From 6bd2cb26d40246bf7645355018e4b8154018d1e4 Mon Sep 17 00:00:00 2001
From: Sergey Cherevko <s.cherevko@msvsphere-os.ru>
Date: Mon, 23 Sep 2024 11:56:30 +0300
Subject: [PATCH] Add session-monitor rule

---
 CMakeLists.txt                                |   5 +
 build_product                                 |   1 +
 components/session-monitor.yml                |   6 +
 .../rule.yml                                  |  27 +++++
 .../service_session-monitor_enabled/rule.yml  |  40 +++++++
 products/msvsphere9/CMakeLists.txt            |   8 ++
 .../cpe/msvsphere9-cpe-dictionary.xml         |  10 ++
 .../ssg-msvsphere9-session-monitor-ks.cfg     | 112 ++++++++++++++++++
 products/msvsphere9/product.yml               |  26 ++++
 .../profiles/session-monitor.profile          |  33 ++++++
 products/msvsphere9/transforms/constants.xslt |  16 +++
 .../msvsphere9/transforms/table-style.xslt    |   5 +
 .../transforms/xccdf-apply-overlay-stig.xslt  |   8 ++
 .../transforms/xccdf2table-cce.xslt           |   9 ++
 .../xccdf2table-profileccirefs.xslt           |   9 ++
 .../oval/installed_OS_is_msvsphere9.xml       |  34 ++++++
 ssg/constants.py                              |   6 +-
 17 files changed, 354 insertions(+), 1 deletion(-)
 create mode 100644 components/session-monitor.yml
 create mode 100644 linux_os/guide/system/software/system-tools/package_session-monitor_installed/rule.yml
 create mode 100644 linux_os/guide/system/software/system-tools/service_session-monitor_enabled/rule.yml
 create mode 100644 products/msvsphere9/CMakeLists.txt
 create mode 100644 products/msvsphere9/cpe/msvsphere9-cpe-dictionary.xml
 create mode 100644 products/msvsphere9/kickstart/ssg-msvsphere9-session-monitor-ks.cfg
 create mode 100644 products/msvsphere9/product.yml
 create mode 100644 products/msvsphere9/profiles/session-monitor.profile
 create mode 100644 products/msvsphere9/transforms/constants.xslt
 create mode 100644 products/msvsphere9/transforms/table-style.xslt
 create mode 100644 products/msvsphere9/transforms/xccdf-apply-overlay-stig.xslt
 create mode 100644 products/msvsphere9/transforms/xccdf2table-cce.xslt
 create mode 100644 products/msvsphere9/transforms/xccdf2table-profileccirefs.xslt
 create mode 100644 shared/checks/oval/installed_OS_is_msvsphere9.xml

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5d4bc725..3197125e 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -88,6 +88,7 @@ option(SSG_PRODUCT_DEBIAN11 "If enabled, the Debian 11 SCAP content will be buil
 option(SSG_PRODUCT_DEBIAN12 "If enabled, the Debian 12 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_EKS "If enabled, the EKS SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_EXAMPLE "If enabled, the Example SCAP content will be built" FALSE)
+option(SSG_PRODUCT_MSVSPHERE9 "If enabled, the MSVSphere SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_FEDORA "If enabled, the Fedora SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_FIREFOX "If enabled, the Firefox SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
 option(SSG_PRODUCT_MACOS1015 "If enabled, the Apple macOS 10.15 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -317,6 +318,7 @@ message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}")
 message(STATUS "Debian 11: ${SSG_PRODUCT_DEBIAN11}")
 message(STATUS "Debian 12: ${SSG_PRODUCT_DEBIAN12}")
 message(STATUS "Example: ${SSG_PRODUCT_EXAMPLE}")
+message(STATUS "MSVSphere 9: ${SSG_PRODUCT_MSVSPHERE9}")
 message(STATUS "EKS: ${SSG_PRODUCT_EKS}")
 message(STATUS "Fedora: ${SSG_PRODUCT_FEDORA}")
 message(STATUS "Firefox: ${SSG_PRODUCT_FIREFOX}")
@@ -402,6 +404,9 @@ endif()
 if(SSG_PRODUCT_EXAMPLE)
     add_subdirectory("products/example" "example")
 endif()
+if(SSG_PRODUCT_MSVSPHERE9)
+    add_subdirectory("products/msvsphere9" "msvsphere9")
+endif()
 if(SSG_PRODUCT_EKS)
     add_subdirectory("products/eks" "eks")
 endif()
diff --git a/build_product b/build_product
index e6fb8699..14f9c29e 100755
--- a/build_product
+++ b/build_product
@@ -354,6 +354,7 @@ all_cmake_products=(
 	DEBIAN11
 	DEBIAN12
 	EXAMPLE
+	MSVSPHERE9
 	EKS
 	FEDORA
 	FIREFOX
diff --git a/components/session-monitor.yml b/components/session-monitor.yml
new file mode 100644
index 00000000..af38d9b3
--- /dev/null
+++ b/components/session-monitor.yml
@@ -0,0 +1,6 @@
+name: session-monitor
+packages:
+- session-monitor
+rules:
+- package_session-monitor_installed
+- service_session-monitor_enabled
diff --git a/linux_os/guide/system/software/system-tools/package_session-monitor_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_session-monitor_installed/rule.yml
new file mode 100644
index 00000000..c2b5f232
--- /dev/null
+++ b/linux_os/guide/system/software/system-tools/package_session-monitor_installed/rule.yml
@@ -0,0 +1,27 @@
+documentation_complete: true
+
+
+title: 'Install the session-monitor package'
+
+description: |-
+    Monitor user sessions and lock screen on state change.
+    Useful if screen was changed.
+    {{{ describe_package_install(package="session-monitor") }}}
+
+rationale: |-
+    Monitor user sessions and lock screen on state change
+
+severity: high
+
+identifiers:
+    cce@rhel7: CCE-82403-7
+    cce@rhel8: CCE-82404-5
+
+ocil_clause: 'the package is not installed'
+
+ocil: '{{{ ocil_package(package="session-monitor") }}}'
+
+template:
+    name: package_installed
+    vars:
+        pkgname: session-monitor
diff --git a/linux_os/guide/system/software/system-tools/service_session-monitor_enabled/rule.yml b/linux_os/guide/system/software/system-tools/service_session-monitor_enabled/rule.yml
new file mode 100644
index 00000000..35942027
--- /dev/null
+++ b/linux_os/guide/system/software/system-tools/service_session-monitor_enabled/rule.yml
@@ -0,0 +1,40 @@
+documentation_complete: true
+
+
+title: 'Enable Process Accounting (session-monitor)'
+
+description: |-
+    Monitor user sessions and lock screen on state change.
+    Useful if screen was changed.
+    {{{ describe_package_install(package="session-monitor") }}}
+
+rationale: |-
+    Monitor user sessions and lock screen on state change
+
+severity: low
+
+identifiers:
+    cce@rhel7: CCE-80265-2
+    cce@rhel8: CCE-82401-1
+
+references:
+    cis-csc: 1,11,12,13,14,15,16,2,3,5,6,7,8,9
+    cobit5: APO10.01,APO10.03,APO10.04,APO10.05,APO11.04,BAI03.05,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS01.03,DSS03.05,DSS05.02,DSS05.04,DSS05.05,DSS05.07,DSS06.06,MEA01.01,MEA01.02,MEA01.03,MEA01.04,MEA01.05,MEA02.01
+    isa-62443-2009: 4.3.2.6.7,4.3.3.3.9,4.3.3.5.1,4.3.3.5.2,4.3.3.5.3,4.3.3.5.4,4.3.3.5.5,4.3.3.5.6,4.3.3.5.7,4.3.3.5.8,4.3.3.6.1,4.3.3.6.2,4.3.3.6.3,4.3.3.6.4,4.3.3.6.5,4.3.3.6.6,4.3.3.6.7,4.3.3.6.8,4.3.3.6.9,4.3.3.7.1,4.3.3.7.2,4.3.3.7.3,4.3.3.7.4,4.3.4.3.2,4.3.4.3.3,4.3.4.4.7,4.4.2.1,4.4.2.2,4.4.2.4
+    isa-62443-2013: 'SR 1.1,SR 1.10,SR 1.11,SR 1.12,SR 1.13,SR 1.2,SR 1.3,SR 1.4,SR 1.5,SR 1.6,SR 1.7,SR 1.8,SR 1.9,SR 2.1,SR 2.10,SR 2.11,SR 2.12,SR 2.2,SR 2.3,SR 2.4,SR 2.5,SR 2.6,SR 2.7,SR 2.8,SR 2.9,SR 6.1,SR 6.2,SR 7.6'
+    iso27001-2013: A.12.1.2,A.12.4.1,A.12.4.2,A.12.4.3,A.12.4.4,A.12.5.1,A.12.6.2,A.12.7.1,A.14.2.2,A.14.2.3,A.14.2.4,A.14.2.7,A.15.2.1,A.15.2.2,A.9.1.2
+    nist: AU-12(a),CM-6(a)
+    nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.IP-1,PR.PT-1,PR.PT-3
+
+ocil_clause: |-
+    {{{ ocil_clause_service_disabled(service="session-monitor") }}}
+
+ocil: |-
+    {{{ ocil_service_disabled(service="session-monitor") }}}
+
+platform: machine
+
+template:
+    name: service_enabled
+    vars:
+        servicename: session-monitor
diff --git a/products/msvsphere9/CMakeLists.txt b/products/msvsphere9/CMakeLists.txt
new file mode 100644
index 00000000..cc479a30
--- /dev/null
+++ b/products/msvsphere9/CMakeLists.txt
@@ -0,0 +1,8 @@
+# Sometimes our users will try to do: "cd msvsphere9; cmake ." That needs to error in a nice way.
+if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
+    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
+endif()
+
+set(PRODUCT "msvsphere9")
+
+ssg_build_product(${PRODUCT})
diff --git a/products/msvsphere9/cpe/msvsphere9-cpe-dictionary.xml b/products/msvsphere9/cpe/msvsphere9-cpe-dictionary.xml
new file mode 100644
index 00000000..78a20f6a
--- /dev/null
+++ b/products/msvsphere9/cpe/msvsphere9-cpe-dictionary.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<cpe-list xmlns="http://cpe.mitre.org/dictionary/2.0"
+          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:schemaLocation="http://cpe.mitre.org/dictionary/2.0 http://cpe.mitre.org/files/cpe-dictionary_2.1.xsd">
+      <cpe-item name="cpe:/o:ncsd:msvsphere:9">
+            <title xml:lang="en-us">MSVSphere 9</title>
+            <!-- the check references an OVAL file that contains an inventory definition -->
+            <check system="http://oval.mitre.org/XMLSchema/oval-definitions-5" href="filename">installed_OS_is_msvsphere9</check>
+      </cpe-item>
+</cpe-list>
diff --git a/products/msvsphere9/kickstart/ssg-msvsphere9-session-monitor-ks.cfg b/products/msvsphere9/kickstart/ssg-msvsphere9-session-monitor-ks.cfg
new file mode 100644
index 00000000..840f33b5
--- /dev/null
+++ b/products/msvsphere9/kickstart/ssg-msvsphere9-session-monitor-ks.cfg
@@ -0,0 +1,112 @@
+# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for Red Hat Enterprise Linux 8
+# Version: 0.0.1
+# Date: 2021-01-28
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+# For more information see the following documentation:
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/scanning-the-system-for-configuration-compliance-and-vulnerabilities_security-hardening#deploying-baseline-compliant-rhel-systems-using-kickstart_deploying-systems-that-are-compliant-with-a-security-profile-immediately-after-an-installation
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server=<hostname> --dir=<directory> [--opts=<nfs options>]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang ru_RU.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard --vckeymap us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# Set the system time zone (required)
+timezone --utc Europe/Moscow
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
+#   grub2-mkpasswd-pbkdf2
+# to see how to create encrypted password form for different plaintext password
+bootloader
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_session-monitor
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require 'Server with GUI' package environment to be installed
+@^Server with GUI
+
+%end
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/msvsphere9/product.yml b/products/msvsphere9/product.yml
new file mode 100644
index 00000000..f2b7f0f0
--- /dev/null
+++ b/products/msvsphere9/product.yml
@@ -0,0 +1,26 @@
+product: msvsphere9
+full_name: MSVSphere 9
+type: platform
+
+families:
+  - rhel
+  - rhel-like
+
+major_version_ordinal: 9
+
+benchmark_id: MSVSPHERE-9
+benchmark_root: "../../linux_os/guide"
+components_root: "../../components"
+
+profiles_root: "./profiles"
+
+pkg_manager: "dnf"
+
+init_system: "systemd"
+
+cpes_root: "../../shared/applicability"
+cpes:
+  - msvsphere9:
+      name: "cpe:/o:ncsd:msvsphere:9"
+      title: "MSVSphere 9"
+      check_id: installed_OS_is_msvsphere9
diff --git a/products/msvsphere9/profiles/session-monitor.profile b/products/msvsphere9/profiles/session-monitor.profile
new file mode 100644
index 00000000..594d59bb
--- /dev/null
+++ b/products/msvsphere9/profiles/session-monitor.profile
@@ -0,0 +1,33 @@
+documentation_complete: true
+
+title: 'Session-monitor profile for MSVSphere 9'
+
+description: |-
+    This profile contains the rule needed to monitor
+    user sessions and lock the screen when
+    the status changes
+
+selections:
+    - accounts_password_minlen_login_defs
+    - file_groupowner_etc_group
+    - file_groupowner_etc_gshadow
+    - file_groupowner_etc_passwd
+    - file_groupowner_etc_shadow
+    - file_owner_etc_group
+    - file_owner_etc_gshadow
+    - file_owner_etc_passwd
+    - file_owner_etc_shadow
+    - file_permissions_etc_group
+    - file_permissions_etc_gshadow
+    - file_permissions_etc_passwd
+    - file_permissions_etc_shadow
+    - no_empty_passwords
+    - sshd_disable_root_login
+    - sshd_disable_empty_passwords
+    - sshd_idle_timeout_value=5_minutes
+    - sshd_set_idle_timeout
+    - var_sshd_set_keepalive=0
+    - sshd_set_keepalive_0
+    - package_audit_installed
+    - package_session-monitor_installed
+    - service_session-monitor_enabled
diff --git a/products/msvsphere9/transforms/constants.xslt b/products/msvsphere9/transforms/constants.xslt
new file mode 100644
index 00000000..e85de907
--- /dev/null
+++ b/products/msvsphere9/transforms/constants.xslt
@@ -0,0 +1,16 @@
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+<xsl:include href="../../../shared/transforms/shared_constants.xslt"/>
+
+<xsl:variable name="product_long_name">MSVSphere 9</xsl:variable>
+<xsl:variable name="product_short_name">MSVSphere9</xsl:variable>
+<xsl:variable name="product_stig_id_name">MSVSPHERE_STIG</xsl:variable>
+<xsl:variable name="prod_type">msvsphere9</xsl:variable>
+
+<!-- Define URI of official Center for Internet Security Benchmark for MSVSphere 9 -->
+<xsl:variable name="cisuri">https://benchmarks.cisecurity.org/tools2/linux/CIS_MSVSphere_Benchmark_v1.0.pdf</xsl:variable>
+
+<!-- Define URI for custom policy reference which can be used for linking to corporate policy -->
+<!--xsl:variable name="custom-ref-uri">https://www.example.org</xsl:variable-->
+
+</xsl:stylesheet>
diff --git a/products/msvsphere9/transforms/table-style.xslt b/products/msvsphere9/transforms/table-style.xslt
new file mode 100644
index 00000000..8b6caeab
--- /dev/null
+++ b/products/msvsphere9/transforms/table-style.xslt
@@ -0,0 +1,5 @@
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+<xsl:import href="../../../shared/transforms/shared_table-style.xslt"/>
+
+</xsl:stylesheet>
diff --git a/products/msvsphere9/transforms/xccdf-apply-overlay-stig.xslt b/products/msvsphere9/transforms/xccdf-apply-overlay-stig.xslt
new file mode 100644
index 00000000..f2f1d725
--- /dev/null
+++ b/products/msvsphere9/transforms/xccdf-apply-overlay-stig.xslt
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://checklists.nist.gov/xccdf/1.1" xmlns:xccdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml" exclude-result-prefixes="xccdf">
+
+<xsl:include href="../../../shared/transforms/shared_xccdf-apply-overlay-stig.xslt"/>
+<xsl:include href="constants.xslt"/>
+<xsl:variable name="overlays" select="document()/xccdf:overlays" />
+
+</xsl:stylesheet>
diff --git a/products/msvsphere9/transforms/xccdf2table-cce.xslt b/products/msvsphere9/transforms/xccdf2table-cce.xslt
new file mode 100644
index 00000000..f156a669
--- /dev/null
+++ b/products/msvsphere9/transforms/xccdf2table-cce.xslt
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:cce="http://cce.mitre.org" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:xhtml="http://www.w3.org/1999/xhtml">
+
+<xsl:import href="../../../shared/transforms/shared_xccdf2table-cce.xslt"/>
+
+<xsl:include href="constants.xslt"/>
+<xsl:include href="table-style.xslt"/>
+
+</xsl:stylesheet>
diff --git a/products/msvsphere9/transforms/xccdf2table-profileccirefs.xslt b/products/msvsphere9/transforms/xccdf2table-profileccirefs.xslt
new file mode 100644
index 00000000..30419e92
--- /dev/null
+++ b/products/msvsphere9/transforms/xccdf2table-profileccirefs.xslt
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cdf="http://checklists.nist.gov/xccdf/1.1" xmlns:cci="https://public.cyber.mil/stigs/cci" xmlns:xhtml="http://www.w3.org/1999/xhtml" xmlns:ovalns="http://oval.mitre.org/XMLSchema/oval-definitions-5">
+
+<xsl:import href="../../../shared/transforms/shared_xccdf2table-profileccirefs.xslt"/>
+
+<xsl:include href="constants.xslt"/>
+<xsl:include href="table-style.xslt"/>
+
+</xsl:stylesheet>
diff --git a/shared/checks/oval/installed_OS_is_msvsphere9.xml b/shared/checks/oval/installed_OS_is_msvsphere9.xml
new file mode 100644
index 00000000..7db019aa
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_msvsphere9.xml
@@ -0,0 +1,34 @@
+<def-group>
+  <definition class="inventory" id="installed_OS_is_msvsphere9" version="3">
+    <metadata>
+      <title>MSVSphere 9</title>
+      <affected family="unix">
+        <platform>multi_platform_all</platform>
+      </affected>
+      <reference ref_id="cpe:/o:ncsd:msvsphere:9" source="CPE" />
+      <description>The operating system installed on the system is MSVSphere 9</description>
+    </metadata>
+    <criteria comment="current OS is 9" operator="AND">
+      <extend_definition comment="Installed OS is part of the Unix family" definition_ref="installed_OS_is_part_of_Unix_family" />
+      <criterion comment="MSVSphere is installed" test_ref="test_msvsphere" />
+      <criterion comment="MSVSphere 9 is installed" test_ref="test_msvsphere9" />
+    </criteria>
+  </definition>
+
+  <unix:file_test check="all" check_existence="all_exist" comment="/etc/msvsphere exists" id="test_msvsphere" version="1">
+    <unix:object object_ref="obj_msvsphere" />
+  </unix:file_test>
+  <unix:file_object comment="check /etc/msvsphere file" id="obj_msvsphere" version="1">
+    <unix:filepath>/etc/msvsphere</unix:filepath>
+  </unix:file_object>
+
+  <ind:textfilecontent54_test check="all" check_existence="at_least_one_exists" comment="Check Custom OS version" id="test_msvsphere9" version="1">
+    <ind:object object_ref="obj_msvsphere9" />
+  </ind:textfilecontent54_test>
+  <ind:textfilecontent54_object id="obj_msvsphere9" version="1" comment="Check MSVSphere version">
+    <ind:filepath>/etc/msvsphere</ind:filepath>
+    <ind:pattern operation="pattern match">^9.[0-9]+$</ind:pattern>
+    <ind:instance datatype="int">1</ind:instance>
+  </ind:textfilecontent54_object>
+
+</def-group>
diff --git a/ssg/constants.py b/ssg/constants.py
index c0285809..5bc2ea24 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -45,6 +45,7 @@ product_directories = [
     'chromium',
     'debian10', 'debian11', 'debian12',
     'example',
+    'msvsphere9',
     'eks',
     'fedora',
     'firefox',
@@ -205,6 +206,7 @@ FULL_NAME_TO_PRODUCT_MAPPING = {
     "Debian 11": "debian11",
     "Debian 12": "debian12",
     "Example": "example",
+    "MSVSphere 9": "msvsphere9",
     "Amazon Elastic Kubernetes Service": "eks",
     "Fedora": "fedora",
     "Firefox": "firefox",
@@ -278,7 +280,7 @@ REFERENCES = dict(
 )
 
 
-MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
+MULTI_PLATFORM_LIST = ["rhel", "fedora", "msvsphere", "rhv", "debian", "ubuntu",
                        "openeuler",
                        "opensuse", "sle", "ol", "ocp", "rhcos",
                        "example", "eks", "alinux", "uos", "anolis", "openembedded"]
@@ -290,6 +292,7 @@ MULTI_PLATFORM_MAPPING = {
     "multi_platform_example": ["example"],
     "multi_platform_eks": ["eks"],
     "multi_platform_fedora": ["fedora"],
+    "multi_platform_msvsphere": ["msvsphere9"],
     "multi_platform_openeuler": ["openeuler2203"],
     "multi_platform_opensuse": ["opensuse"],
     "multi_platform_ol": ["ol7", "ol8", "ol9"],
@@ -455,6 +458,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = {
     'anolis': 'Anolis OS',
     'chromium': 'Google Chromium Browser',
     'fedora': 'Fedora',
+    'msvsphere': 'MSVSphere',
     'firefox': 'Mozilla Firefox',
     'macos': 'Apple macOS',
     'rhel': 'Red Hat Enterprise Linux',
-- 
2.43.5