diff --git a/tests/data/profile_stability/rhel9/cis.profile b/tests/data/profile_stability/rhel9/cis.profile
index d0eecd81138..c3899b0d991 100644
--- a/tests/data/profile_stability/rhel9/cis.profile
+++ b/tests/data/profile_stability/rhel9/cis.profile
@@ -12,424 +12,460 @@ metadata:
     - yuumasato
 reference: https://www.cisecurity.org/benchmark/red_hat_linux/
 selections:
-- sysctl_net_ipv4_conf_all_accept_redirects
-- auditd_data_retention_max_log_file
-- audit_rules_session_events
-- sysctl_net_ipv6_conf_all_accept_redirects
-- audit_rules_login_events_lastlog
-- file_owner_cron_daily
-- ensure_root_password_configured
-- file_owner_backup_etc_shadow
-- package_setroubleshoot_removed
-- audit_rules_dac_modification_lsetxattr
-- audit_rules_networkconfig_modification
-- audit_rules_networkconfig_modification_network_scripts
-- sysctl_net_ipv4_conf_default_log_martians
-- audit_rules_unsuccessful_file_modification_truncate
-- auditd_data_retention_space_left_action
-- audit_sudo_log_events
-- grub2_audit_backlog_limit_argument
-- audit_rules_file_deletion_events_unlinkat
-- file_permissions_home_directories
-- file_permissions_crontab
-- audit_rules_kernel_module_loading_finit
-- sudo_require_reauthentication
-- file_cron_deny_not_exist
-- accounts_no_uid_except_zero
-- disable_host_auth
-- package_tftp-server_removed
-- file_groupowner_backup_etc_gshadow
+- account_disable_post_pw_expiration
+- account_password_pam_faillock_password_auth
+- account_password_pam_faillock_system_auth
 - account_unique_id
-- file_groupowner_etc_motd
-- grub2_password
+- account_unique_name
 - accounts_maximum_age_login_defs
-- file_owner_etc_group
-- audit_rules_execution_setfacl
-- service_crond_enabled
-- file_permissions_backup_etc_gshadow
-- file_owner_crontab
-- sysctl_net_ipv4_tcp_syncookies
-- file_owner_etc_issue_net
-- sshd_set_keepalive
-- set_firewalld_default_zone
+- accounts_minimum_age_login_defs
+- accounts_no_uid_except_zero
+- accounts_password_all_shadowed
+- accounts_password_last_change_is_in_past
+- accounts_password_pam_dictcheck
+- accounts_password_pam_difok
+- accounts_password_pam_enforce_root
+- accounts_password_pam_maxrepeat
+- accounts_password_pam_minclass
+- accounts_password_pam_minlen
+- accounts_password_pam_pwhistory_remember_password_auth
+- accounts_password_pam_pwhistory_remember_system_auth
+- accounts_password_set_max_life_existing
+- accounts_password_set_min_life_existing
+- accounts_password_set_warn_age_existing
+- accounts_password_warn_age_login_defs
+- accounts_passwords_pam_faillock_deny
+- accounts_passwords_pam_faillock_deny_root
+- accounts_passwords_pam_faillock_unlock_time
+- accounts_root_gid_zero
+- accounts_root_path_dirs_no_write
+- accounts_set_post_pw_existing
+- accounts_tmout
 - accounts_umask_etc_bashrc
-- mount_option_var_log_audit_nodev
-- service_auditd_enabled
-- file_permissions_grub2_cfg
+- accounts_umask_etc_login_defs
+- accounts_umask_etc_profile
+- accounts_user_dot_group_ownership
+- accounts_user_dot_no_world_writable_programs
+- accounts_user_dot_user_ownership
+- accounts_user_interactive_home_directory_exists
+- aide_build_database
+- aide_check_audit_tools
+- aide_periodic_cron_checking
+- audit_rules_dac_modification_chmod
+- audit_rules_dac_modification_chown
+- audit_rules_dac_modification_fchmod
+- audit_rules_dac_modification_fchmodat
+- audit_rules_dac_modification_fchown
+- audit_rules_dac_modification_fchownat
+- audit_rules_dac_modification_fremovexattr
+- audit_rules_dac_modification_fsetxattr
+- audit_rules_dac_modification_lchown
+- audit_rules_dac_modification_lremovexattr
+- audit_rules_dac_modification_lsetxattr
+- audit_rules_dac_modification_removexattr
+- audit_rules_dac_modification_setxattr
+- audit_rules_execution_chacl
+- audit_rules_execution_chcon
+- audit_rules_execution_setfacl
+- audit_rules_file_deletion_events_rename
+- audit_rules_file_deletion_events_renameat
+- audit_rules_file_deletion_events_unlink
+- audit_rules_file_deletion_events_unlinkat
+- audit_rules_immutable
+- audit_rules_kernel_module_loading_create
 - audit_rules_kernel_module_loading_delete
-- dconf_gnome_screensaver_user_locks
-- no_empty_passwords
+- audit_rules_kernel_module_loading_finit
+- audit_rules_kernel_module_loading_init
+- audit_rules_kernel_module_loading_query
+- audit_rules_login_events_faillock
+- audit_rules_login_events_lastlog
+- audit_rules_mac_modification
+- audit_rules_mac_modification_usr_share
+- audit_rules_media_export
+- audit_rules_networkconfig_modification
+- audit_rules_networkconfig_modification_network_scripts
+- audit_rules_privileged_commands
+- audit_rules_privileged_commands_kmod
+- audit_rules_privileged_commands_usermod
+- audit_rules_session_events
+- audit_rules_suid_auid_privilege_function
+- audit_rules_sysadmin_actions
 - audit_rules_time_adjtimex
-- accounts_password_pam_minlen
-- audit_rules_dac_modification_fchmodat
-- grub2_audit_argument
-- sysctl_net_ipv4_conf_all_secure_redirects
-- file_groupowner_sshd_config
 - audit_rules_time_clock_settime
-- dir_perms_world_writable_sticky_bits
-- mount_option_var_log_audit_nosuid
-- kernel_module_squashfs_disabled
-- accounts_user_dot_no_world_writable_programs
-- sshd_set_max_auth_tries
-- package_telnet-server_removed
 - audit_rules_time_settimeofday
-- file_groupownership_home_directories
-- sysctl_net_ipv6_conf_default_accept_source_route
-- audit_rules_dac_modification_fsetxattr
-- package_cyrus-imapd_removed
-- file_permissions_sshd_config
-- no_netrc_files
-- audit_rules_immutable
-- mount_option_dev_shm_nodev
-- package_cups_removed
-- file_permissions_cron_monthly
-- dconf_gnome_login_banner_text
-- chronyd_specify_remote_server
-- sysctl_net_ipv4_conf_default_send_redirects
-- file_permissions_backup_etc_group
-- audit_rules_dac_modification_fchownat
-- kernel_module_usb-storage_disabled
-- mount_option_tmp_nodev
+- audit_rules_time_watch_localtime
+- audit_rules_unsuccessful_file_modification_creat
+- audit_rules_unsuccessful_file_modification_ftruncate
+- audit_rules_unsuccessful_file_modification_open
+- audit_rules_unsuccessful_file_modification_openat
+- audit_rules_unsuccessful_file_modification_truncate
+- audit_rules_usergroup_modification_group
 - audit_rules_usergroup_modification_gshadow
-- gid_passwd_group_same
-- sysctl_net_ipv6_conf_default_accept_redirects
-- set_password_hashing_algorithm_passwordauth
-- dconf_gnome_session_idle_user_locks
-- sudo_require_authentication
-- accounts_password_set_min_life_existing
-- kernel_module_tipc_disabled
-- dconf_gnome_banner_enabled
-- sysctl_net_ipv4_conf_default_secure_redirects
-- file_groupowner_cron_d
 - audit_rules_usergroup_modification_opasswd
-- audit_rules_mac_modification_usr_share
-- accounts_passwords_pam_faillock_unlock_time
-- file_owner_grub2_cfg
-- audit_rules_kernel_module_loading_query
-- no_shelllogin_for_systemaccounts
-- file_owner_cron_allow
-- dconf_gnome_screensaver_idle_delay
-- directory_permissions_var_log_audit
-- package_samba_removed
-- sshd_set_loglevel_verbose
-- audit_rules_time_stime
-- accounts_user_interactive_home_directory_exists
-- accounts_tmout
-- file_groupowner_backup_etc_shadow
-- file_owner_etc_passwd
-- mount_option_var_tmp_nodev
-- partition_for_home
-- audit_rules_file_deletion_events_rename
-- package_rsync_removed
-- accounts_password_pam_retry
-- chronyd_run_as_chrony_user
-- file_permissions_cron_weekly
-- file_permissions_etc_group
-- file_permissions_ungroupowned
-- aide_build_database
-- accounts_password_all_shadowed
-- set_nftables_table
-- file_permissions_etc_motd
-- set_password_hashing_algorithm_logindefs
-- mount_option_tmp_nosuid
-- package_xorg-x11-server-common_removed
-- service_firewalld_enabled
-- rsyslog_nolisten
-- accounts_password_pam_pwhistory_remember_password_auth
-- package_net-snmp_removed
-- coredump_disable_backtraces
-- partition_for_dev_shm
+- audit_rules_usergroup_modification_passwd
+- audit_rules_usergroup_modification_shadow
+- audit_sudo_log_events
+- auditd_data_disk_error_action
+- auditd_data_disk_full_action
+- auditd_data_retention_action_mail_acct
 - auditd_data_retention_admin_space_left_action
+- auditd_data_retention_max_log_file
+- auditd_data_retention_max_log_file_action
+- auditd_data_retention_space_left_action
+- banner_etc_issue
+- banner_etc_issue_net
+- banner_etc_motd
+- chronyd_run_as_chrony_user
+- chronyd_specify_remote_server
+- configure_crypto_policy
 - configure_ssh_crypto_policy
+- coredump_disable_backtraces
+- coredump_disable_storage
+- dconf_db_up_to_date
+- dconf_gnome_banner_enabled
+- dconf_gnome_disable_automount
+- dconf_gnome_disable_automount_open
+- dconf_gnome_disable_autorun
+- dconf_gnome_disable_user_list
+- dconf_gnome_login_banner_text
+- dconf_gnome_screensaver_idle_delay
+- dconf_gnome_screensaver_lock_delay
+- dconf_gnome_screensaver_user_locks
+- dconf_gnome_session_idle_user_locks
+- dir_perms_world_writable_sticky_bits
+- directory_permissions_var_log_audit
+- disable_host_auth
+- enable_authselect
+- ensure_gpgcheck_globally_activated
 - ensure_pam_wheel_group_empty
-- package_vsftpd_removed
-- auditd_data_retention_max_log_file_action
-- sshd_disable_x11_forwarding
-- sshd_enable_pam
-- audit_rules_kernel_module_loading_init
-- audit_rules_time_watch_localtime
-- package_dnsmasq_removed
-- sshd_enable_warning_banner_net
-- file_permissions_sshd_pub_key
-- file_permissions_cron_allow
-- file_owner_etc_motd
-- rsyslog_filecreatemode
-- file_owner_cron_d
-- audit_rules_unsuccessful_file_modification_open
-- accounts_umask_etc_login_defs
-- mount_option_home_nodev
-- mount_option_dev_shm_noexec
-- audit_rules_usergroup_modification_group
-- audit_rules_dac_modification_removexattr
-- audit_rules_dac_modification_setxattr
-- journald_forward_to_syslog
-- audit_rules_execution_chcon
-- audit_rules_dac_modification_lremovexattr
-- package_ftp_removed
-- accounts_password_last_change_is_in_past
-- sysctl_net_ipv4_conf_default_rp_filter
-- sysctl_net_ipv4_conf_all_log_martians
+- ensure_root_password_configured
+- file_at_deny_not_exist
+- file_cron_allow_exists
+- file_cron_deny_not_exist
+- file_etc_security_opasswd
+- file_group_ownership_var_log_audit
+- file_groupowner_at_allow
+- file_groupowner_backup_etc_group
+- file_groupowner_backup_etc_gshadow
+- file_groupowner_backup_etc_passwd
+- file_groupowner_backup_etc_shadow
+- file_groupowner_cron_allow
+- file_groupowner_cron_d
+- file_groupowner_cron_daily
+- file_groupowner_cron_hourly
+- file_groupowner_cron_monthly
+- file_groupowner_cron_weekly
+- file_groupowner_crontab
 - file_groupowner_etc_group
-- package_libselinux_installed
-- file_owner_cron_weekly
-- mount_option_var_nosuid
-- file_owner_etc_shadow
-- account_unique_name
-- sshd_set_idle_timeout
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
-- audit_rules_dac_modification_chown
-- has_nonlocal_mta
-- accounts_password_warn_age_login_defs
-- mount_option_var_log_nosuid
-- file_groupowner_etc_shadow
-- file_permissions_cron_hourly
-- coredump_disable_storage
-- auditd_data_retention_action_mail_acct
 - file_groupowner_etc_gshadow
-- audit_rules_unsuccessful_file_modification_ftruncate
-- no_rsh_trust_files
-- rsyslog_files_permissions
-- account_password_pam_faillock_system_auth
-- mount_option_var_tmp_noexec
-- mount_option_var_nodev
-- audit_rules_privileged_commands_kmod
-- audit_rules_sysadmin_actions
 - file_groupowner_etc_issue
+- file_groupowner_etc_issue_net
+- file_groupowner_etc_motd
+- file_groupowner_etc_passwd
+- file_groupowner_etc_shadow
+- file_groupowner_etc_shells
+- file_groupowner_grub2_cfg
+- file_groupowner_sshd_config
+- file_groupowner_user_cfg
+- file_groupownership_audit_binaries
+- file_groupownership_audit_configuration
+- file_groupownership_sshd_private_key
+- file_groupownership_sshd_pub_key
 - file_owner_backup_etc_group
-- file_permissions_cron_daily
-- file_groupowner_backup_etc_passwd
-- set_password_hashing_algorithm_systemauth
-- sshd_set_max_sessions
-- journald_compress
-- package_sudo_installed
+- file_owner_backup_etc_gshadow
 - file_owner_backup_etc_passwd
-- audit_rules_login_events_faillock
-- file_groupowner_etc_passwd
-- package_firewalld_installed
-- file_permissions_unauthorized_world_writable
-- sysctl_net_ipv4_conf_all_accept_source_route
-- audit_rules_dac_modification_fchown
-- file_at_deny_not_exist
-- mount_option_home_nosuid
-- file_permissions_var_log_audit
-- mount_option_dev_shm_nosuid
+- file_owner_backup_etc_shadow
+- file_owner_cron_allow
+- file_owner_cron_d
+- file_owner_cron_daily
+- file_owner_cron_hourly
+- file_owner_cron_monthly
+- file_owner_cron_weekly
+- file_owner_crontab
+- file_owner_etc_group
+- file_owner_etc_gshadow
+- file_owner_etc_issue
+- file_owner_etc_issue_net
+- file_owner_etc_motd
+- file_owner_etc_passwd
+- file_owner_etc_shadow
+- file_owner_etc_shells
+- file_owner_grub2_cfg
+- file_owner_sshd_config
 - file_owner_user_cfg
-- sysctl_net_ipv6_conf_all_forwarding
-- audit_rules_mac_modification
-- file_permissions_cron_d
-- dconf_db_up_to_date
-- sysctl_net_ipv4_ip_forward
-- audit_rules_usergroup_modification_passwd
-- accounts_password_pam_minclass
-- service_rsyslog_enabled
-- sshd_set_maxstartups
-- file_groupowner_cron_allow
-- sudo_add_use_pty
-- sysctl_net_ipv6_conf_all_accept_ra
-- package_httpd_removed
-- audit_rules_dac_modification_lchown
-- audit_rules_kernel_module_loading_create
-- group_unique_id
-- file_cron_allow_exists
-- file_groupowner_user_cfg
-- dconf_gnome_disable_automount
-- package_bind_removed
-- file_groupowner_cron_weekly
-- socket_systemd-journal-remote_disabled
-- enable_authselect
-- kernel_module_udf_disabled
-- file_groupowner_etc_issue_net
-- sysctl_net_ipv6_conf_default_accept_ra
-- sysctl_net_ipv4_conf_all_send_redirects
-- account_password_pam_faillock_password_auth
-- banner_etc_motd
-- file_permissions_backup_etc_shadow
-- journald_storage
-- sudo_custom_logfile
-- audit_rules_dac_modification_fchmod
-- account_disable_post_pw_expiration
-- aide_check_audit_tools
+- file_ownership_audit_binaries
 - file_ownership_audit_configuration
-- selinux_state
-- service_nfs_disabled
-- partition_for_var_tmp
-- grub2_enable_selinux
-- service_nftables_disabled
-- use_pam_wheel_group_for_su
-- file_permissions_audit_configuration
-- package_nginx_removed
-- accounts_password_pam_pwhistory_remember_system_auth
-- file_permissions_etc_issue_net
+- file_ownership_sshd_private_key
 - file_ownership_sshd_pub_key
-- file_ownership_audit_binaries
-- sysctl_net_ipv4_conf_all_rp_filter
-- sysctl_net_ipv4_conf_default_accept_redirects
-- file_permissions_backup_etc_passwd
 - file_ownership_var_log_audit_stig
-- package_tftp_removed
-- file_groupownership_audit_binaries
-- no_empty_passwords_etc_shadow
-- package_dhcp_removed
-- file_groupowner_at_allow
-- package_aide_installed
-- mount_option_tmp_noexec
-- sshd_disable_rhosts
+- file_permission_user_init_files
+- file_permissions_at_allow
 - file_permissions_audit_binaries
-- package_avahi_removed
-- service_rpcbind_disabled
-- accounts_umask_etc_profile
-- file_owner_etc_issue
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
-- accounts_root_path_dirs_no_write
-- package_squid_removed
-- file_groupowner_cron_daily
-- package_openldap-clients_removed
-- partition_for_var_log
-- audit_rules_suid_auid_privilege_function
-- file_groupowner_cron_monthly
-- ensure_gpgcheck_globally_activated
-- configure_crypto_policy
-- aide_periodic_cron_checking
+- file_permissions_audit_configuration
+- file_permissions_backup_etc_group
+- file_permissions_backup_etc_gshadow
+- file_permissions_backup_etc_passwd
+- file_permissions_backup_etc_shadow
+- file_permissions_cron_allow
+- file_permissions_cron_d
+- file_permissions_cron_daily
+- file_permissions_cron_hourly
+- file_permissions_cron_monthly
+- file_permissions_cron_weekly
+- file_permissions_crontab
+- file_permissions_etc_group
+- file_permissions_etc_gshadow
+- file_permissions_etc_issue
+- file_permissions_etc_issue_net
+- file_permissions_etc_motd
 - file_permissions_etc_passwd
-- file_groupownership_sshd_private_key
-- package_dovecot_removed
+- file_permissions_etc_shadow
+- file_permissions_etc_shells
+- file_permissions_grub2_cfg
+- file_permissions_home_directories
+- file_permissions_sshd_config
+- file_permissions_sshd_private_key
+- file_permissions_sshd_pub_key
+- file_permissions_unauthorized_world_writable
+- file_permissions_ungroupowned
+- file_permissions_user_cfg
+- file_permissions_var_log_audit
 - firewalld_loopback_traffic_restricted
-- mount_option_var_log_nodev
+- firewalld_loopback_traffic_trusted
+- gid_passwd_group_same
+- gnome_gdm_disable_xdmcp
+- group_unique_id
+- grub2_audit_argument
+- grub2_audit_backlog_limit_argument
+- grub2_enable_selinux
+- grub2_password
+- has_nonlocal_mta
+- journald_compress
+- journald_forward_to_syslog
+- journald_storage
+- kernel_module_cramfs_disabled
+- kernel_module_dccp_disabled
+- kernel_module_freevxfs_disabled
+- kernel_module_hfs_disabled
+- kernel_module_hfsplus_disabled
+- kernel_module_jffs2_disabled
+- kernel_module_rds_disabled
+- kernel_module_sctp_disabled
+- kernel_module_squashfs_disabled
+- kernel_module_tipc_disabled
+- kernel_module_udf_disabled
+- kernel_module_usb-storage_disabled
+- mount_option_dev_shm_nodev
+- mount_option_dev_shm_noexec
+- mount_option_dev_shm_nosuid
+- mount_option_home_nodev
+- mount_option_home_nosuid
+- mount_option_tmp_nodev
+- mount_option_tmp_noexec
+- mount_option_tmp_nosuid
+- mount_option_var_log_audit_nodev
 - mount_option_var_log_audit_noexec
-- sshd_set_login_grace_time
-- file_owner_cron_hourly
-- dconf_gnome_disable_automount_open
-- selinux_not_disabled
-- service_systemd-journald_enabled
-- package_nftables_installed
+- mount_option_var_log_audit_nosuid
+- mount_option_var_log_nodev
 - mount_option_var_log_noexec
-- partition_for_var
-- package_mcstrans_removed
-- sshd_limit_user_access
-- root_path_no_dot
-- file_permissions_at_allow
-- file_permissions_etc_shadow
+- mount_option_var_log_nosuid
+- mount_option_var_nodev
+- mount_option_var_nosuid
+- mount_option_var_tmp_nodev
+- mount_option_var_tmp_noexec
 - mount_option_var_tmp_nosuid
-- package_telnet_removed
-- file_groupowner_crontab
-- selinux_confinement_of_daemons
-- dconf_gnome_disable_autorun
-- accounts_password_set_max_life_existing
-- package_audit_installed
-- sshd_disable_empty_passwords
-- audit_rules_execution_chacl
-- audit_rules_file_deletion_events_renameat
-- audit_rules_privileged_commands_usermod
-- accounts_set_post_pw_existing
-- file_groupowner_cron_hourly
-- file_owner_sshd_config
-- file_owner_cron_monthly
-- no_password_auth_for_systemaccounts
-- audit_rules_privileged_commands
-- file_permissions_etc_issue
+- no_empty_passwords
+- no_empty_passwords_etc_shadow
+- no_files_unowned_by_user
 - no_forward_files
-- selinux_policytype
-- file_permissions_user_cfg
+- no_netrc_files
+- no_password_auth_for_systemaccounts
+- no_rsh_trust_files
+- no_shelllogin_for_systemaccounts
+- package_aide_installed
+- package_audit-libs_installed
+- package_audit_installed
+- package_avahi_removed
+- package_bind_removed
+- package_cups_removed
+- package_cyrus-imapd_removed
+- package_dhcp_removed
+- package_dnsmasq_removed
+- package_dovecot_removed
+- package_firewalld_installed
+- package_ftp_removed
 - package_gdm_removed
-- dconf_gnome_screensaver_lock_delay
-- audit_rules_usergroup_modification_shadow
-- sshd_disable_tcp_forwarding
-- file_groupownership_sshd_pub_key
-- audit_rules_file_deletion_events_unlink
+- package_httpd_removed
+- package_libselinux_installed
+- package_mcstrans_removed
+- package_net-snmp_removed
+- package_nftables_installed
+- package_nginx_removed
+- package_openldap-clients_removed
+- package_pam_pwquality_installed
+- package_rsync_removed
+- package_rsyslog_installed
+- package_samba_removed
+- package_setroubleshoot_removed
+- package_squid_removed
+- package_sudo_installed
+- package_systemd-journal-remote_installed
+- package_telnet-server_removed
+- package_telnet_removed
+- package_tftp-server_removed
+- package_tftp_removed
+- package_vsftpd_removed
+- package_xinetd_removed
+- package_xorg-x11-server-common_removed
+- package_ypbind_removed
+- package_ypserv_removed
+- partition_for_dev_shm
+- partition_for_home
+- partition_for_tmp
+- partition_for_var
+- partition_for_var_log
+- partition_for_var_log_audit
+- partition_for_var_tmp
 - postfix_network_listening_disabled
+- root_path_no_dot
+- rsyslog_filecreatemode
 - rsyslog_files_groupownership
-- accounts_minimum_age_login_defs
-- file_permissions_etc_gshadow
-- file_ownership_sshd_private_key
-- file_permissions_sshd_private_key
-- sysctl_net_ipv6_conf_all_accept_source_route
-- file_owner_etc_gshadow
-- package_rsyslog_installed
-- sysctl_kernel_randomize_va_space
-- audit_rules_dac_modification_chmod
-- gnome_gdm_disable_xdmcp
-- sshd_disable_root_login
-- file_groupownership_audit_configuration
-- file_group_ownership_var_log_audit
-- audit_rules_unsuccessful_file_modification_openat
-- banner_etc_issue_net
-- audit_rules_media_export
-- sysctl_net_ipv4_conf_default_accept_source_route
 - rsyslog_files_ownership
-- file_groupowner_backup_etc_group
-- file_groupowner_grub2_cfg
-- banner_etc_issue
-- dconf_gnome_disable_user_list
-- partition_for_tmp
+- rsyslog_files_permissions
+- rsyslog_nolisten
+- selinux_not_disabled
+- selinux_policytype
+- selinux_state
+- service_auditd_enabled
+- service_autofs_disabled
+- service_bluetooth_disabled
+- service_crond_enabled
+- service_firewalld_enabled
+- service_nfs_disabled
+- service_nftables_disabled
+- service_rpcbind_disabled
+- service_rsyslog_enabled
+- service_systemd-journald_enabled
+- set_password_hashing_algorithm_libuserconf
+- set_password_hashing_algorithm_logindefs
+- set_password_hashing_algorithm_passwordauth
+- set_password_hashing_algorithm_systemauth
+- socket_systemd-journal-remote_disabled
+- sshd_disable_empty_passwords
+- sshd_disable_gssapi_auth
+- sshd_disable_rhosts
+- sshd_disable_root_login
 - sshd_do_not_permit_user_env
-- file_owner_backup_etc_gshadow
-- accounts_passwords_pam_faillock_deny
-- no_files_unowned_by_user
-- audit_rules_dac_modification_fremovexattr
-- firewalld_loopback_traffic_trusted
-- partition_for_var_log_audit
+- sshd_enable_pam
+- sshd_enable_warning_banner_net
+- sshd_limit_user_access
+- sshd_set_idle_timeout
+- sshd_set_keepalive
+- sshd_set_login_grace_time
+- sshd_set_loglevel_verbose
+- sshd_set_max_auth_tries
+- sshd_set_max_sessions
+- sshd_set_maxstartups
+- sshd_use_approved_ciphers
+- sshd_use_strong_kex
+- sshd_use_strong_macs
+- sudo_add_use_pty
+- sudo_custom_logfile
+- sudo_require_authentication
+- sudo_require_reauthentication
+- sysctl_kernel_randomize_va_space
+- sysctl_kernel_yama_ptrace_scope
+- sysctl_net_ipv4_conf_all_accept_redirects
+- sysctl_net_ipv4_conf_all_accept_source_route
+- sysctl_net_ipv4_conf_all_log_martians
+- sysctl_net_ipv4_conf_all_rp_filter
+- sysctl_net_ipv4_conf_all_secure_redirects
+- sysctl_net_ipv4_conf_all_send_redirects
+- sysctl_net_ipv4_conf_default_accept_redirects
+- sysctl_net_ipv4_conf_default_accept_source_route
+- sysctl_net_ipv4_conf_default_log_martians
+- sysctl_net_ipv4_conf_default_rp_filter
+- sysctl_net_ipv4_conf_default_secure_redirects
+- sysctl_net_ipv4_conf_default_send_redirects
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+- sysctl_net_ipv4_ip_forward
+- sysctl_net_ipv4_tcp_syncookies
+- sysctl_net_ipv6_conf_all_accept_ra
+- sysctl_net_ipv6_conf_all_accept_redirects
+- sysctl_net_ipv6_conf_all_accept_source_route
+- sysctl_net_ipv6_conf_all_forwarding
+- sysctl_net_ipv6_conf_default_accept_ra
+- sysctl_net_ipv6_conf_default_accept_redirects
+- sysctl_net_ipv6_conf_default_accept_source_route
+- use_pam_wheel_group_for_su
 - wireless_disable_interfaces
-- accounts_root_gid_zero
-- audit_rules_unsuccessful_file_modification_creat
-- accounts_password_set_warn_age_existing
+- xwindows_runlevel_target
+- var_user_initialization_files_regex=all_dotfiles
 - var_accounts_user_umask=027
 - var_accounts_tmout=15_min
-- var_account_disable_post_pw_expiration=30
+- var_account_disable_post_pw_expiration=45
+- var_password_hashing_algorithm=SHA512
 - var_accounts_password_warn_age_login_defs=7
-- var_accounts_minimum_age_login_defs=1
 - var_accounts_maximum_age_login_defs=365
-- var_password_hashing_algorithm=SHA512
 - var_password_pam_remember_control_flag=requisite_or_required
-- var_password_pam_remember=5
-- var_accounts_passwords_pam_faillock_deny=3
-- var_accounts_passwords_pam_faillock_unlock_time=900
+- var_password_pam_remember=24
+- var_password_pam_dictcheck=1
+- var_password_pam_maxrepeat=3
 - var_password_pam_minclass=4
 - var_password_pam_minlen=14
+- var_password_pam_difok=2
+- var_accounts_passwords_pam_faillock_unlock_time=900
+- var_accounts_passwords_pam_faillock_deny=5
 - var_pam_wheel_group_for_su=cis
-- sshd_idle_timeout_value=15_minutes
-- var_sshd_set_keepalive=1
-- var_sshd_set_login_grace_time=60
 - var_sshd_max_sessions=10
 - var_sshd_set_maxstartups=10:30:60
 - sshd_max_auth_tries_value=4
-- var_nftables_family=inet
-- var_nftables_table=firewalld
+- var_sshd_set_login_grace_time=60
+- sshd_idle_timeout_value=5_minutes
+- var_sshd_set_keepalive=1
+- sshd_strong_macs=cis_rhel9
+- sshd_strong_kex=cis_rhel9
+- sshd_approved_ciphers=cis_rhel9
 - sysctl_net_ipv6_conf_all_accept_ra_value=disabled
 - sysctl_net_ipv6_conf_default_accept_ra_value=disabled
 - sysctl_net_ipv4_tcp_syncookies_value=enabled
-- sysctl_net_ipv4_conf_all_rp_filter_value=enabled
-- sysctl_net_ipv4_conf_default_rp_filter_value=enabled
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
 - sysctl_net_ipv4_conf_all_log_martians_value=enabled
 - sysctl_net_ipv4_conf_default_log_martians_value=enabled
+- sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
+- sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
+- sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv4_conf_all_rp_filter_value=enabled
+- sysctl_net_ipv4_conf_default_rp_filter_value=enabled
 - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled
 - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled
 - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled
 - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled
 - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled
 - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled
-- sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
-- sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
-- sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
-- sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
 - sysctl_net_ipv6_conf_all_forwarding_value=disabled
-- var_postfix_inet_interfaces=loopback-only
 - var_multiple_time_servers=rhel
-- var_system_crypto_policy=default_policy
+- var_postfix_inet_interfaces=loopback-only
 - inactivity_timeout_value=15_minutes
 - var_screensaver_lock_delay=5_seconds
 - remote_login_banner_text=cis_banners
 - login_banner_text=cis_banners
 - motd_banner_text=cis_banners
+- var_system_crypto_policy=default_nosha1
 - var_selinux_policy_name=targeted
 - var_authselect_profile=sssd
 - var_accounts_passwords_pam_faillock_dir=run
 - var_auditd_action_mail_acct=root
-- var_auditd_admin_space_left_action=halt
-- var_auditd_space_left_action=email
+- var_auditd_admin_space_left_action=cis_rhel9
+- var_auditd_space_left_action=cis_rhel9
+- var_auditd_disk_error_action=cis_rhel9
+- var_auditd_disk_full_action=cis_rhel9
 - var_auditd_max_log_file_action=keep_logs
 - var_auditd_max_log_file=6
+- var_accounts_minimum_age_login_defs=1
 - var_selinux_state=enforcing
 unselected_groups: []
 platforms: !!set {}
@@ -439,5 +475,4 @@ filter_rules: ''
 policies:
 - cis_rhel9
 title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Server
-definition_location: /home/jcerny/work/git/content/products/rhel9/profiles/cis.profile
 documentation_complete: true
diff --git a/tests/data/profile_stability/rhel9/cis_server_l1.profile b/tests/data/profile_stability/rhel9/cis_server_l1.profile
index 8eb73a288db..7278ca428ec 100644
--- a/tests/data/profile_stability/rhel9/cis_server_l1.profile
+++ b/tests/data/profile_stability/rhel9/cis_server_l1.profile
@@ -12,330 +12,352 @@ metadata:
     - yuumasato
 reference: https://www.cisecurity.org/benchmark/red_hat_linux/
 selections:
-- coredump_disable_storage
-- package_dovecot_removed
+- account_disable_post_pw_expiration
+- account_password_pam_faillock_password_auth
+- account_password_pam_faillock_system_auth
+- account_unique_id
+- account_unique_name
+- accounts_maximum_age_login_defs
+- accounts_no_uid_except_zero
+- accounts_password_all_shadowed
+- accounts_password_last_change_is_in_past
+- accounts_password_pam_dictcheck
+- accounts_password_pam_difok
+- accounts_password_pam_enforce_root
+- accounts_password_pam_maxrepeat
+- accounts_password_pam_minclass
+- accounts_password_pam_minlen
+- accounts_password_pam_pwhistory_remember_password_auth
+- accounts_password_pam_pwhistory_remember_system_auth
+- accounts_password_set_max_life_existing
+- accounts_password_set_warn_age_existing
+- accounts_password_warn_age_login_defs
+- accounts_passwords_pam_faillock_deny
 - accounts_passwords_pam_faillock_unlock_time
-- sysctl_net_ipv4_conf_all_accept_redirects
-- firewalld_loopback_traffic_restricted
-- sysctl_net_ipv6_conf_all_accept_redirects
-- mount_option_var_log_nodev
-- file_groupowner_etc_gshadow
-- file_owner_grub2_cfg
-- no_shelllogin_for_systemaccounts
-- file_owner_cron_allow
+- accounts_root_gid_zero
+- accounts_root_path_dirs_no_write
+- accounts_set_post_pw_existing
+- accounts_tmout
+- accounts_umask_etc_bashrc
+- accounts_umask_etc_login_defs
+- accounts_umask_etc_profile
+- accounts_user_dot_group_ownership
+- accounts_user_dot_no_world_writable_programs
+- accounts_user_dot_user_ownership
+- accounts_user_interactive_home_directory_exists
+- aide_build_database
+- aide_check_audit_tools
+- aide_periodic_cron_checking
+- banner_etc_issue
+- banner_etc_issue_net
+- banner_etc_motd
+- chronyd_run_as_chrony_user
+- chronyd_specify_remote_server
+- configure_crypto_policy
+- configure_ssh_crypto_policy
+- coredump_disable_backtraces
+- coredump_disable_storage
+- dconf_db_up_to_date
+- dconf_gnome_banner_enabled
+- dconf_gnome_disable_automount
+- dconf_gnome_disable_automount_open
+- dconf_gnome_disable_autorun
+- dconf_gnome_disable_user_list
+- dconf_gnome_login_banner_text
 - dconf_gnome_screensaver_idle_delay
+- dconf_gnome_screensaver_lock_delay
+- dconf_gnome_screensaver_user_locks
+- dconf_gnome_session_idle_user_locks
+- dir_perms_world_writable_sticky_bits
+- disable_host_auth
+- enable_authselect
+- ensure_gpgcheck_globally_activated
+- ensure_pam_wheel_group_empty
 - ensure_root_password_configured
-- file_owner_cron_daily
-- file_owner_backup_etc_shadow
-- mount_option_var_log_audit_noexec
-- package_setroubleshoot_removed
-- sshd_set_login_grace_time
-- file_owner_cron_hourly
-- package_samba_removed
-- no_rsh_trust_files
-- rsyslog_files_permissions
-- account_password_pam_faillock_system_auth
-- dconf_gnome_disable_automount_open
-- mount_option_var_tmp_noexec
-- selinux_not_disabled
-- sshd_set_loglevel_verbose
-- sysctl_net_ipv4_conf_default_log_martians
-- service_systemd-journald_enabled
-- package_nftables_installed
-- mount_option_var_nodev
-- accounts_user_interactive_home_directory_exists
-- accounts_tmout
+- file_at_deny_not_exist
+- file_cron_allow_exists
+- file_cron_deny_not_exist
+- file_etc_security_opasswd
+- file_groupowner_at_allow
+- file_groupowner_backup_etc_group
+- file_groupowner_backup_etc_gshadow
+- file_groupowner_backup_etc_passwd
+- file_groupowner_backup_etc_shadow
+- file_groupowner_cron_allow
+- file_groupowner_cron_d
+- file_groupowner_cron_daily
+- file_groupowner_cron_hourly
+- file_groupowner_cron_monthly
+- file_groupowner_cron_weekly
+- file_groupowner_crontab
+- file_groupowner_etc_group
+- file_groupowner_etc_gshadow
 - file_groupowner_etc_issue
-- mount_option_var_log_noexec
+- file_groupowner_etc_issue_net
+- file_groupowner_etc_motd
+- file_groupowner_etc_passwd
+- file_groupowner_etc_shadow
+- file_groupowner_etc_shells
+- file_groupowner_grub2_cfg
+- file_groupowner_sshd_config
+- file_groupowner_user_cfg
+- file_groupownership_sshd_private_key
+- file_groupownership_sshd_pub_key
 - file_owner_backup_etc_group
+- file_owner_backup_etc_gshadow
+- file_owner_backup_etc_passwd
+- file_owner_backup_etc_shadow
+- file_owner_cron_allow
+- file_owner_cron_d
+- file_owner_cron_daily
+- file_owner_cron_hourly
+- file_owner_cron_monthly
+- file_owner_cron_weekly
+- file_owner_crontab
+- file_owner_etc_group
+- file_owner_etc_gshadow
+- file_owner_etc_issue
+- file_owner_etc_issue_net
+- file_owner_etc_motd
+- file_owner_etc_passwd
+- file_owner_etc_shadow
+- file_owner_etc_shells
+- file_owner_grub2_cfg
+- file_owner_sshd_config
+- file_owner_user_cfg
+- file_ownership_sshd_private_key
+- file_ownership_sshd_pub_key
+- file_permission_user_init_files
+- file_permissions_at_allow
+- file_permissions_backup_etc_group
+- file_permissions_backup_etc_gshadow
+- file_permissions_backup_etc_passwd
+- file_permissions_backup_etc_shadow
+- file_permissions_cron_allow
+- file_permissions_cron_d
 - file_permissions_cron_daily
-- file_groupowner_backup_etc_shadow
-- file_permissions_home_directories
-- file_groupowner_backup_etc_passwd
-- set_password_hashing_algorithm_systemauth
-- package_mcstrans_removed
-- sshd_limit_user_access
-- sshd_set_max_sessions
+- file_permissions_cron_hourly
+- file_permissions_cron_monthly
+- file_permissions_cron_weekly
 - file_permissions_crontab
-- journald_compress
-- file_permissions_at_allow
-- file_owner_etc_passwd
-- mount_option_var_tmp_nodev
-- file_owner_backup_etc_passwd
-- package_sudo_installed
-- root_path_no_dot
+- file_permissions_etc_group
+- file_permissions_etc_gshadow
+- file_permissions_etc_issue
+- file_permissions_etc_issue_net
+- file_permissions_etc_motd
+- file_permissions_etc_passwd
 - file_permissions_etc_shadow
-- file_groupowner_etc_passwd
-- mount_option_var_tmp_nosuid
-- package_rsync_removed
-- accounts_password_pam_retry
-- package_firewalld_installed
-- package_telnet_removed
-- sudo_require_reauthentication
+- file_permissions_etc_shells
+- file_permissions_grub2_cfg
+- file_permissions_home_directories
+- file_permissions_sshd_config
+- file_permissions_sshd_private_key
+- file_permissions_sshd_pub_key
 - file_permissions_unauthorized_world_writable
-- sysctl_net_ipv4_conf_all_accept_source_route
-- chronyd_run_as_chrony_user
-- file_at_deny_not_exist
-- file_groupowner_crontab
-- selinux_confinement_of_daemons
-- mount_option_home_nosuid
-- file_permissions_cron_weekly
-- file_cron_deny_not_exist
-- dconf_gnome_disable_autorun
-- accounts_password_set_max_life_existing
-- file_permissions_etc_group
-- accounts_no_uid_except_zero
-- disable_host_auth
 - file_permissions_ungroupowned
-- sshd_disable_empty_passwords
-- mount_option_dev_shm_nosuid
-- aide_build_database
-- file_owner_user_cfg
-- package_tftp-server_removed
-- sysctl_net_ipv6_conf_all_forwarding
-- file_groupowner_backup_etc_gshadow
-- accounts_password_all_shadowed
-- account_unique_id
-- set_nftables_table
-- accounts_set_post_pw_existing
-- file_groupowner_etc_motd
-- file_permissions_cron_d
+- file_permissions_user_cfg
+- firewalld_loopback_traffic_restricted
+- firewalld_loopback_traffic_trusted
+- gid_passwd_group_same
+- gnome_gdm_disable_xdmcp
+- group_unique_id
+- grub2_enable_selinux
 - grub2_password
-- file_groupowner_cron_hourly
-- dconf_db_up_to_date
-- sysctl_net_ipv4_ip_forward
-- file_owner_sshd_config
-- file_owner_cron_monthly
-- file_permissions_etc_motd
-- set_password_hashing_algorithm_logindefs
+- has_nonlocal_mta
+- journald_compress
+- journald_forward_to_syslog
+- journald_storage
+- kernel_module_cramfs_disabled
+- kernel_module_freevxfs_disabled
+- kernel_module_hfs_disabled
+- kernel_module_hfsplus_disabled
+- kernel_module_jffs2_disabled
+- kernel_module_usb-storage_disabled
+- mount_option_dev_shm_nodev
+- mount_option_dev_shm_noexec
+- mount_option_dev_shm_nosuid
+- mount_option_home_nodev
+- mount_option_home_nosuid
+- mount_option_tmp_nodev
+- mount_option_tmp_noexec
 - mount_option_tmp_nosuid
-- no_password_auth_for_systemaccounts
-- accounts_password_pam_minclass
-- service_rsyslog_enabled
-- sshd_set_maxstartups
-- file_groupowner_cron_allow
-- sudo_add_use_pty
-- sysctl_net_ipv6_conf_all_accept_ra
-- accounts_maximum_age_login_defs
-- file_permissions_etc_issue
-- package_httpd_removed
+- mount_option_var_log_audit_nodev
+- mount_option_var_log_audit_noexec
+- mount_option_var_log_audit_nosuid
+- mount_option_var_log_nodev
+- mount_option_var_log_noexec
+- mount_option_var_log_nosuid
+- mount_option_var_nodev
+- mount_option_var_nosuid
+- mount_option_var_tmp_nodev
+- mount_option_var_tmp_noexec
+- mount_option_var_tmp_nosuid
+- no_empty_passwords
+- no_empty_passwords_etc_shadow
+- no_files_unowned_by_user
 - no_forward_files
-- service_firewalld_enabled
-- rsyslog_nolisten
-- file_owner_etc_group
-- accounts_password_pam_pwhistory_remember_password_auth
-- group_unique_id
-- selinux_policytype
-- sysctl_net_ipv4_conf_default_secure_redirects
-- file_cron_allow_exists
-- file_groupowner_user_cfg
-- dconf_gnome_disable_automount
+- no_netrc_files
+- no_password_auth_for_systemaccounts
+- no_rsh_trust_files
+- no_shelllogin_for_systemaccounts
+- package_aide_installed
+- package_avahi_removed
 - package_bind_removed
-- file_groupowner_cron_weekly
-- socket_systemd-journal-remote_disabled
+- package_cups_removed
+- package_cyrus-imapd_removed
+- package_dhcp_removed
+- package_dnsmasq_removed
+- package_dovecot_removed
+- package_firewalld_installed
+- package_ftp_removed
+- package_httpd_removed
+- package_libselinux_installed
+- package_mcstrans_removed
 - package_net-snmp_removed
-- coredump_disable_backtraces
-- enable_authselect
-- partition_for_dev_shm
-- kernel_module_udf_disabled
-- file_groupowner_etc_issue_net
-- file_permissions_user_cfg
-- service_crond_enabled
-- sysctl_net_ipv4_conf_all_send_redirects
-- sysctl_net_ipv6_conf_default_accept_ra
-- dconf_gnome_screensaver_lock_delay
-- configure_ssh_crypto_policy
-- account_password_pam_faillock_password_auth
-- banner_etc_motd
-- file_permissions_backup_etc_gshadow
-- file_permissions_etc_passwd
-- ensure_pam_wheel_group_empty
-- file_permissions_backup_etc_shadow
-- journald_storage
-- file_owner_crontab
+- package_nftables_installed
+- package_nginx_removed
+- package_pam_pwquality_installed
+- package_rsync_removed
+- package_rsyslog_installed
+- package_samba_removed
+- package_setroubleshoot_removed
+- package_squid_removed
+- package_sudo_installed
+- package_systemd-journal-remote_installed
+- package_telnet-server_removed
+- package_telnet_removed
+- package_tftp-server_removed
+- package_tftp_removed
 - package_vsftpd_removed
-- sudo_custom_logfile
-- file_groupownership_sshd_pub_key
-- file_owner_etc_issue_net
-- account_disable_post_pw_expiration
-- sshd_enable_pam
-- sshd_set_keepalive
-- sysctl_net_ipv4_tcp_syncookies
-- set_firewalld_default_zone
-- aide_check_audit_tools
+- package_xinetd_removed
+- package_ypbind_removed
+- package_ypserv_removed
+- partition_for_dev_shm
+- partition_for_tmp
 - postfix_network_listening_disabled
-- accounts_umask_etc_bashrc
-- mount_option_var_log_audit_nodev
+- root_path_no_dot
+- rsyslog_filecreatemode
 - rsyslog_files_groupownership
+- rsyslog_files_ownership
+- rsyslog_files_permissions
+- rsyslog_nolisten
+- selinux_not_disabled
+- selinux_policytype
+- service_autofs_disabled
+- service_bluetooth_disabled
+- service_crond_enabled
+- service_firewalld_enabled
 - service_nfs_disabled
-- accounts_minimum_age_login_defs
-- file_permissions_grub2_cfg
-- dconf_gnome_screensaver_user_locks
-- file_permissions_etc_gshadow
-- sshd_enable_warning_banner_net
-- package_dnsmasq_removed
-- file_ownership_sshd_private_key
-- file_permissions_sshd_private_key
-- no_empty_passwords
-- grub2_enable_selinux
-- file_permissions_sshd_pub_key
 - service_nftables_disabled
-- mount_option_var_log_nosuid
-- accounts_password_pam_minlen
-- file_permissions_cron_allow
-- sysctl_net_ipv6_conf_all_accept_source_route
-- file_owner_etc_motd
-- use_pam_wheel_group_for_su
-- rsyslog_filecreatemode
-- sysctl_net_ipv4_conf_all_secure_redirects
-- file_owner_cron_d
-- file_groupowner_sshd_config
-- file_owner_etc_gshadow
-- accounts_password_pam_pwhistory_remember_system_auth
-- file_permissions_etc_issue_net
-- package_nginx_removed
-- dir_perms_world_writable_sticky_bits
-- file_ownership_sshd_pub_key
-- mount_option_var_log_audit_nosuid
-- package_rsyslog_installed
-- accounts_umask_etc_login_defs
-- kernel_module_squashfs_disabled
+- service_rpcbind_disabled
+- service_rsyslog_enabled
+- service_systemd-journald_enabled
+- set_password_hashing_algorithm_libuserconf
+- set_password_hashing_algorithm_logindefs
+- set_password_hashing_algorithm_passwordauth
+- set_password_hashing_algorithm_systemauth
+- socket_systemd-journal-remote_disabled
+- sshd_disable_empty_passwords
+- sshd_disable_rhosts
+- sshd_disable_root_login
+- sshd_do_not_permit_user_env
+- sshd_enable_pam
+- sshd_enable_warning_banner_net
+- sshd_limit_user_access
+- sshd_set_idle_timeout
+- sshd_set_keepalive
+- sshd_set_login_grace_time
+- sshd_set_loglevel_verbose
+- sshd_set_max_auth_tries
+- sshd_set_max_sessions
+- sshd_set_maxstartups
+- sshd_use_approved_ciphers
+- sshd_use_strong_kex
+- sshd_use_strong_macs
+- sudo_add_use_pty
+- sudo_custom_logfile
+- sudo_require_reauthentication
 - sysctl_kernel_randomize_va_space
-- accounts_user_dot_no_world_writable_programs
+- sysctl_kernel_yama_ptrace_scope
+- sysctl_net_ipv4_conf_all_accept_redirects
+- sysctl_net_ipv4_conf_all_accept_source_route
+- sysctl_net_ipv4_conf_all_log_martians
 - sysctl_net_ipv4_conf_all_rp_filter
-- sshd_set_max_auth_tries
+- sysctl_net_ipv4_conf_all_secure_redirects
+- sysctl_net_ipv4_conf_all_send_redirects
 - sysctl_net_ipv4_conf_default_accept_redirects
-- package_telnet-server_removed
-- gnome_gdm_disable_xdmcp
-- mount_option_home_nodev
-- file_groupownership_home_directories
-- sshd_disable_root_login
-- mount_option_dev_shm_noexec
-- sysctl_net_ipv6_conf_default_accept_source_route
-- file_permissions_backup_etc_passwd
-- package_cyrus-imapd_removed
-- file_permissions_sshd_config
-- no_netrc_files
-- banner_etc_issue_net
-- journald_forward_to_syslog
-- package_tftp_removed
-- no_empty_passwords_etc_shadow
-- package_dhcp_removed
-- file_groupowner_at_allow
-- mount_option_dev_shm_nodev
-- package_aide_installed
-- package_cups_removed
-- file_permissions_cron_monthly
-- mount_option_tmp_noexec
 - sysctl_net_ipv4_conf_default_accept_source_route
-- package_ftp_removed
-- rsyslog_files_ownership
-- accounts_password_last_change_is_in_past
+- sysctl_net_ipv4_conf_default_log_martians
 - sysctl_net_ipv4_conf_default_rp_filter
-- sysctl_net_ipv4_conf_all_log_martians
-- sshd_disable_rhosts
-- dconf_gnome_login_banner_text
-- chronyd_specify_remote_server
-- file_groupowner_etc_group
-- file_groupowner_backup_etc_group
+- sysctl_net_ipv4_conf_default_secure_redirects
 - sysctl_net_ipv4_conf_default_send_redirects
-- file_permissions_backup_etc_group
-- file_groupowner_grub2_cfg
-- package_avahi_removed
-- banner_etc_issue
-- accounts_umask_etc_profile
-- kernel_module_usb-storage_disabled
-- file_owner_etc_issue
-- mount_option_tmp_nodev
-- package_libselinux_installed
-- service_rpcbind_disabled
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
 - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
-- accounts_root_path_dirs_no_write
-- dconf_gnome_disable_user_list
-- file_owner_cron_weekly
-- gid_passwd_group_same
+- sysctl_net_ipv4_ip_forward
+- sysctl_net_ipv4_tcp_syncookies
+- sysctl_net_ipv6_conf_all_accept_ra
+- sysctl_net_ipv6_conf_all_accept_redirects
+- sysctl_net_ipv6_conf_all_accept_source_route
+- sysctl_net_ipv6_conf_all_forwarding
+- sysctl_net_ipv6_conf_default_accept_ra
 - sysctl_net_ipv6_conf_default_accept_redirects
-- partition_for_tmp
-- mount_option_var_nosuid
-- set_password_hashing_algorithm_passwordauth
-- package_squid_removed
-- sshd_do_not_permit_user_env
-- file_owner_backup_etc_gshadow
-- dconf_gnome_session_idle_user_locks
-- accounts_passwords_pam_faillock_deny
-- accounts_password_set_min_life_existing
-- file_groupowner_cron_daily
-- file_owner_etc_shadow
-- package_openldap-clients_removed
-- account_unique_name
-- sshd_set_idle_timeout
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
-- no_files_unowned_by_user
-- file_groupowner_cron_monthly
-- ensure_gpgcheck_globally_activated
-- firewalld_loopback_traffic_trusted
-- configure_crypto_policy
-- has_nonlocal_mta
+- sysctl_net_ipv6_conf_default_accept_source_route
+- use_pam_wheel_group_for_su
 - wireless_disable_interfaces
-- accounts_root_gid_zero
-- dconf_gnome_banner_enabled
-- accounts_password_warn_age_login_defs
-- accounts_password_set_warn_age_existing
-- aide_periodic_cron_checking
-- file_groupowner_etc_shadow
-- file_groupowner_cron_d
-- file_groupownership_sshd_private_key
-- file_permissions_cron_hourly
+- var_user_initialization_files_regex=all_dotfiles
 - var_accounts_user_umask=027
 - var_accounts_tmout=15_min
-- var_account_disable_post_pw_expiration=30
+- var_account_disable_post_pw_expiration=45
+- var_password_hashing_algorithm=SHA512
 - var_accounts_password_warn_age_login_defs=7
-- var_accounts_minimum_age_login_defs=1
 - var_accounts_maximum_age_login_defs=365
-- var_password_hashing_algorithm=SHA512
 - var_password_pam_remember_control_flag=requisite_or_required
-- var_password_pam_remember=5
-- var_accounts_passwords_pam_faillock_deny=3
-- var_accounts_passwords_pam_faillock_unlock_time=900
+- var_password_pam_remember=24
+- var_password_pam_dictcheck=1
+- var_password_pam_maxrepeat=3
 - var_password_pam_minclass=4
 - var_password_pam_minlen=14
+- var_password_pam_difok=2
+- var_accounts_passwords_pam_faillock_unlock_time=900
+- var_accounts_passwords_pam_faillock_deny=5
 - var_pam_wheel_group_for_su=cis
-- sshd_idle_timeout_value=15_minutes
-- var_sshd_set_keepalive=1
-- var_sshd_set_login_grace_time=60
 - var_sshd_max_sessions=10
 - var_sshd_set_maxstartups=10:30:60
 - sshd_max_auth_tries_value=4
-- var_nftables_family=inet
-- var_nftables_table=firewalld
+- var_sshd_set_login_grace_time=60
+- sshd_idle_timeout_value=5_minutes
+- var_sshd_set_keepalive=1
+- sshd_strong_macs=cis_rhel9
+- sshd_strong_kex=cis_rhel9
+- sshd_approved_ciphers=cis_rhel9
 - sysctl_net_ipv6_conf_all_accept_ra_value=disabled
 - sysctl_net_ipv6_conf_default_accept_ra_value=disabled
 - sysctl_net_ipv4_tcp_syncookies_value=enabled
-- sysctl_net_ipv4_conf_all_rp_filter_value=enabled
-- sysctl_net_ipv4_conf_default_rp_filter_value=enabled
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
 - sysctl_net_ipv4_conf_all_log_martians_value=enabled
 - sysctl_net_ipv4_conf_default_log_martians_value=enabled
+- sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
+- sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
+- sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv4_conf_all_rp_filter_value=enabled
+- sysctl_net_ipv4_conf_default_rp_filter_value=enabled
 - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled
 - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled
 - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled
 - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled
 - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled
 - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled
-- sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
-- sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
-- sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
-- sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
 - sysctl_net_ipv6_conf_all_forwarding_value=disabled
-- var_postfix_inet_interfaces=loopback-only
 - var_multiple_time_servers=rhel
-- var_system_crypto_policy=default_policy
+- var_postfix_inet_interfaces=loopback-only
 - inactivity_timeout_value=15_minutes
 - var_screensaver_lock_delay=5_seconds
 - remote_login_banner_text=cis_banners
 - login_banner_text=cis_banners
 - motd_banner_text=cis_banners
+- var_system_crypto_policy=default_nosha1
 - var_selinux_policy_name=targeted
 - var_authselect_profile=sssd
 unselected_groups: []
@@ -346,5 +368,4 @@ filter_rules: ''
 policies:
 - cis_rhel9
 title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Server
-definition_location: /home/jcerny/work/git/content/products/rhel9/profiles/cis_server_l1.profile
 documentation_complete: true
diff --git a/tests/data/profile_stability/rhel9/cis_workstation_l1.profile b/tests/data/profile_stability/rhel9/cis_workstation_l1.profile
index 0c1a4e07df3..93758f5a3d3 100644
--- a/tests/data/profile_stability/rhel9/cis_workstation_l1.profile
+++ b/tests/data/profile_stability/rhel9/cis_workstation_l1.profile
@@ -12,326 +12,344 @@ metadata:
     - yuumasato
 reference: https://www.cisecurity.org/benchmark/red_hat_linux/
 selections:
-- coredump_disable_storage
-- package_dovecot_removed
+- account_disable_post_pw_expiration
+- account_password_pam_faillock_password_auth
+- account_password_pam_faillock_system_auth
+- account_unique_id
+- account_unique_name
+- accounts_maximum_age_login_defs
+- accounts_no_uid_except_zero
+- accounts_password_all_shadowed
+- accounts_password_last_change_is_in_past
+- accounts_password_pam_dictcheck
+- accounts_password_pam_difok
+- accounts_password_pam_enforce_root
+- accounts_password_pam_maxrepeat
+- accounts_password_pam_minclass
+- accounts_password_pam_minlen
+- accounts_password_pam_pwhistory_remember_password_auth
+- accounts_password_pam_pwhistory_remember_system_auth
+- accounts_password_set_max_life_existing
+- accounts_password_set_warn_age_existing
+- accounts_password_warn_age_login_defs
+- accounts_passwords_pam_faillock_deny
 - accounts_passwords_pam_faillock_unlock_time
-- sysctl_net_ipv4_conf_all_accept_redirects
-- firewalld_loopback_traffic_restricted
-- sysctl_net_ipv6_conf_all_accept_redirects
-- mount_option_var_log_nodev
-- file_groupowner_etc_gshadow
-- file_owner_grub2_cfg
-- no_shelllogin_for_systemaccounts
-- file_owner_cron_allow
+- accounts_root_gid_zero
+- accounts_root_path_dirs_no_write
+- accounts_set_post_pw_existing
+- accounts_tmout
+- accounts_umask_etc_bashrc
+- accounts_umask_etc_login_defs
+- accounts_umask_etc_profile
+- accounts_user_dot_group_ownership
+- accounts_user_dot_no_world_writable_programs
+- accounts_user_dot_user_ownership
+- accounts_user_interactive_home_directory_exists
+- aide_build_database
+- aide_check_audit_tools
+- aide_periodic_cron_checking
+- banner_etc_issue
+- banner_etc_issue_net
+- banner_etc_motd
+- chronyd_run_as_chrony_user
+- chronyd_specify_remote_server
+- configure_crypto_policy
+- configure_ssh_crypto_policy
+- coredump_disable_backtraces
+- coredump_disable_storage
+- dconf_db_up_to_date
+- dconf_gnome_banner_enabled
+- dconf_gnome_disable_autorun
+- dconf_gnome_disable_user_list
+- dconf_gnome_login_banner_text
 - dconf_gnome_screensaver_idle_delay
+- dconf_gnome_screensaver_lock_delay
+- dconf_gnome_screensaver_user_locks
+- dconf_gnome_session_idle_user_locks
+- dir_perms_world_writable_sticky_bits
+- disable_host_auth
+- enable_authselect
+- ensure_gpgcheck_globally_activated
+- ensure_pam_wheel_group_empty
 - ensure_root_password_configured
-- file_owner_cron_daily
-- file_owner_backup_etc_shadow
-- mount_option_var_log_audit_noexec
-- sshd_set_login_grace_time
-- file_owner_cron_hourly
-- package_samba_removed
-- no_rsh_trust_files
-- rsyslog_files_permissions
-- account_password_pam_faillock_system_auth
-- dconf_gnome_disable_automount_open
-- mount_option_var_tmp_noexec
-- selinux_not_disabled
-- sshd_set_loglevel_verbose
-- sysctl_net_ipv4_conf_default_log_martians
-- service_systemd-journald_enabled
-- package_nftables_installed
-- mount_option_var_nodev
-- accounts_user_interactive_home_directory_exists
-- accounts_tmout
+- file_at_deny_not_exist
+- file_cron_allow_exists
+- file_cron_deny_not_exist
+- file_etc_security_opasswd
+- file_groupowner_at_allow
+- file_groupowner_backup_etc_group
+- file_groupowner_backup_etc_gshadow
+- file_groupowner_backup_etc_passwd
+- file_groupowner_backup_etc_shadow
+- file_groupowner_cron_allow
+- file_groupowner_cron_d
+- file_groupowner_cron_daily
+- file_groupowner_cron_hourly
+- file_groupowner_cron_monthly
+- file_groupowner_cron_weekly
+- file_groupowner_crontab
+- file_groupowner_etc_group
+- file_groupowner_etc_gshadow
 - file_groupowner_etc_issue
-- mount_option_var_log_noexec
+- file_groupowner_etc_issue_net
+- file_groupowner_etc_motd
+- file_groupowner_etc_passwd
+- file_groupowner_etc_shadow
+- file_groupowner_etc_shells
+- file_groupowner_grub2_cfg
+- file_groupowner_sshd_config
+- file_groupowner_user_cfg
+- file_groupownership_sshd_private_key
+- file_groupownership_sshd_pub_key
 - file_owner_backup_etc_group
+- file_owner_backup_etc_gshadow
+- file_owner_backup_etc_passwd
+- file_owner_backup_etc_shadow
+- file_owner_cron_allow
+- file_owner_cron_d
+- file_owner_cron_daily
+- file_owner_cron_hourly
+- file_owner_cron_monthly
+- file_owner_cron_weekly
+- file_owner_crontab
+- file_owner_etc_group
+- file_owner_etc_gshadow
+- file_owner_etc_issue
+- file_owner_etc_issue_net
+- file_owner_etc_motd
+- file_owner_etc_passwd
+- file_owner_etc_shadow
+- file_owner_etc_shells
+- file_owner_grub2_cfg
+- file_owner_sshd_config
+- file_owner_user_cfg
+- file_ownership_sshd_private_key
+- file_ownership_sshd_pub_key
+- file_permission_user_init_files
+- file_permissions_at_allow
+- file_permissions_backup_etc_group
+- file_permissions_backup_etc_gshadow
+- file_permissions_backup_etc_passwd
+- file_permissions_backup_etc_shadow
+- file_permissions_cron_allow
+- file_permissions_cron_d
 - file_permissions_cron_daily
-- file_groupowner_backup_etc_shadow
-- file_permissions_home_directories
-- file_groupowner_backup_etc_passwd
-- set_password_hashing_algorithm_systemauth
-- package_mcstrans_removed
-- sshd_limit_user_access
-- sshd_set_max_sessions
+- file_permissions_cron_hourly
+- file_permissions_cron_monthly
+- file_permissions_cron_weekly
 - file_permissions_crontab
-- journald_compress
-- file_permissions_at_allow
-- file_owner_etc_passwd
-- mount_option_var_tmp_nodev
-- file_owner_backup_etc_passwd
-- package_sudo_installed
-- root_path_no_dot
+- file_permissions_etc_group
+- file_permissions_etc_gshadow
+- file_permissions_etc_issue
+- file_permissions_etc_issue_net
+- file_permissions_etc_motd
+- file_permissions_etc_passwd
 - file_permissions_etc_shadow
-- file_groupowner_etc_passwd
-- mount_option_var_tmp_nosuid
-- package_rsync_removed
-- accounts_password_pam_retry
-- package_firewalld_installed
-- package_telnet_removed
-- sudo_require_reauthentication
+- file_permissions_etc_shells
+- file_permissions_grub2_cfg
+- file_permissions_home_directories
+- file_permissions_sshd_config
+- file_permissions_sshd_private_key
+- file_permissions_sshd_pub_key
 - file_permissions_unauthorized_world_writable
-- sysctl_net_ipv4_conf_all_accept_source_route
-- chronyd_run_as_chrony_user
-- file_at_deny_not_exist
-- file_groupowner_crontab
-- selinux_confinement_of_daemons
-- mount_option_home_nosuid
-- file_permissions_cron_weekly
-- file_cron_deny_not_exist
-- dconf_gnome_disable_autorun
-- accounts_password_set_max_life_existing
-- file_permissions_etc_group
-- accounts_no_uid_except_zero
-- disable_host_auth
 - file_permissions_ungroupowned
-- sshd_disable_empty_passwords
-- mount_option_dev_shm_nosuid
-- aide_build_database
-- file_owner_user_cfg
-- package_tftp-server_removed
-- sysctl_net_ipv6_conf_all_forwarding
-- file_groupowner_backup_etc_gshadow
-- accounts_password_all_shadowed
-- account_unique_id
-- set_nftables_table
-- accounts_set_post_pw_existing
-- file_groupowner_etc_motd
-- file_permissions_cron_d
+- file_permissions_user_cfg
+- firewalld_loopback_traffic_restricted
+- firewalld_loopback_traffic_trusted
+- gid_passwd_group_same
+- gnome_gdm_disable_xdmcp
+- group_unique_id
+- grub2_enable_selinux
 - grub2_password
-- file_groupowner_cron_hourly
-- dconf_db_up_to_date
-- sysctl_net_ipv4_ip_forward
-- file_owner_sshd_config
-- file_owner_cron_monthly
-- file_permissions_etc_motd
-- set_password_hashing_algorithm_logindefs
+- has_nonlocal_mta
+- journald_compress
+- journald_forward_to_syslog
+- journald_storage
+- kernel_module_cramfs_disabled
+- kernel_module_freevxfs_disabled
+- kernel_module_hfs_disabled
+- kernel_module_hfsplus_disabled
+- kernel_module_jffs2_disabled
+- mount_option_dev_shm_nodev
+- mount_option_dev_shm_noexec
+- mount_option_dev_shm_nosuid
+- mount_option_home_nodev
+- mount_option_home_nosuid
+- mount_option_tmp_nodev
+- mount_option_tmp_noexec
 - mount_option_tmp_nosuid
-- no_password_auth_for_systemaccounts
-- accounts_password_pam_minclass
-- service_rsyslog_enabled
-- sshd_set_maxstartups
-- file_groupowner_cron_allow
-- sudo_add_use_pty
-- sysctl_net_ipv6_conf_all_accept_ra
-- accounts_maximum_age_login_defs
-- file_permissions_etc_issue
-- package_httpd_removed
+- mount_option_var_log_audit_nodev
+- mount_option_var_log_audit_noexec
+- mount_option_var_log_audit_nosuid
+- mount_option_var_log_nodev
+- mount_option_var_log_noexec
+- mount_option_var_log_nosuid
+- mount_option_var_nodev
+- mount_option_var_nosuid
+- mount_option_var_tmp_nodev
+- mount_option_var_tmp_noexec
+- mount_option_var_tmp_nosuid
+- no_empty_passwords
+- no_empty_passwords_etc_shadow
+- no_files_unowned_by_user
 - no_forward_files
-- service_firewalld_enabled
-- rsyslog_nolisten
-- file_owner_etc_group
-- accounts_password_pam_pwhistory_remember_password_auth
-- group_unique_id
-- selinux_policytype
-- sysctl_net_ipv4_conf_default_secure_redirects
-- file_cron_allow_exists
-- file_groupowner_user_cfg
-- dconf_gnome_disable_automount
+- no_netrc_files
+- no_password_auth_for_systemaccounts
+- no_rsh_trust_files
+- no_shelllogin_for_systemaccounts
+- package_aide_installed
 - package_bind_removed
-- file_groupowner_cron_weekly
-- socket_systemd-journal-remote_disabled
+- package_cyrus-imapd_removed
+- package_dhcp_removed
+- package_dnsmasq_removed
+- package_dovecot_removed
+- package_firewalld_installed
+- package_ftp_removed
+- package_httpd_removed
+- package_libselinux_installed
+- package_mcstrans_removed
 - package_net-snmp_removed
-- coredump_disable_backtraces
-- enable_authselect
-- partition_for_dev_shm
-- kernel_module_udf_disabled
-- file_groupowner_etc_issue_net
-- file_permissions_user_cfg
-- service_crond_enabled
-- sysctl_net_ipv4_conf_all_send_redirects
-- sysctl_net_ipv6_conf_default_accept_ra
-- dconf_gnome_screensaver_lock_delay
-- configure_ssh_crypto_policy
-- account_password_pam_faillock_password_auth
-- banner_etc_motd
-- file_permissions_backup_etc_gshadow
-- file_permissions_etc_passwd
-- ensure_pam_wheel_group_empty
-- file_permissions_backup_etc_shadow
-- journald_storage
-- file_owner_crontab
+- package_nftables_installed
+- package_nginx_removed
+- package_pam_pwquality_installed
+- package_rsync_removed
+- package_rsyslog_installed
+- package_samba_removed
+- package_squid_removed
+- package_sudo_installed
+- package_systemd-journal-remote_installed
+- package_telnet-server_removed
+- package_telnet_removed
+- package_tftp-server_removed
+- package_tftp_removed
 - package_vsftpd_removed
-- sudo_custom_logfile
-- sshd_disable_x11_forwarding
-- file_groupownership_sshd_pub_key
-- file_owner_etc_issue_net
-- account_disable_post_pw_expiration
-- sshd_enable_pam
-- sshd_set_keepalive
-- sysctl_net_ipv4_tcp_syncookies
-- set_firewalld_default_zone
-- aide_check_audit_tools
+- package_xinetd_removed
+- package_ypbind_removed
+- package_ypserv_removed
+- partition_for_dev_shm
+- partition_for_tmp
 - postfix_network_listening_disabled
-- accounts_umask_etc_bashrc
-- mount_option_var_log_audit_nodev
+- root_path_no_dot
+- rsyslog_filecreatemode
 - rsyslog_files_groupownership
+- rsyslog_files_ownership
+- rsyslog_files_permissions
+- rsyslog_nolisten
+- selinux_not_disabled
+- selinux_policytype
+- service_crond_enabled
+- service_firewalld_enabled
 - service_nfs_disabled
-- accounts_minimum_age_login_defs
-- file_permissions_grub2_cfg
-- dconf_gnome_screensaver_user_locks
-- file_permissions_etc_gshadow
-- sshd_enable_warning_banner_net
-- package_dnsmasq_removed
-- file_ownership_sshd_private_key
-- file_permissions_sshd_private_key
-- no_empty_passwords
-- grub2_enable_selinux
-- file_permissions_sshd_pub_key
 - service_nftables_disabled
-- mount_option_var_log_nosuid
-- accounts_password_pam_minlen
-- file_permissions_cron_allow
-- sysctl_net_ipv6_conf_all_accept_source_route
-- file_owner_etc_motd
-- use_pam_wheel_group_for_su
-- rsyslog_filecreatemode
-- sysctl_net_ipv4_conf_all_secure_redirects
-- file_owner_cron_d
-- file_groupowner_sshd_config
-- file_owner_etc_gshadow
-- accounts_password_pam_pwhistory_remember_system_auth
-- file_permissions_etc_issue_net
-- package_nginx_removed
-- dir_perms_world_writable_sticky_bits
-- file_ownership_sshd_pub_key
-- mount_option_var_log_audit_nosuid
-- package_rsyslog_installed
-- accounts_umask_etc_login_defs
-- kernel_module_squashfs_disabled
+- service_rpcbind_disabled
+- service_rsyslog_enabled
+- service_systemd-journald_enabled
+- set_password_hashing_algorithm_libuserconf
+- set_password_hashing_algorithm_logindefs
+- set_password_hashing_algorithm_passwordauth
+- set_password_hashing_algorithm_systemauth
+- socket_systemd-journal-remote_disabled
+- sshd_disable_empty_passwords
+- sshd_disable_gssapi_auth
+- sshd_disable_rhosts
+- sshd_disable_root_login
+- sshd_do_not_permit_user_env
+- sshd_enable_pam
+- sshd_enable_warning_banner_net
+- sshd_limit_user_access
+- sshd_set_idle_timeout
+- sshd_set_keepalive
+- sshd_set_login_grace_time
+- sshd_set_loglevel_verbose
+- sshd_set_max_auth_tries
+- sshd_set_max_sessions
+- sshd_set_maxstartups
+- sshd_use_approved_ciphers
+- sshd_use_strong_kex
+- sshd_use_strong_macs
+- sudo_add_use_pty
+- sudo_custom_logfile
+- sudo_require_reauthentication
 - sysctl_kernel_randomize_va_space
-- accounts_user_dot_no_world_writable_programs
+- sysctl_kernel_yama_ptrace_scope
+- sysctl_net_ipv4_conf_all_accept_redirects
+- sysctl_net_ipv4_conf_all_accept_source_route
+- sysctl_net_ipv4_conf_all_log_martians
 - sysctl_net_ipv4_conf_all_rp_filter
-- sshd_set_max_auth_tries
+- sysctl_net_ipv4_conf_all_secure_redirects
+- sysctl_net_ipv4_conf_all_send_redirects
 - sysctl_net_ipv4_conf_default_accept_redirects
-- package_telnet-server_removed
-- gnome_gdm_disable_xdmcp
-- mount_option_home_nodev
-- file_groupownership_home_directories
-- sshd_disable_root_login
-- mount_option_dev_shm_noexec
-- sysctl_net_ipv6_conf_default_accept_source_route
-- file_permissions_backup_etc_passwd
-- package_cyrus-imapd_removed
-- file_permissions_sshd_config
-- no_netrc_files
-- banner_etc_issue_net
-- journald_forward_to_syslog
-- package_tftp_removed
-- no_empty_passwords_etc_shadow
-- package_dhcp_removed
-- file_groupowner_at_allow
-- mount_option_dev_shm_nodev
-- package_aide_installed
-- file_permissions_cron_monthly
-- mount_option_tmp_noexec
 - sysctl_net_ipv4_conf_default_accept_source_route
-- package_ftp_removed
-- rsyslog_files_ownership
-- accounts_password_last_change_is_in_past
+- sysctl_net_ipv4_conf_default_log_martians
 - sysctl_net_ipv4_conf_default_rp_filter
-- sysctl_net_ipv4_conf_all_log_martians
-- sshd_disable_rhosts
-- dconf_gnome_login_banner_text
-- chronyd_specify_remote_server
-- file_groupowner_etc_group
-- file_groupowner_backup_etc_group
+- sysctl_net_ipv4_conf_default_secure_redirects
 - sysctl_net_ipv4_conf_default_send_redirects
-- file_permissions_backup_etc_group
-- file_groupowner_grub2_cfg
-- banner_etc_issue
-- accounts_umask_etc_profile
-- mount_option_tmp_nodev
-- file_owner_etc_issue
-- package_libselinux_installed
-- service_rpcbind_disabled
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
 - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
-- accounts_root_path_dirs_no_write
-- dconf_gnome_disable_user_list
-- file_owner_cron_weekly
-- gid_passwd_group_same
+- sysctl_net_ipv4_ip_forward
+- sysctl_net_ipv4_tcp_syncookies
+- sysctl_net_ipv6_conf_all_accept_ra
+- sysctl_net_ipv6_conf_all_accept_redirects
+- sysctl_net_ipv6_conf_all_accept_source_route
+- sysctl_net_ipv6_conf_all_forwarding
+- sysctl_net_ipv6_conf_default_accept_ra
 - sysctl_net_ipv6_conf_default_accept_redirects
-- partition_for_tmp
-- mount_option_var_nosuid
-- set_password_hashing_algorithm_passwordauth
-- package_squid_removed
-- sshd_do_not_permit_user_env
-- file_owner_backup_etc_gshadow
-- dconf_gnome_session_idle_user_locks
-- accounts_passwords_pam_faillock_deny
-- accounts_password_set_min_life_existing
-- file_groupowner_cron_daily
-- file_owner_etc_shadow
-- package_openldap-clients_removed
-- account_unique_name
-- sshd_set_idle_timeout
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
-- no_files_unowned_by_user
-- file_groupowner_cron_monthly
-- ensure_gpgcheck_globally_activated
-- firewalld_loopback_traffic_trusted
-- configure_crypto_policy
-- has_nonlocal_mta
-- accounts_root_gid_zero
-- dconf_gnome_banner_enabled
-- accounts_password_warn_age_login_defs
-- accounts_password_set_warn_age_existing
-- aide_periodic_cron_checking
-- file_groupowner_etc_shadow
-- file_groupowner_cron_d
-- file_groupownership_sshd_private_key
-- file_permissions_cron_hourly
+- sysctl_net_ipv6_conf_default_accept_source_route
+- use_pam_wheel_group_for_su
+- var_user_initialization_files_regex=all_dotfiles
 - var_accounts_user_umask=027
 - var_accounts_tmout=15_min
-- var_account_disable_post_pw_expiration=30
+- var_account_disable_post_pw_expiration=45
+- var_password_hashing_algorithm=SHA512
 - var_accounts_password_warn_age_login_defs=7
-- var_accounts_minimum_age_login_defs=1
 - var_accounts_maximum_age_login_defs=365
-- var_password_hashing_algorithm=SHA512
 - var_password_pam_remember_control_flag=requisite_or_required
-- var_password_pam_remember=5
-- var_accounts_passwords_pam_faillock_deny=3
-- var_accounts_passwords_pam_faillock_unlock_time=900
+- var_password_pam_remember=24
+- var_password_pam_dictcheck=1
+- var_password_pam_maxrepeat=3
 - var_password_pam_minclass=4
 - var_password_pam_minlen=14
+- var_password_pam_difok=2
+- var_accounts_passwords_pam_faillock_unlock_time=900
+- var_accounts_passwords_pam_faillock_deny=5
 - var_pam_wheel_group_for_su=cis
-- sshd_idle_timeout_value=15_minutes
-- var_sshd_set_keepalive=1
-- var_sshd_set_login_grace_time=60
 - var_sshd_max_sessions=10
 - var_sshd_set_maxstartups=10:30:60
 - sshd_max_auth_tries_value=4
-- var_nftables_family=inet
-- var_nftables_table=firewalld
+- var_sshd_set_login_grace_time=60
+- sshd_idle_timeout_value=5_minutes
+- var_sshd_set_keepalive=1
+- sshd_strong_macs=cis_rhel9
+- sshd_strong_kex=cis_rhel9
+- sshd_approved_ciphers=cis_rhel9
 - sysctl_net_ipv6_conf_all_accept_ra_value=disabled
 - sysctl_net_ipv6_conf_default_accept_ra_value=disabled
 - sysctl_net_ipv4_tcp_syncookies_value=enabled
-- sysctl_net_ipv4_conf_all_rp_filter_value=enabled
-- sysctl_net_ipv4_conf_default_rp_filter_value=enabled
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
 - sysctl_net_ipv4_conf_all_log_martians_value=enabled
 - sysctl_net_ipv4_conf_default_log_martians_value=enabled
+- sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
+- sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
+- sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv4_conf_all_rp_filter_value=enabled
+- sysctl_net_ipv4_conf_default_rp_filter_value=enabled
 - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled
 - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled
 - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled
 - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled
 - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled
 - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled
-- sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
-- sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
-- sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
-- sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
 - sysctl_net_ipv6_conf_all_forwarding_value=disabled
-- var_postfix_inet_interfaces=loopback-only
 - var_multiple_time_servers=rhel
-- var_system_crypto_policy=default_policy
+- var_postfix_inet_interfaces=loopback-only
 - inactivity_timeout_value=15_minutes
 - var_screensaver_lock_delay=5_seconds
 - remote_login_banner_text=cis_banners
 - login_banner_text=cis_banners
 - motd_banner_text=cis_banners
+- var_system_crypto_policy=default_nosha1
 - var_selinux_policy_name=targeted
 - var_authselect_profile=sssd
 unselected_groups: []
@@ -342,5 +360,4 @@ filter_rules: ''
 policies:
 - cis_rhel9
 title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 1 - Workstation
-definition_location: /home/jcerny/work/git/content/products/rhel9/profiles/cis_workstation_l1.profile
 documentation_complete: true
diff --git a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile
index 6e082b2280a..82f5b6e8414 100644
--- a/tests/data/profile_stability/rhel9/cis_workstation_l2.profile
+++ b/tests/data/profile_stability/rhel9/cis_workstation_l2.profile
@@ -12,418 +12,453 @@ metadata:
     - yuumasato
 reference: https://www.cisecurity.org/benchmark/red_hat_linux/
 selections:
-- sysctl_net_ipv4_conf_all_accept_redirects
-- auditd_data_retention_max_log_file
-- audit_rules_session_events
-- sysctl_net_ipv6_conf_all_accept_redirects
-- audit_rules_login_events_lastlog
-- file_owner_cron_daily
-- ensure_root_password_configured
-- file_owner_backup_etc_shadow
-- audit_rules_dac_modification_lsetxattr
-- audit_rules_networkconfig_modification
-- audit_rules_networkconfig_modification_network_scripts
-- sysctl_net_ipv4_conf_default_log_martians
-- audit_rules_unsuccessful_file_modification_truncate
-- auditd_data_retention_space_left_action
-- audit_sudo_log_events
-- grub2_audit_backlog_limit_argument
-- audit_rules_file_deletion_events_unlinkat
-- file_permissions_home_directories
-- file_permissions_crontab
-- audit_rules_kernel_module_loading_finit
-- sudo_require_reauthentication
-- file_cron_deny_not_exist
-- accounts_no_uid_except_zero
-- disable_host_auth
-- package_tftp-server_removed
-- file_groupowner_backup_etc_gshadow
+- account_disable_post_pw_expiration
+- account_password_pam_faillock_password_auth
+- account_password_pam_faillock_system_auth
 - account_unique_id
-- file_groupowner_etc_motd
-- grub2_password
+- account_unique_name
 - accounts_maximum_age_login_defs
-- file_owner_etc_group
-- audit_rules_execution_setfacl
-- service_crond_enabled
-- file_permissions_backup_etc_gshadow
-- file_owner_crontab
-- sysctl_net_ipv4_tcp_syncookies
-- file_owner_etc_issue_net
-- sshd_set_keepalive
-- set_firewalld_default_zone
+- accounts_minimum_age_login_defs
+- accounts_no_uid_except_zero
+- accounts_password_all_shadowed
+- accounts_password_last_change_is_in_past
+- accounts_password_pam_dictcheck
+- accounts_password_pam_difok
+- accounts_password_pam_enforce_root
+- accounts_password_pam_maxrepeat
+- accounts_password_pam_minclass
+- accounts_password_pam_minlen
+- accounts_password_pam_pwhistory_remember_password_auth
+- accounts_password_pam_pwhistory_remember_system_auth
+- accounts_password_set_max_life_existing
+- accounts_password_set_min_life_existing
+- accounts_password_set_warn_age_existing
+- accounts_password_warn_age_login_defs
+- accounts_passwords_pam_faillock_deny
+- accounts_passwords_pam_faillock_deny_root
+- accounts_passwords_pam_faillock_unlock_time
+- accounts_root_gid_zero
+- accounts_root_path_dirs_no_write
+- accounts_set_post_pw_existing
+- accounts_tmout
 - accounts_umask_etc_bashrc
-- mount_option_var_log_audit_nodev
-- service_auditd_enabled
-- file_permissions_grub2_cfg
+- accounts_umask_etc_login_defs
+- accounts_umask_etc_profile
+- accounts_user_dot_group_ownership
+- accounts_user_dot_no_world_writable_programs
+- accounts_user_dot_user_ownership
+- accounts_user_interactive_home_directory_exists
+- aide_build_database
+- aide_check_audit_tools
+- aide_periodic_cron_checking
+- audit_rules_dac_modification_chmod
+- audit_rules_dac_modification_chown
+- audit_rules_dac_modification_fchmod
+- audit_rules_dac_modification_fchmodat
+- audit_rules_dac_modification_fchown
+- audit_rules_dac_modification_fchownat
+- audit_rules_dac_modification_fremovexattr
+- audit_rules_dac_modification_fsetxattr
+- audit_rules_dac_modification_lchown
+- audit_rules_dac_modification_lremovexattr
+- audit_rules_dac_modification_lsetxattr
+- audit_rules_dac_modification_removexattr
+- audit_rules_dac_modification_setxattr
+- audit_rules_execution_chacl
+- audit_rules_execution_chcon
+- audit_rules_execution_setfacl
+- audit_rules_file_deletion_events_rename
+- audit_rules_file_deletion_events_renameat
+- audit_rules_file_deletion_events_unlink
+- audit_rules_file_deletion_events_unlinkat
+- audit_rules_immutable
+- audit_rules_kernel_module_loading_create
 - audit_rules_kernel_module_loading_delete
-- dconf_gnome_screensaver_user_locks
-- no_empty_passwords
+- audit_rules_kernel_module_loading_finit
+- audit_rules_kernel_module_loading_init
+- audit_rules_kernel_module_loading_query
+- audit_rules_login_events_faillock
+- audit_rules_login_events_lastlog
+- audit_rules_mac_modification
+- audit_rules_mac_modification_usr_share
+- audit_rules_media_export
+- audit_rules_networkconfig_modification
+- audit_rules_networkconfig_modification_network_scripts
+- audit_rules_privileged_commands
+- audit_rules_privileged_commands_kmod
+- audit_rules_privileged_commands_usermod
+- audit_rules_session_events
+- audit_rules_suid_auid_privilege_function
+- audit_rules_sysadmin_actions
 - audit_rules_time_adjtimex
-- accounts_password_pam_minlen
-- audit_rules_dac_modification_fchmodat
-- grub2_audit_argument
-- sysctl_net_ipv4_conf_all_secure_redirects
-- file_groupowner_sshd_config
 - audit_rules_time_clock_settime
-- dir_perms_world_writable_sticky_bits
-- mount_option_var_log_audit_nosuid
-- kernel_module_squashfs_disabled
-- accounts_user_dot_no_world_writable_programs
-- sshd_set_max_auth_tries
-- package_telnet-server_removed
 - audit_rules_time_settimeofday
-- file_groupownership_home_directories
-- sysctl_net_ipv6_conf_default_accept_source_route
-- audit_rules_dac_modification_fsetxattr
-- package_cyrus-imapd_removed
-- file_permissions_sshd_config
-- no_netrc_files
-- audit_rules_immutable
-- mount_option_dev_shm_nodev
-- file_permissions_cron_monthly
-- dconf_gnome_login_banner_text
-- chronyd_specify_remote_server
-- sysctl_net_ipv4_conf_default_send_redirects
-- file_permissions_backup_etc_group
-- audit_rules_dac_modification_fchownat
-- kernel_module_usb-storage_disabled
-- mount_option_tmp_nodev
+- audit_rules_time_watch_localtime
+- audit_rules_unsuccessful_file_modification_creat
+- audit_rules_unsuccessful_file_modification_ftruncate
+- audit_rules_unsuccessful_file_modification_open
+- audit_rules_unsuccessful_file_modification_openat
+- audit_rules_unsuccessful_file_modification_truncate
+- audit_rules_usergroup_modification_group
 - audit_rules_usergroup_modification_gshadow
-- gid_passwd_group_same
-- sysctl_net_ipv6_conf_default_accept_redirects
-- set_password_hashing_algorithm_passwordauth
-- dconf_gnome_session_idle_user_locks
-- sudo_require_authentication
-- accounts_password_set_min_life_existing
-- kernel_module_tipc_disabled
-- dconf_gnome_banner_enabled
-- sysctl_net_ipv4_conf_default_secure_redirects
-- file_groupowner_cron_d
 - audit_rules_usergroup_modification_opasswd
-- audit_rules_mac_modification_usr_share
-- accounts_passwords_pam_faillock_unlock_time
-- file_owner_grub2_cfg
-- audit_rules_kernel_module_loading_query
-- no_shelllogin_for_systemaccounts
-- file_owner_cron_allow
-- dconf_gnome_screensaver_idle_delay
-- directory_permissions_var_log_audit
-- package_samba_removed
-- sshd_set_loglevel_verbose
-- audit_rules_time_stime
-- accounts_user_interactive_home_directory_exists
-- accounts_tmout
-- file_groupowner_backup_etc_shadow
-- file_owner_etc_passwd
-- mount_option_var_tmp_nodev
-- partition_for_home
-- audit_rules_file_deletion_events_rename
-- package_rsync_removed
-- accounts_password_pam_retry
-- chronyd_run_as_chrony_user
-- file_permissions_cron_weekly
-- file_permissions_etc_group
-- file_permissions_ungroupowned
-- aide_build_database
-- accounts_password_all_shadowed
-- set_nftables_table
-- file_permissions_etc_motd
-- set_password_hashing_algorithm_logindefs
-- mount_option_tmp_nosuid
-- service_firewalld_enabled
-- rsyslog_nolisten
-- accounts_password_pam_pwhistory_remember_password_auth
-- package_net-snmp_removed
-- coredump_disable_backtraces
-- partition_for_dev_shm
+- audit_rules_usergroup_modification_passwd
+- audit_rules_usergroup_modification_shadow
+- audit_sudo_log_events
+- auditd_data_disk_error_action
+- auditd_data_disk_full_action
+- auditd_data_retention_action_mail_acct
 - auditd_data_retention_admin_space_left_action
+- auditd_data_retention_max_log_file
+- auditd_data_retention_max_log_file_action
+- auditd_data_retention_space_left_action
+- banner_etc_issue
+- banner_etc_issue_net
+- banner_etc_motd
+- chronyd_run_as_chrony_user
+- chronyd_specify_remote_server
+- configure_crypto_policy
 - configure_ssh_crypto_policy
+- coredump_disable_backtraces
+- coredump_disable_storage
+- dconf_db_up_to_date
+- dconf_gnome_banner_enabled
+- dconf_gnome_disable_automount
+- dconf_gnome_disable_automount_open
+- dconf_gnome_disable_autorun
+- dconf_gnome_disable_user_list
+- dconf_gnome_login_banner_text
+- dconf_gnome_screensaver_idle_delay
+- dconf_gnome_screensaver_lock_delay
+- dconf_gnome_screensaver_user_locks
+- dconf_gnome_session_idle_user_locks
+- dir_perms_world_writable_sticky_bits
+- directory_permissions_var_log_audit
+- disable_host_auth
+- enable_authselect
+- ensure_gpgcheck_globally_activated
 - ensure_pam_wheel_group_empty
-- package_vsftpd_removed
-- auditd_data_retention_max_log_file_action
-- sshd_disable_x11_forwarding
-- sshd_enable_pam
-- audit_rules_kernel_module_loading_init
-- audit_rules_time_watch_localtime
-- package_dnsmasq_removed
-- sshd_enable_warning_banner_net
-- file_permissions_sshd_pub_key
-- file_permissions_cron_allow
-- file_owner_etc_motd
-- rsyslog_filecreatemode
-- file_owner_cron_d
-- audit_rules_unsuccessful_file_modification_open
-- accounts_umask_etc_login_defs
-- mount_option_home_nodev
-- mount_option_dev_shm_noexec
-- audit_rules_usergroup_modification_group
-- audit_rules_dac_modification_removexattr
-- audit_rules_dac_modification_setxattr
-- journald_forward_to_syslog
-- audit_rules_execution_chcon
-- audit_rules_dac_modification_lremovexattr
-- package_ftp_removed
-- accounts_password_last_change_is_in_past
-- sysctl_net_ipv4_conf_default_rp_filter
-- sysctl_net_ipv4_conf_all_log_martians
+- ensure_root_password_configured
+- file_at_deny_not_exist
+- file_cron_allow_exists
+- file_cron_deny_not_exist
+- file_etc_security_opasswd
+- file_group_ownership_var_log_audit
+- file_groupowner_at_allow
+- file_groupowner_backup_etc_group
+- file_groupowner_backup_etc_gshadow
+- file_groupowner_backup_etc_passwd
+- file_groupowner_backup_etc_shadow
+- file_groupowner_cron_allow
+- file_groupowner_cron_d
+- file_groupowner_cron_daily
+- file_groupowner_cron_hourly
+- file_groupowner_cron_monthly
+- file_groupowner_cron_weekly
+- file_groupowner_crontab
 - file_groupowner_etc_group
-- package_libselinux_installed
-- file_owner_cron_weekly
-- mount_option_var_nosuid
-- file_owner_etc_shadow
-- account_unique_name
-- sshd_set_idle_timeout
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
-- audit_rules_dac_modification_chown
-- has_nonlocal_mta
-- accounts_password_warn_age_login_defs
-- mount_option_var_log_nosuid
-- file_groupowner_etc_shadow
-- file_permissions_cron_hourly
-- coredump_disable_storage
-- auditd_data_retention_action_mail_acct
 - file_groupowner_etc_gshadow
-- audit_rules_unsuccessful_file_modification_ftruncate
-- no_rsh_trust_files
-- rsyslog_files_permissions
-- account_password_pam_faillock_system_auth
-- mount_option_var_tmp_noexec
-- mount_option_var_nodev
-- audit_rules_privileged_commands_kmod
-- audit_rules_sysadmin_actions
 - file_groupowner_etc_issue
+- file_groupowner_etc_issue_net
+- file_groupowner_etc_motd
+- file_groupowner_etc_passwd
+- file_groupowner_etc_shadow
+- file_groupowner_etc_shells
+- file_groupowner_grub2_cfg
+- file_groupowner_sshd_config
+- file_groupowner_user_cfg
+- file_groupownership_audit_binaries
+- file_groupownership_audit_configuration
+- file_groupownership_sshd_private_key
+- file_groupownership_sshd_pub_key
 - file_owner_backup_etc_group
-- file_permissions_cron_daily
-- file_groupowner_backup_etc_passwd
-- set_password_hashing_algorithm_systemauth
-- sshd_set_max_sessions
-- journald_compress
-- package_sudo_installed
+- file_owner_backup_etc_gshadow
 - file_owner_backup_etc_passwd
-- audit_rules_login_events_faillock
-- file_groupowner_etc_passwd
-- package_firewalld_installed
-- file_permissions_unauthorized_world_writable
-- sysctl_net_ipv4_conf_all_accept_source_route
-- audit_rules_dac_modification_fchown
-- file_at_deny_not_exist
-- mount_option_home_nosuid
-- file_permissions_var_log_audit
-- mount_option_dev_shm_nosuid
+- file_owner_backup_etc_shadow
+- file_owner_cron_allow
+- file_owner_cron_d
+- file_owner_cron_daily
+- file_owner_cron_hourly
+- file_owner_cron_monthly
+- file_owner_cron_weekly
+- file_owner_crontab
+- file_owner_etc_group
+- file_owner_etc_gshadow
+- file_owner_etc_issue
+- file_owner_etc_issue_net
+- file_owner_etc_motd
+- file_owner_etc_passwd
+- file_owner_etc_shadow
+- file_owner_etc_shells
+- file_owner_grub2_cfg
+- file_owner_sshd_config
 - file_owner_user_cfg
-- sysctl_net_ipv6_conf_all_forwarding
-- audit_rules_mac_modification
-- file_permissions_cron_d
-- dconf_db_up_to_date
-- sysctl_net_ipv4_ip_forward
-- audit_rules_usergroup_modification_passwd
-- accounts_password_pam_minclass
-- service_rsyslog_enabled
-- sshd_set_maxstartups
-- file_groupowner_cron_allow
-- sudo_add_use_pty
-- sysctl_net_ipv6_conf_all_accept_ra
-- package_httpd_removed
-- audit_rules_dac_modification_lchown
-- audit_rules_kernel_module_loading_create
-- group_unique_id
-- file_cron_allow_exists
-- file_groupowner_user_cfg
-- dconf_gnome_disable_automount
-- package_bind_removed
-- file_groupowner_cron_weekly
-- socket_systemd-journal-remote_disabled
-- enable_authselect
-- kernel_module_udf_disabled
-- file_groupowner_etc_issue_net
-- sysctl_net_ipv6_conf_default_accept_ra
-- sysctl_net_ipv4_conf_all_send_redirects
-- account_password_pam_faillock_password_auth
-- banner_etc_motd
-- file_permissions_backup_etc_shadow
-- journald_storage
-- sudo_custom_logfile
-- audit_rules_dac_modification_fchmod
-- account_disable_post_pw_expiration
-- aide_check_audit_tools
+- file_ownership_audit_binaries
 - file_ownership_audit_configuration
-- selinux_state
-- service_nfs_disabled
-- partition_for_var_tmp
-- grub2_enable_selinux
-- service_nftables_disabled
-- use_pam_wheel_group_for_su
-- file_permissions_audit_configuration
-- package_nginx_removed
-- accounts_password_pam_pwhistory_remember_system_auth
-- file_permissions_etc_issue_net
+- file_ownership_sshd_private_key
 - file_ownership_sshd_pub_key
-- file_ownership_audit_binaries
-- sysctl_net_ipv4_conf_all_rp_filter
-- sysctl_net_ipv4_conf_default_accept_redirects
-- file_permissions_backup_etc_passwd
 - file_ownership_var_log_audit_stig
-- package_tftp_removed
-- file_groupownership_audit_binaries
-- no_empty_passwords_etc_shadow
-- package_dhcp_removed
-- file_groupowner_at_allow
-- package_aide_installed
-- mount_option_tmp_noexec
-- sshd_disable_rhosts
+- file_permission_user_init_files
+- file_permissions_at_allow
 - file_permissions_audit_binaries
-- service_rpcbind_disabled
-- accounts_umask_etc_profile
-- file_owner_etc_issue
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
-- accounts_root_path_dirs_no_write
-- package_squid_removed
-- file_groupowner_cron_daily
-- package_openldap-clients_removed
-- partition_for_var_log
-- audit_rules_suid_auid_privilege_function
-- file_groupowner_cron_monthly
-- ensure_gpgcheck_globally_activated
-- configure_crypto_policy
-- aide_periodic_cron_checking
+- file_permissions_audit_configuration
+- file_permissions_backup_etc_group
+- file_permissions_backup_etc_gshadow
+- file_permissions_backup_etc_passwd
+- file_permissions_backup_etc_shadow
+- file_permissions_cron_allow
+- file_permissions_cron_d
+- file_permissions_cron_daily
+- file_permissions_cron_hourly
+- file_permissions_cron_monthly
+- file_permissions_cron_weekly
+- file_permissions_crontab
+- file_permissions_etc_group
+- file_permissions_etc_gshadow
+- file_permissions_etc_issue
+- file_permissions_etc_issue_net
+- file_permissions_etc_motd
 - file_permissions_etc_passwd
-- file_groupownership_sshd_private_key
-- package_dovecot_removed
+- file_permissions_etc_shadow
+- file_permissions_etc_shells
+- file_permissions_grub2_cfg
+- file_permissions_home_directories
+- file_permissions_sshd_config
+- file_permissions_sshd_private_key
+- file_permissions_sshd_pub_key
+- file_permissions_unauthorized_world_writable
+- file_permissions_ungroupowned
+- file_permissions_user_cfg
+- file_permissions_var_log_audit
 - firewalld_loopback_traffic_restricted
-- mount_option_var_log_nodev
+- firewalld_loopback_traffic_trusted
+- gid_passwd_group_same
+- gnome_gdm_disable_xdmcp
+- group_unique_id
+- grub2_audit_argument
+- grub2_audit_backlog_limit_argument
+- grub2_enable_selinux
+- grub2_password
+- has_nonlocal_mta
+- journald_compress
+- journald_forward_to_syslog
+- journald_storage
+- kernel_module_cramfs_disabled
+- kernel_module_dccp_disabled
+- kernel_module_freevxfs_disabled
+- kernel_module_hfs_disabled
+- kernel_module_hfsplus_disabled
+- kernel_module_jffs2_disabled
+- kernel_module_rds_disabled
+- kernel_module_sctp_disabled
+- kernel_module_squashfs_disabled
+- kernel_module_tipc_disabled
+- kernel_module_udf_disabled
+- kernel_module_usb-storage_disabled
+- mount_option_dev_shm_nodev
+- mount_option_dev_shm_noexec
+- mount_option_dev_shm_nosuid
+- mount_option_home_nodev
+- mount_option_home_nosuid
+- mount_option_tmp_nodev
+- mount_option_tmp_noexec
+- mount_option_tmp_nosuid
+- mount_option_var_log_audit_nodev
 - mount_option_var_log_audit_noexec
-- sshd_set_login_grace_time
-- file_owner_cron_hourly
-- dconf_gnome_disable_automount_open
-- selinux_not_disabled
-- service_systemd-journald_enabled
-- package_nftables_installed
+- mount_option_var_log_audit_nosuid
+- mount_option_var_log_nodev
 - mount_option_var_log_noexec
-- partition_for_var
-- package_mcstrans_removed
-- sshd_limit_user_access
-- root_path_no_dot
-- file_permissions_at_allow
-- file_permissions_etc_shadow
+- mount_option_var_log_nosuid
+- mount_option_var_nodev
+- mount_option_var_nosuid
+- mount_option_var_tmp_nodev
+- mount_option_var_tmp_noexec
 - mount_option_var_tmp_nosuid
-- package_telnet_removed
-- file_groupowner_crontab
-- selinux_confinement_of_daemons
-- dconf_gnome_disable_autorun
-- accounts_password_set_max_life_existing
-- package_audit_installed
-- sshd_disable_empty_passwords
-- audit_rules_execution_chacl
-- audit_rules_file_deletion_events_renameat
-- audit_rules_privileged_commands_usermod
-- accounts_set_post_pw_existing
-- file_groupowner_cron_hourly
-- file_owner_sshd_config
-- file_owner_cron_monthly
-- no_password_auth_for_systemaccounts
-- audit_rules_privileged_commands
-- file_permissions_etc_issue
+- no_empty_passwords
+- no_empty_passwords_etc_shadow
+- no_files_unowned_by_user
 - no_forward_files
-- selinux_policytype
-- file_permissions_user_cfg
-- dconf_gnome_screensaver_lock_delay
-- audit_rules_usergroup_modification_shadow
-- sshd_disable_tcp_forwarding
-- file_groupownership_sshd_pub_key
-- audit_rules_file_deletion_events_unlink
+- no_netrc_files
+- no_password_auth_for_systemaccounts
+- no_rsh_trust_files
+- no_shelllogin_for_systemaccounts
+- package_aide_installed
+- package_audit-libs_installed
+- package_audit_installed
+- package_bind_removed
+- package_cyrus-imapd_removed
+- package_dhcp_removed
+- package_dnsmasq_removed
+- package_dovecot_removed
+- package_firewalld_installed
+- package_ftp_removed
+- package_httpd_removed
+- package_libselinux_installed
+- package_mcstrans_removed
+- package_net-snmp_removed
+- package_nftables_installed
+- package_nginx_removed
+- package_openldap-clients_removed
+- package_pam_pwquality_installed
+- package_rsync_removed
+- package_rsyslog_installed
+- package_samba_removed
+- package_squid_removed
+- package_sudo_installed
+- package_systemd-journal-remote_installed
+- package_telnet-server_removed
+- package_telnet_removed
+- package_tftp-server_removed
+- package_tftp_removed
+- package_vsftpd_removed
+- package_xinetd_removed
+- package_ypbind_removed
+- package_ypserv_removed
+- partition_for_dev_shm
+- partition_for_home
+- partition_for_tmp
+- partition_for_var
+- partition_for_var_log
+- partition_for_var_log_audit
+- partition_for_var_tmp
 - postfix_network_listening_disabled
+- root_path_no_dot
+- rsyslog_filecreatemode
 - rsyslog_files_groupownership
-- accounts_minimum_age_login_defs
-- file_permissions_etc_gshadow
-- file_ownership_sshd_private_key
-- file_permissions_sshd_private_key
-- sysctl_net_ipv6_conf_all_accept_source_route
-- file_owner_etc_gshadow
-- package_rsyslog_installed
-- sysctl_kernel_randomize_va_space
-- audit_rules_dac_modification_chmod
-- gnome_gdm_disable_xdmcp
-- sshd_disable_root_login
-- file_groupownership_audit_configuration
-- file_group_ownership_var_log_audit
-- audit_rules_unsuccessful_file_modification_openat
-- banner_etc_issue_net
-- audit_rules_media_export
-- sysctl_net_ipv4_conf_default_accept_source_route
 - rsyslog_files_ownership
-- file_groupowner_backup_etc_group
-- file_groupowner_grub2_cfg
-- banner_etc_issue
-- dconf_gnome_disable_user_list
-- partition_for_tmp
+- rsyslog_files_permissions
+- rsyslog_nolisten
+- selinux_not_disabled
+- selinux_policytype
+- selinux_state
+- service_auditd_enabled
+- service_autofs_disabled
+- service_bluetooth_disabled
+- service_crond_enabled
+- service_firewalld_enabled
+- service_nfs_disabled
+- service_nftables_disabled
+- service_rpcbind_disabled
+- service_rsyslog_enabled
+- service_systemd-journald_enabled
+- set_password_hashing_algorithm_libuserconf
+- set_password_hashing_algorithm_logindefs
+- set_password_hashing_algorithm_passwordauth
+- set_password_hashing_algorithm_systemauth
+- socket_systemd-journal-remote_disabled
+- sshd_disable_empty_passwords
+- sshd_disable_gssapi_auth
+- sshd_disable_rhosts
+- sshd_disable_root_login
 - sshd_do_not_permit_user_env
-- file_owner_backup_etc_gshadow
-- accounts_passwords_pam_faillock_deny
-- no_files_unowned_by_user
-- audit_rules_dac_modification_fremovexattr
-- firewalld_loopback_traffic_trusted
-- partition_for_var_log_audit
-- accounts_root_gid_zero
-- audit_rules_unsuccessful_file_modification_creat
-- accounts_password_set_warn_age_existing
+- sshd_enable_pam
+- sshd_enable_warning_banner_net
+- sshd_limit_user_access
+- sshd_set_idle_timeout
+- sshd_set_keepalive
+- sshd_set_login_grace_time
+- sshd_set_loglevel_verbose
+- sshd_set_max_auth_tries
+- sshd_set_max_sessions
+- sshd_set_maxstartups
+- sshd_use_approved_ciphers
+- sshd_use_strong_kex
+- sshd_use_strong_macs
+- sudo_add_use_pty
+- sudo_custom_logfile
+- sudo_require_authentication
+- sudo_require_reauthentication
+- sysctl_kernel_randomize_va_space
+- sysctl_kernel_yama_ptrace_scope
+- sysctl_net_ipv4_conf_all_accept_redirects
+- sysctl_net_ipv4_conf_all_accept_source_route
+- sysctl_net_ipv4_conf_all_log_martians
+- sysctl_net_ipv4_conf_all_rp_filter
+- sysctl_net_ipv4_conf_all_secure_redirects
+- sysctl_net_ipv4_conf_all_send_redirects
+- sysctl_net_ipv4_conf_default_accept_redirects
+- sysctl_net_ipv4_conf_default_accept_source_route
+- sysctl_net_ipv4_conf_default_log_martians
+- sysctl_net_ipv4_conf_default_rp_filter
+- sysctl_net_ipv4_conf_default_secure_redirects
+- sysctl_net_ipv4_conf_default_send_redirects
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+- sysctl_net_ipv4_ip_forward
+- sysctl_net_ipv4_tcp_syncookies
+- sysctl_net_ipv6_conf_all_accept_ra
+- sysctl_net_ipv6_conf_all_accept_redirects
+- sysctl_net_ipv6_conf_all_accept_source_route
+- sysctl_net_ipv6_conf_all_forwarding
+- sysctl_net_ipv6_conf_default_accept_ra
+- sysctl_net_ipv6_conf_default_accept_redirects
+- sysctl_net_ipv6_conf_default_accept_source_route
+- use_pam_wheel_group_for_su
+- var_user_initialization_files_regex=all_dotfiles
 - var_accounts_user_umask=027
 - var_accounts_tmout=15_min
-- var_account_disable_post_pw_expiration=30
+- var_account_disable_post_pw_expiration=45
+- var_password_hashing_algorithm=SHA512
 - var_accounts_password_warn_age_login_defs=7
-- var_accounts_minimum_age_login_defs=1
 - var_accounts_maximum_age_login_defs=365
-- var_password_hashing_algorithm=SHA512
 - var_password_pam_remember_control_flag=requisite_or_required
-- var_password_pam_remember=5
-- var_accounts_passwords_pam_faillock_deny=3
-- var_accounts_passwords_pam_faillock_unlock_time=900
+- var_password_pam_remember=24
+- var_password_pam_dictcheck=1
+- var_password_pam_maxrepeat=3
 - var_password_pam_minclass=4
 - var_password_pam_minlen=14
+- var_password_pam_difok=2
+- var_accounts_passwords_pam_faillock_unlock_time=900
+- var_accounts_passwords_pam_faillock_deny=5
 - var_pam_wheel_group_for_su=cis
-- sshd_idle_timeout_value=15_minutes
-- var_sshd_set_keepalive=1
-- var_sshd_set_login_grace_time=60
 - var_sshd_max_sessions=10
 - var_sshd_set_maxstartups=10:30:60
 - sshd_max_auth_tries_value=4
-- var_nftables_family=inet
-- var_nftables_table=firewalld
+- var_sshd_set_login_grace_time=60
+- sshd_idle_timeout_value=5_minutes
+- var_sshd_set_keepalive=1
+- sshd_strong_macs=cis_rhel9
+- sshd_strong_kex=cis_rhel9
+- sshd_approved_ciphers=cis_rhel9
 - sysctl_net_ipv6_conf_all_accept_ra_value=disabled
 - sysctl_net_ipv6_conf_default_accept_ra_value=disabled
 - sysctl_net_ipv4_tcp_syncookies_value=enabled
-- sysctl_net_ipv4_conf_all_rp_filter_value=enabled
-- sysctl_net_ipv4_conf_default_rp_filter_value=enabled
-- sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
-- sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
 - sysctl_net_ipv4_conf_all_log_martians_value=enabled
 - sysctl_net_ipv4_conf_default_log_martians_value=enabled
+- sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
+- sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
+- sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv4_conf_all_rp_filter_value=enabled
+- sysctl_net_ipv4_conf_default_rp_filter_value=enabled
 - sysctl_net_ipv4_conf_all_secure_redirects_value=disabled
 - sysctl_net_ipv4_conf_default_secure_redirects_value=disabled
 - sysctl_net_ipv4_conf_all_accept_redirects_value=disabled
 - sysctl_net_ipv4_conf_default_accept_redirects_value=disabled
 - sysctl_net_ipv6_conf_all_accept_redirects_value=disabled
 - sysctl_net_ipv6_conf_default_accept_redirects_value=disabled
-- sysctl_net_ipv4_conf_all_accept_source_route_value=disabled
-- sysctl_net_ipv4_conf_default_accept_source_route_value=disabled
-- sysctl_net_ipv6_conf_all_accept_source_route_value=disabled
-- sysctl_net_ipv6_conf_default_accept_source_route_value=disabled
+- sysctl_net_ipv4_icmp_echo_ignore_broadcasts_value=enabled
+- sysctl_net_ipv4_icmp_ignore_bogus_error_responses_value=enabled
 - sysctl_net_ipv6_conf_all_forwarding_value=disabled
-- var_postfix_inet_interfaces=loopback-only
 - var_multiple_time_servers=rhel
-- var_system_crypto_policy=default_policy
+- var_postfix_inet_interfaces=loopback-only
 - inactivity_timeout_value=15_minutes
 - var_screensaver_lock_delay=5_seconds
 - remote_login_banner_text=cis_banners
 - login_banner_text=cis_banners
 - motd_banner_text=cis_banners
+- var_system_crypto_policy=default_nosha1
 - var_selinux_policy_name=targeted
 - var_authselect_profile=sssd
 - var_accounts_passwords_pam_faillock_dir=run
 - var_auditd_action_mail_acct=root
-- var_auditd_admin_space_left_action=halt
-- var_auditd_space_left_action=email
+- var_auditd_admin_space_left_action=cis_rhel9
+- var_auditd_space_left_action=cis_rhel9
+- var_auditd_disk_error_action=cis_rhel9
+- var_auditd_disk_full_action=cis_rhel9
 - var_auditd_max_log_file_action=keep_logs
 - var_auditd_max_log_file=6
+- var_accounts_minimum_age_login_defs=1
 - var_selinux_state=enforcing
 unselected_groups: []
 platforms: !!set {}
@@ -433,5 +468,4 @@ filter_rules: ''
 policies:
 - cis_rhel9
 title: CIS Red Hat Enterprise Linux 9 Benchmark for Level 2 - Workstation
-definition_location: /home/jcerny/work/git/content/products/rhel9/profiles/cis_workstation_l2.profile
 documentation_complete: true