diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/rule.yml
index e13d154b6d7..ad687639d5f 100644
--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/rule.yml
+++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/rule.yml
@@ -3,7 +3,6 @@ documentation_complete: true
title: 'Verify Group Ownership on SSH Server Private *_key Key Files'
{{% set dedicated_ssh_groupname = groups.get("dedicated_ssh_keyowner", {}).get("name") %}}
-{{% set dedicated_ssh_groupid = groups.get("dedicated_ssh_keyowner", {}).get("id") %}}
description: |-
SSH server private keys, files that match the /etc/ssh/*_key
glob, must be
@@ -36,4 +35,4 @@ template:
- /etc/ssh/
file_regex:
- ^.*_key$
- filegid: '{{{ dedicated_ssh_groupid if dedicated_ssh_groupid else '0' }}}'
+ filegid: '{{{ dedicated_ssh_groupname if dedicated_ssh_groupname else '0' }}}'
diff --git a/products/rhel7/product.yml b/products/rhel7/product.yml
index 816a79c9857..83c9f17e43a 100644
--- a/products/rhel7/product.yml
+++ b/products/rhel7/product.yml
@@ -27,7 +27,6 @@ audisp_conf_path: "/etc/audisp"
groups:
dedicated_ssh_keyowner:
name: ssh_keys
- id: "997"
cpes_root: "../../shared/applicability"
cpes:
diff --git a/products/rhel8/product.yml b/products/rhel8/product.yml
index 13b5f8839c7..447f68d3550 100644
--- a/products/rhel8/product.yml
+++ b/products/rhel8/product.yml
@@ -27,7 +27,6 @@ grub2_uefi_boot_path: "/boot/efi/EFI/redhat"
groups:
dedicated_ssh_keyowner:
name: ssh_keys
- id: "995"
faillock_path: "/var/log/faillock"
diff --git a/products/rhel9/product.yml b/products/rhel9/product.yml
index 378182af94d..050c3dc7f5e 100644
--- a/products/rhel9/product.yml
+++ b/products/rhel9/product.yml
@@ -18,7 +18,6 @@ grub2_uefi_boot_path: "/boot/grub2"
groups:
dedicated_ssh_keyowner:
name: ssh_keys
- id: "996"
sshd_distributed_config: "true"
diff --git a/shared/templates/file_groupowner/oval.template b/shared/templates/file_groupowner/oval.template
index ed760c6cbf7..77ed73a3343 100644
--- a/shared/templates/file_groupowner/oval.template
+++ b/shared/templates/file_groupowner/oval.template
@@ -38,11 +38,34 @@
+ {{%- if FILEGID == '0' %}}
{{{ FILEGID }}}
+ {{%- else %}}
+
+ {{%- endif %}}
{{% endfor %}}
symbolic link
+
+ {{%- if FILEGID != '0' %}}
+
+ {{%- if product != 'rhcos4' -%}}
+ /etc/group
+ {{%- else %}}
+ {{# CoreOS doesn't list all groups in /etc/group - that's probably related to the FS immutability #}}
+ /usr/lib/group
+ {{%- endif %}}
+ ^{{{ FILEGID }}}:\w+:(\w+):.*
+ 1
+
+
+
+
+
+
+ {{%- endif %}}