From 68d4c9e2ffdf9353c11a24290eb34b05941315f7 Mon Sep 17 00:00:00 2001
From: Matthew Burket <mburket@redhat.com>
Date: Thu, 23 Jan 2025 13:44:33 -0600
Subject: [PATCH] RHEL now checks no other users have primary group ID 0

---
 .../root_logins/accounts_root_gid_zero/oval/shared.xml        | 4 ++--
 .../accounts_root_gid_zero/tests/other_user_uid_0.fail.sh     | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/oval/shared.xml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/oval/shared.xml
index 1acc77321a8..b1abe12caf9 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/oval/shared.xml
@@ -3,7 +3,7 @@
     {{{ oval_metadata("The root account should have primary group of 0") }}}
     <criteria operator="AND">
       <criterion comment="tests that the root account's gid is equal to 0" test_ref="test_{{{rule_id}}}" />
-      {{% if 'ubuntu' in product %}}
+      {{% if 'ubuntu' in product or 'rhel' in product %}}
       <criterion comment="no other users have primary group ID 0" test_ref="test_{{{rule_id}}}_no_other_gid_0" />
       {{% endif %}}
     </criteria>
@@ -24,7 +24,7 @@
     <ind:subexpression operation="equals" datatype="int">0</ind:subexpression>
   </ind:textfilecontent54_state>
 
-  {{% if 'ubuntu' in product %}}
+  {{% if 'ubuntu' in product or 'rhel' in product %}}
   <!-- Test for other users with GID 0 (excluding sync, shutdown, halt, operator) -->
   <ind:textfilecontent54_test id="test_{{{rule_id}}}_no_other_gid_0" check="all" check_existence="none_exist" comment="test that there are no other accounts with GID 0 except root" version="1">
     <ind:object object_ref="object_{{{rule_id}}}_no_other_gid_0" />
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
index 483e08812eb..ba82e5ddba0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_root_gid_zero/tests/other_user_uid_0.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-
+# platform = multi_platform_rhel,multi_platform_ubuntu
 # Remediation doesn't fix the rule, only locks passwords
 # of non-root accounts with uid 0.
 # remediation = none