aad0f53aca069b8a6 Mon Sep 17 00:00:00 2001
 From: Sergey Cherevko <s.cherevko@msvsphere-os.ru>
 Date: Mon, 16 Sep 2024 18:15:46 +0300
 Subject: [PATCH] Add session-monitor rule
 ---
 CMakeLists.txt                                |   5 +
 build_product                                 |   1 +
 components/session-monitor.yml                |   6 +
 .../rule.yml                                  |  36 ++++++
 .../service_session-monitor_enabled/rule.yml  |  40 +++++++
 products/msvsphere9/CMakeLists.txt            |   8 ++
 .../cpe/msvsphere9-cpe-dictionary.xml         |  10 ++
 .../ssg-msvsphere9-session-monitor-ks.cfg     | 108 ++++++++++++++++++
 products/msvsphere9/product.yml               |  26 +++++
 .../profiles/session-monitor.profile          |  13 +++
 products/msvsphere9/transforms/constants.xslt |  16 +++
 .../msvsphere9/transforms/table-style.xslt    |   5 +
 .../transforms/xccdf-apply-overlay-stig.xslt  |   8 ++
 .../transforms/xccdf2table-cce.xslt           |   9 ++
 .../xccdf2table-profileccirefs.xslt           |   9 ++
 .../oval/installed_OS_is_msvsphere9.xml       |  34 ++++++
 ssg/constants.py                              |   6 +-
 17 files changed, 339 insertions(+), 1 deletion(-)
 create mode 100644 components/session-monitor.yml
 create mode 100644 linux_os/guide/services/base/package_session-monitor_installed/rule.yml
 create mode 100644 linux_os/guide/services/base/service_session-monitor_enabled/rule.yml
 create mode 100644 products/msvsphere9/CMakeLists.txt
 create mode 100644 products/msvsphere9/cpe/msvsphere9-cpe-dictionary.xml
 create mode 100644 products/msvsphere9/kickstart/ssg-msvsphere9-session-monitor-ks.cfg
 create mode 100644 products/msvsphere9/product.yml
 create mode 100644 products/msvsphere9/profiles/session-monitor.profile
 create mode 100644 products/msvsphere9/transforms/constants.xslt
 create mode 100644 products/msvsphere9/transforms/table-style.xslt
 create mode 100644 products/msvsphere9/transforms/xccdf-apply-overlay-stig.xslt
 create mode 100644 products/msvsphere9/transforms/xccdf2table-cce.xslt
 create mode 100644 products/msvsphere9/transforms/xccdf2table-profileccirefs.xslt
 create mode 100644 shared/checks/oval/installed_OS_is_msvsphere9.xml
 diff --git a/CMakeLists.txt b/CMakeLists.txt
 index 5d4bc725..3197125e 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -88,6 +88,7 @@ option(SSG_PRODUCT_DEBIAN11 "If enabled, the Debian 11 SCAP content will be buil
 option(SSG_PRODUCT_DEBIAN12 "If enabled, the Debian 12 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_EKS "If enabled, the EKS SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_EXAMPLE "If enabled, the Example SCAP content will be built" FALSE)
 +option(SSG_PRODUCT_MSVSPHERE9 "If enabled, the MSVSphere SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_FEDORA "If enabled, the Fedora SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_FIREFOX "If enabled, the Firefox SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_MACOS1015 "If enabled, the Apple macOS 10.15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -317,6 +318,7 @@ message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}")
 message(STATUS "Debian 11: ${SSG_PRODUCT_DEBIAN11}")
 message(STATUS "Debian 12: ${SSG_PRODUCT_DEBIAN12}")
 message(STATUS "Example: ${SSG_PRODUCT_EXAMPLE}")
 +message(STATUS "MSVSphere 9: ${SSG_PRODUCT_MSVSPHERE9}")
 message(STATUS "EKS: ${SSG_PRODUCT_EKS}")
 message(STATUS "Fedora: ${SSG_PRODUCT_FEDORA}")
 message(STATUS "Firefox: ${SSG_PRODUCT_FIREFOX}")
@@ -402,6 +404,9 @@ endif()
 if(SSG_PRODUCT_EXAMPLE)
     add_subdirectory("products/example" "example")
 endif()
 +if(SSG_PRODUCT_MSVSPHERE9)
 +    add_subdirectory("products/msvsphere9" "msvsphere9")
 +endif()
 if(SSG_PRODUCT_EKS)
     add_subdirectory("products/eks" "eks")
 endif()
 diff --git a/build_product b/build_product
 index e6fb8699..14f9c29e 100755
 --- a/build_product
 +++ b/build_product
@@ -354,6 +354,7 @@ all_cmake_products=(
 	DEBIAN11
 	DEBIAN12
 	EXAMPLE
 +	MSVSPHERE9
 	EKS
 	FEDORA
 	FIREFOX
 diff --git a/components/session-monitor.yml b/components/session-monitor.yml
 new file mode 100644
 index 00000000..af38d9b3
 --- /dev/null
 +++ b/components/session-monitor.yml
@@ -0,0 +1,6 @@
 +name: session-monitor
 +packages:
 +- session-monitor
 +rules:
 +- package_session-monitor_installed
 +- service_session-monitor_enabled
 diff --git a/linux_os/guide/services/base/package_session-monitor_installed/rule.yml b/linux_os/guide/services/base/package_session-monitor_installed/rule.yml
 new file mode 100644
 index 00000000..479c7a83
 --- /dev/null
 +++ b/linux_os/guide/services/base/package_session-monitor_installed/rule.yml
@@ -0,0 +1,36 @@
 +documentation_complete: true
 +
 +
 +title: 'Install the session-monitor package'
 +
 +description: |-
 +    Monitor user sessions and lock screen on state change.
 +    Useful if screen was changed.
 +    {{{ describe_package_install(package="session-monitor") }}}
 +
 +rationale: |-
 +    Monitor user sessions and lock screen on state change
 +
 +severity: low
 +
 +identifiers:
 +    cce@rhel7: CCE-82403-7
 +    cce@rhel8: CCE-82404-5
 +
 +references:
 +    cis-csc: 1,11,12,13,14,15,16,2,3,5,6,7,8,9
 +    cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.06,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
 +    isa-62443-2009: 4.3.2.6.7,4.3.3.3.9,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
 +    isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.10,SR 2.11,SR 2.12,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 2.8,SR 2.9,SR 6.1,SR 6.2,SR 7.6'
 +    iso27001-2013: A.12.1.2,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.5.1,A.12.6.2,A.12.7.1,A.14.2.2,A.14.2.3,A.14.2.4,A.14.2.7,A.15.2.1,A.15.2.2,A.9.1.2
 +    nist: AU-12(a),CM-6(a)
 +    nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.IP-1,PR.PT-1,PR.PT-3
 +
 +ocil_clause: 'the package is not installed'
 +
 +ocil: '{{{ ocil_package(package="session-monitor") }}}'
 +
 +template:
 +    name: package_installed
 +    vars:
 +        pkgname: session-monitor
 diff --git a/linux_os/guide/services/base/service_session-monitor_enabled/rule.yml b/linux_os/guide/services/base/service_session-monitor_enabled/rule.yml
 new file mode 100644
 index 00000000..35942027
 --- /dev/null
 +++ b/linux_os/guide/services/base/service_session-monitor_enabled/rule.yml
@@ -0,0 +1,40 @@
 +documentation_complete: true
 +
 +
 +title: 'Enable Process Accounting (session-monitor)'
 +
 +description: |-
 +    Monitor user sessions and lock screen on state change.
 +    Useful if screen was changed.
 +    {{{ describe_package_install(package="session-monitor") }}}
 +
 +rationale: |-
 +    Monitor user sessions and lock screen on state change
 +
 +severity: low
 +
 +identifiers:
 +    cce@rhel7: CCE-80265-2
 +    cce@rhel8: CCE-82401-1
 +
 +references:
 +    cis-csc: 1,11,12,13,14,15,16,2,3,5,6,7,8,9
 +    cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.06,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
 +    isa-62443-2009: 4.3.2.6.7,4.3.3.3.9,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
 +    isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.10,SR 2.11,SR 2.12,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 2.8,SR 2.9,SR 6.1,SR 6.2,SR 7.6'
 +    iso27001-2013: A.12.1.2,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.5.1,A.12.6.2,A.12.7.1,A.14.2.2,A.14.2.3,A.14.2.4,A.14.2.7,A.15.2.1,A.15.2.2,A.9.1.2
 +    nist: AU-12(a),CM-6(a)
 +    nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.IP-1,PR.PT-1,PR.PT-3
 +
 +ocil_clause: |-
 +    {{{ ocil_clause_service_disabled(service="session-monitor") }}}
 +
 +ocil: |-
 +    {{{ ocil_service_disabled(service="session-monitor") }}}
 +
 +platform: machine
 +
 +template:
 +    name: service_enabled
 +    vars:
 +        servicename: session-monitor
 diff --git a/products/msvsphere9/CMakeLists.txt b/products/msvsphere9/CMakeLists.txt
 new file mode 100644
 index 00000000..cc479a30
 --- /dev/null
 +++ b/products/msvsphere9/CMakeLists.txt
@@ -0,0 +1,8 @@
 +# Sometimes our users will try to do: "cd msvsphere9; cmake ." That needs to error in a nice way.
 +if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
 +    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
 +endif()
 +
 +set(PRODUCT "msvsphere9")
 +
 +ssg_build_product(${PRODUCT})
 diff --git a/products/msvsphere9/cpe/msvsphere9-cpe-dictionary.xml b/products/msvsphere9/cpe/msvsphere9-cpe-dictionary.xml
 new file mode 100644
 index 00000000..78a20f6a
 --- /dev/null
 +++ b/products/msvsphere9/cpe/msvsphere9-cpe-dictionary.xml
@@ -0,0 +1,10 @@
 +<?xml version="1.0" encoding="UTF-8"?>
 +<cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0"
 +          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 +          xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
 +      <cpe-item name="cpe:/o:ncsd:msvsphere:9">
 +            <title xml:lang="en-us">MSVSphere 9</title>
 +            <!-- the check references an OVAL file that contains an inventory definition -->
 +            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_OS_is_msvsphere9</check>
 +      </cpe-item>
 +</cpe-list>
 diff --git a/products/msvsphere9/kickstart/ssg-msvsphere9-session-monitor-ks.cfg b/products/msvsphere9/kickstart/ssg-msvsphere9-session-monitor-ks.cfg
 new file mode 100644
 index 00000000..d6916013
 --- /dev/null
 +++ b/products/msvsphere9/kickstart/ssg-msvsphere9-session-monitor-ks.cfg
@@ -0,0 +1,108 @@
 +# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for Red Hat Enterprise Linux 8
 +# Version: 0.0.1
 +# Date: 2021-01-28
 +#
 +# Based on:
 +# https://pykickstart.readthedocs.io/en/latest/
 +# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
 +# For more information see the following documentation:
 +# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
 +
 +# Specify installation method to use for installation
 +# To use a different one comment out the 'url' one below, update
 +# the selected choice with proper options & un-comment it
 +#
 +# Install from an installation tree on a remote server via FTP or HTTP:
 +# --url		the URL to install from
 +#
 +# Example:
 +#
 +# url --url=http://192.168.122.1/image
 +#
 +# Modify concrete URL in the above example appropriately to reflect the actual
 +# environment machine is to be installed in
 +#
 +# Other possible / supported installation methods:
 +# * install from the first CD-ROM/DVD drive on the system:
 +#
 +# cdrom
 +#
 +# * install from a directory of ISO images on a local drive:
 +#
 +# harddrive --partition=hdb2 --dir=/tmp/install-tree
 +#
 +# * install from provided NFS server:
 +#
 +# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
 +#
 +# Set language to use during installation and the default language to use on the installed system (required)
 +lang ru_RU.UTF-8
 +
 +# Set system keyboard type / layout (required)
 +keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
 +# --device	device to be activated and / or configured with the network command
 +# --bootproto	method to obtain networking configuration for device (default dhcp)
 +# --noipv6	disable IPv6 on this device
 +network --onboot yes --bootproto dhcp
 +
 +# Set the system's root password (required)
 +# Plaintext password is: server
 +# Refer to e.g.
 +#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
 +# to see how to create encrypted password form for different plaintext password
 +rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
 +
 +# Set the system time zone (required)
 +timezone --utc Europe/Moscow
 +
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
 +# Refer to e.g.
 +#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
 +bootloader
 +
 +# Initialize (format) all disks (optional)
 +zerombr
 +
 +# The following partition layout scheme assumes disk of size 20GB or larger
 +# Modify size of partitions appropriately to reflect actual machine's hardware
 +# 
 +# Remove Linux partitions from the system prior to creating new ones (optional)
 +# --linux	erase all Linux partitions
 +# --initlabel	initialize the disk label to the default based on the underlying architecture
 +clearpart --linux --initlabel
 +
 +# Create primary system partitions (required for installs)
 +autopart
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
 +# content - security policies - on the installed system.This add-on has been enabled by default
 +# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
 +# functionality will automatically be installed. However, by default, no policies are enforced,
 +# meaning that no checks are performed during or after installation unless specifically configured.
 +#  
 +#  Important
 +#   Applying a security policy is not necessary on all systems. This screen should only be used
 +#   when a specific policy is mandated by your organization rules or government regulations.
 +#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
 +#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
 +#   Values can be optionally enclosed in single quotes (') or double quotes (").
 +#   
 +# For more details and configuration options see
 +# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
 +%addon org_fedora_oscap
 +	content-type = scap-security-guide
 +	profile = xccdf_org.ssgproject.content_profile_session-monitor
 +%end
 +
 +# Packages selection (%packages section is required)
 +%packages
 +%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/msvsphere9/product.yml b/products/msvsphere9/product.yml
 new file mode 100644
 index 00000000..f2b7f0f0
 --- /dev/null
 +++ b/products/msvsphere9/product.yml
@@ -0,0 +1,26 @@
 +product: msvsphere9
 +full_name: MSVSphere 9
 +type: platform
 +
 +families:
 +  - rhel
 +  - rhel-like
 +
 +major_version_ordinal: 9
 +
 +benchmark_id: MSVSPHERE-9
 +benchmark_root: "../../linux_os/guide"
 +components_root: "../../components"
 +
 +profiles_root: "./profiles"
 +
 +pkg_manager: "dnf"
 +
 +init_system: "systemd"
 +
 +cpes_root: "../../shared/applicability"
 +cpes:
 +  - msvsphere9:
 +      name: "cpe:/o:ncsd:msvsphere:9"
 +      title: "MSVSphere 9"
 +      check_id: installed_OS_is_msvsphere9
 diff --git a/products/msvsphere9/profiles/session-monitor.profile b/products/msvsphere9/profiles/session-monitor.profile
 new file mode 100644
 index 00000000..d261ebf5
 --- /dev/null
 +++ b/products/msvsphere9/profiles/session-monitor.profile
@@ -0,0 +1,13 @@
 +documentation_complete: true
 +
 +title: 'Session-monitor profile for MSVSphere 9'
 +
 +description: |-
 +    This profile contains the rule needed to monitor
 +    user sessions and lock the screen when
 +    the status changes
 +
 +selections:
 +    - accounts_password_minlen_login_defs
 +    - package_session-monitor_installed
 +    - service_session-monitor_enabled
 diff --git a/products/msvsphere9/transforms/constants.xslt b/products/msvsphere9/transforms/constants.xslt
 new file mode 100644
 index 00000000..e85de907
 --- /dev/null
 +++ b/products/msvsphere9/transforms/constants.xslt
@@ -0,0 +1,16 @@
 +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
 +
 +<xsl:include href="../../../shared/transforms/shared_constants.xslt"/>
 +
 +<xsl:variable name="product_long_name">MSVSphere 9</xsl:variable>
 +<xsl:variable name="product_short_name">MSVSphere9</xsl:variable>
 +<xsl:variable name="product_stig_id_name">MSVSPHERE_STIG</xsl:variable>
 +<xsl:variable name="prod_type">msvsphere9</xsl:variable>
 +
 +<!-- Define URI of official Center for Internet Security Benchmark for MSVSphere 9 -->
 +<xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/linux/CIS_MSVSphere_Benchmark_v1.0.pdf</xsl:variable>
 +
 +<!-- Define URI for custom policy reference which can be used for linking to corporate policy -->
 +<!--xsl:variable name="custom-ref-uri">https://www.example.org</xsl:variable-->
 +
 +</xsl:stylesheet>
 diff --git a/products/msvsphere9/transforms/table-style.xslt b/products/msvsphere9/transforms/table-style.xslt
 new file mode 100644
 index 00000000..8b6caeab
 --- /dev/null
 +++ b/products/msvsphere9/transforms/table-style.xslt
@@ -0,0 +1,5 @@
 +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
 +
 +<xsl:import href="../../../shared/transforms/shared_table-style.xslt"/>
 +
 +</xsl:stylesheet>
 diff --git a/products/msvsphere9/transforms/xccdf-apply-overlay-stig.xslt b/products/msvsphere9/transforms/xccdf-apply-overlay-stig.xslt
 new file mode 100644
 index 00000000..f2f1d725
 --- /dev/null
 +++ b/products/msvsphere9/transforms/xccdf-apply-overlay-stig.xslt
@@ -0,0 +1,8 @@
 +<?xml version="1.0"?>
 +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf">
 +
 +<xsl:include href="../../../shared/transforms/shared_xccdf-apply-overlay-stig.xslt"/>
 +<xsl:include href="constants.xslt"/>
 +<xsl:variable name="overlays" select="document()/xccdf:overlays" />
 +
 +</xsl:stylesheet>
 diff --git a/products/msvsphere9/transforms/xccdf2table-cce.xslt b/products/msvsphere9/transforms/xccdf2table-cce.xslt
 new file mode 100644
 index 00000000..f156a669
 --- /dev/null
 +++ b/products/msvsphere9/transforms/xccdf2table-cce.xslt
@@ -0,0 +1,9 @@
 +<?xml version="1.0" encoding="utf-8" standalone="yes"?>
 +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:cce="http://cce.mitre.org" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml">
 +
 +<xsl:import href="../../../shared/transforms/shared_xccdf2table-cce.xslt"/>
 +
 +<xsl:include href="constants.xslt"/>
 +<xsl:include href="table-style.xslt"/>
 +
 +</xsl:stylesheet>
 diff --git a/products/msvsphere9/transforms/xccdf2table-profileccirefs.xslt b/products/msvsphere9/transforms/xccdf2table-profileccirefs.xslt
 new file mode 100644
 index 00000000..30419e92
 --- /dev/null
 +++ b/products/msvsphere9/transforms/xccdf2table-profileccirefs.xslt
@@ -0,0 +1,9 @@
 +<?xml version="1.0" encoding="utf-8" standalone="yes"?>
 +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:cci="https://public.cyber.mil/stigs/cci" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:ovalns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
 +
 +<xsl:import href="../../../shared/transforms/shared_xccdf2table-profileccirefs.xslt"/>
 +
 +<xsl:include href="constants.xslt"/>
 +<xsl:include href="table-style.xslt"/>
 +
 +</xsl:stylesheet>
 diff --git a/shared/checks/oval/installed_OS_is_msvsphere9.xml b/shared/checks/oval/installed_OS_is_msvsphere9.xml
 new file mode 100644
 index 00000000..7db019aa
 --- /dev/null
 +++ b/shared/checks/oval/installed_OS_is_msvsphere9.xml
@@ -0,0 +1,34 @@
 +<def-group>
 +  <definition class="inventory" id="installed_OS_is_msvsphere9" version="3">
 +    <metadata>
 +      <title>MSVSphere 9</title>
 +      <affected family="unix">
 +        <platform>multi_platform_all</platform>
 +      </affected>
 +      <reference ref_id="cpe:/o:ncsd:msvsphere:9" source="CPE" />
 +      <description>The operating system installed on the system is MSVSphere 9</description>
 +    </metadata>
 +    <criteria comment="current OS is 9" operator="AND">
 +      <extend_definition comment="Installed OS is part of the Unix family" definition_ref="installed_OS_is_part_of_Unix_family" />
 +      <criterion comment="MSVSphere is installed" test_ref="test_msvsphere" />
 +      <criterion comment="MSVSphere 9 is installed" test_ref="test_msvsphere9" />
 +    </criteria>
 +  </definition>
 +
 +  <unix:file_test check="all" check_existence="all_exist" comment="/etc/msvsphere exists" id="test_msvsphere" version="1">
 +    <unix:object object_ref="obj_msvsphere" />
 +  </unix:file_test>
 +  <unix:file_object comment="check /etc/msvsphere file" id="obj_msvsphere" version="1">
 +    <unix:filepath>/etc/msvsphere</unix:filepath>
 +  </unix:file_object>
 +
 +  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check Custom OS version" id="test_msvsphere9" version="1">
 +    <ind:object object_ref="obj_msvsphere9" />
 +  </ind:textfilecontent54_test>
 +  <ind:textfilecontent54_object id="obj_msvsphere9" version="1" comment="Check MSVSphere version">
 +    <ind:filepath>/etc/msvsphere</ind:filepath>
 +    <ind:pattern operation="pattern match">^9.[0-9]+$</ind:pattern>
 +    <ind:instance datatype="int">1</ind:instance>
 +  </ind:textfilecontent54_object>
 +
 +</def-group>
 diff --git a/ssg/constants.py b/ssg/constants.py
 index c0285809..5bc2ea24 100644
 --- a/ssg/constants.py
 +++ b/ssg/constants.py
@@ -45,6 +45,7 @@ product_directories = [
     'chromium',
     'debian10', 'debian11', 'debian12',
     'example',
 +    'msvsphere9',
     'eks',
     'fedora',
     'firefox',
@@ -205,6 +206,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = {
     "Debian 11": "debian11",
     "Debian 12": "debian12",
     "Example": "example",
 +    "MSVSphere 9": "msvsphere9",
     "Amazon Elastic Kubernetes Service": "eks",
     "Fedora": "fedora",
     "Firefox": "firefox",
@@ -278,7 +280,7 @@ REFERENCES = dict(
 )
 -MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
 +MULTI_PLATFORM_LIST = ["rhel", "fedora", "msvsphere", "rhv", "debian", "ubuntu",
                        "openeuler",
                        "opensuse", "sle", "ol", "ocp", "rhcos",
                        "example", "eks", "alinux", "uos", "anolis", "openembedded"]
@@ -290,6 +292,7 @@ MULTI_PLATFORM_MAPPING = {
     "multi_platform_example": ["example"],
     "multi_platform_eks": ["eks"],
     "multi_platform_fedora": ["fedora"],
 +    "multi_platform_msvsphere": ["msvsphere9"],
     "multi_platform_openeuler": ["openeuler2203"],
     "multi_platform_opensuse": ["opensuse"],
     "multi_platform_ol": ["ol7", "ol8", "ol9"],
@@ -455,6 +458,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = {
     'anolis': 'Anolis OS',
     'chromium': 'Google Chromium Browser',
     'fedora': 'Fedora',
 +    'msvsphere': 'MSVSphere',
     'firefox': 'Mozilla Firefox',
     'macos': 'Apple macOS',
     'rhel': 'Red Hat Enterprise Linux',
 -- 
 2.43.5
--- a/SOURCES/scap-security-guide-0.1.73-add-msvsphere9-product.patch
+++ b/SOURCES/scap-security-guide-0.1.73-add-msvsphere9-product.patch
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@ -6,7 +6,7 @@
 Name:		scap-security-guide
 Version:	0.1.73
-Release:	1%{?dist}.inferit.1
+Release:	1%{?dist}.inferit.2
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 URL:		https://github.com/ComplianceAsCode/content/
@ -14,7 +14,8 @@ Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{versio
 BuildArch:	noarch
 # MSVSphere
-Patch1000:      scap-security-guide-0.1.73-add-msvsphere9-product.patch
+#Patch1000:      scap-security-guide-0.1.73-add-msvsphere9-product.patch
 Patch1000:      0001-Add-session-monitor-rule.patch
 BuildRequires:	libxslt
 BuildRequires:	expat
@ -95,7 +96,7 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 %files doc
 %doc %{_docdir}/%{name}/guides/*.html
-%doc %{_docdir}/%{name}/tables/*.html
+##%%doc %{_docdir}/%{name}/tables/*.html
 %if %{defined rhel}
 %files rule-playbooks
@ -104,6 +105,9 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 %endif
 %changelog
 * Fri Sep 13 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 0.1.73-1.inferit.2
 - Added rule for tracking user sessions and locking screen when status changes
 * Thu Aug 29 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 0.1.73-1.inferit.1
 - Fixup: try to add MSVSphere security profiles