[OL9 STIG V2R3] Add stigid@ol9 — Kernel Modules (8 rules)

[hdean3]

Summary

Add stigid@ol9 annotations to 8 kernel module disable rules, mapping them to their Oracle Linux 9 STIG V2R3 (V2R3) control IDs.

Control ID	Rule	Title
OL09-00-000040	kernel_module_atm_disabled	Disable ATM Support
OL09-00-000041	kernel_module_can_disabled	Disable CAN Support
OL09-00-000042	kernel_module_firewire-core_disabled	Disable FireWire Support
OL09-00-000043	kernel_module_sctp_disabled	Disable SCTP Support
OL09-00-000044	kernel_module_tipc_disabled	Disable TIPC Support
OL09-00-000045	kernel_module_cramfs_disabled	Disable cramfs
OL09-00-000046	kernel_module_bluetooth_disabled	Disable Bluetooth
OL09-00-000047	kernel_module_usb-storage_disabled	Disable USB Mass Storage

Each stigid@ol9 line is placed immediately after the existing stigid@ol8 entry, following the established pattern used by other STIG product annotations in this repository.

Testing

• Control IDs cross-checked against controls/stig_ol9.yml — all 8 map correctly
• yamllint -c .yamllint controls/stig_ol9.yml — CLEAN (controls file unchanged)
• Changes are stigid@ reference additions only — no logic, no template changes

[openshift-ci]

Hi @hdean3. Thanks for your PR.

I'm waiting for a ComplianceAsCode member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[hdean3]

Closing — confirmed Ubuntu 24.04 and OL9 use the controls-based stigid injection (reference_type: stigid in stig_ol9.yml + ol9 reference_uris). The build system raises ValueError when rule.yml also contains stigid references. The controls system already provides complete stigid@ol9 coverage in compiled SCAP output — no rule.yml patches needed for this distro. Verified via CI failure on PR #14491 and build log analysis of ssg/controls.py _check_conflict_in_rules().