diff --git a/components/apt.yml b/components/apt.yml
index 8148a2d7df81..1b76de83aa4a 100644
--- a/components/apt.yml
+++ b/components/apt.yml
@@ -28,3 +28,4 @@ rules:
- file_permissions_apt_auth_conf_d
- file_permissions_apt_gpg_keys
- file_permissions_apt_sources_list_d
+- package_unattended-upgrades_installed
diff --git a/linux_os/guide/system/software/updating/package_unattended-upgrades_installed/rule.yml b/linux_os/guide/system/software/updating/package_unattended-upgrades_installed/rule.yml
new file mode 100644
index 000000000000..1dcc6e9b4181
--- /dev/null
+++ b/linux_os/guide/system/software/updating/package_unattended-upgrades_installed/rule.yml
@@ -0,0 +1,27 @@
+documentation_complete: true
+
+
+title: 'Install unattended-upgrades Package'
+
+description: |-
+ {{{ describe_package_install(package="unattended-upgrades") }}}
+
+rationale: |-
+ unattended-upgrades automatically installs security (and optionally
+ other) updates on Debian-based systems, providing the same
+ automatic-patching capability as dnf-automatic on Red Hat systems.
+
+severity: medium
+
+references:
+ ospp: FPT_TUD_EXT.1,FPT_TUD_EXT.2
+ srg: SRG-OS-000191-GPOS-00080
+
+{{{ complete_ocil_entry_package_installed("unattended-upgrades") }}}
+
+platform: not bootc and not container
+
+template:
+ name: package_installed
+ vars:
+ pkgname: unattended-upgrades
diff --git a/products/ubuntu2204/profiles/e8.profile b/products/ubuntu2204/profiles/e8.profile
new file mode 100644
index 000000000000..16bc0223d897
--- /dev/null
+++ b/products/ubuntu2204/profiles/e8.profile
@@ -0,0 +1,78 @@
+---
+documentation_complete: true
+
+metadata:
+ SMEs:
+ - ndfivegn
+
+reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
+
+title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
+
+description: |-
+ This profile contains configuration checks for Ubuntu 22.04
+ that align to the Australian Cyber Security Centre (ACSC) Essential Eight.
+
+ A copy of the Essential Eight in Linux Environments guide can be found at the
+ ACSC website:
+
+ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
+
+selections:
+ - e8:all
+
+ # The e8 control file maps each requirement to Red Hat Enterprise Linux
+ # rules. The unselections below drop rules that are not applicable to Ubuntu
+ # (SELinux, RPM, dnf/yum, authselect, firewalld, system-wide crypto-policies),
+ # and the additions re-cover the same control areas with their Ubuntu
+ # equivalents (AppArmor, ufw, apt) so coverage parity with the RHEL/OL e8
+ # profile is preserved.
+
+ ### Application control (fapolicyd -> AppArmor)
+ - '!package_fapolicyd_installed'
+ - '!service_fapolicyd_enabled'
+ - package_apparmor_installed
+ - all_apparmor_profiles_enforced
+
+ ### Network firewall (firewalld -> ufw)
+ - '!package_firewalld_installed'
+ - '!service_firewalld_enabled'
+ - package_ufw_installed
+ - service_ufw_enabled
+
+ ### Package authenticity (dnf/yum gpgcheck -> apt)
+ - '!ensure_redhat_gpgkey_installed'
+ - '!ensure_gpgcheck_globally_activated'
+ - '!ensure_gpgcheck_local_packages'
+ - '!ensure_gpgcheck_never_disabled'
+ - '!package_sequoia-sq_installed'
+ - apt_conf_disallow_unauthenticated
+
+ ### Automatic patching (dnf-automatic -> unattended-upgrades)
+ - '!dnf-automatic_security_updates_only'
+ - package_unattended-upgrades_installed
+
+ ### Mandatory access control (SELinux -> AppArmor, covered above)
+ - '!selinux_state'
+ - '!selinux_policytype'
+ - '!audit_rules_execution_restorecon'
+ - '!audit_rules_execution_semanage'
+ - '!audit_rules_execution_setsebool'
+ - '!audit_rules_execution_setfiles'
+ - '!audit_rules_execution_seunshare'
+
+ ### RPM-based integrity verification (no dpkg equivalent rule upstream)
+ - '!rpm_verify_hashes'
+ - '!rpm_verify_permissions'
+ - '!rpm_verify_ownership'
+ - '!file_permissions_unauthorized_sgid'
+ - '!file_permissions_unauthorized_suid'
+
+ ### System-wide crypto policy / authselect (RHEL-only mechanisms)
+ - '!configure_crypto_policy'
+ - '!configure_ssh_crypto_policy'
+ - '!enable_authselect'
+
+ ### RHEL-only kernel sysctl / legacy lockout audit
+ - '!sysctl_kernel_exec_shield'
+ - '!audit_rules_login_events_tallylog'
diff --git a/products/ubuntu2204/profiles/ism_o.profile b/products/ubuntu2204/profiles/ism_o.profile
new file mode 100644
index 000000000000..9034119307b4
--- /dev/null
+++ b/products/ubuntu2204/profiles/ism_o.profile
@@ -0,0 +1,140 @@
+---
+documentation_complete: true
+
+metadata:
+ SMEs:
+ - ndfivegn
+
+reference: https://www.cyber.gov.au/ism
+
+title: 'Australian Cyber Security Centre (ACSC) ISM Official'
+
+description: |-
+ This profile contains configuration checks for Ubuntu 22.04
+ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM)
+ with the applicability marking of OFFICIAL.
+
+ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
+ Ubuntu security controls with the ISM, which can be used to select controls
+ specific to an organisation's security posture and risk profile.
+
+ A copy of the ISM can be found at the ACSC website:
+
+ https://www.cyber.gov.au/ism
+
+selections:
+ # The ISM Official baseline includes the ACSC Essential Eight. This profile
+ # is self-contained: it selects all rules from both the e8 and ism_o control
+ # files directly rather than extending the e8 profile.
+ - e8:all
+ - ism_o:all
+
+ # Both control files map each requirement to Red Hat Enterprise Linux rules.
+ # The unselections below drop rules not applicable to Ubuntu; the additions
+ # re-cover the affected control areas with their Ubuntu equivalents so that
+ # every control covered by the RHEL/OL ism_o profile is also covered here.
+
+ # ISM-1416 (Guidelines for system hardening): "A software firewall is
+ # implemented on workstations and servers to restrict inbound and outbound
+ # network connections to an organisation-approved set of applications and
+ # services." Ubuntu ships ufw rather than firewalld.
+ - '!package_firewalld_installed'
+ - '!service_firewalld_enabled'
+ - '!configure_firewalld_ports'
+ - '!firewalld_sshd_port_enabled'
+ - '!set_firewalld_default_zone'
+ - package_ufw_installed
+ - service_ufw_enabled
+ - ufw_default_incoming_rule
+
+ # ISM-1446 (Guidelines for cryptography): "When using elliptic curve
+ # cryptography, a suitable curve from NIST SP 800-186 is used." On RHEL this
+ # is enforced through system-wide crypto-policies; Ubuntu has no equivalent
+ # mechanism, so the approved curve/cipher set is enforced on the SSH server.
+ - '!configure_crypto_policy'
+ - '!configure_ssh_crypto_policy'
+ - '!configure_kerberos_crypto_policy'
+ - '!enable_fips_mode'
+ - '!enable_dracut_fips_module'
+ - '!system_booted_in_fips_mode'
+ - sshd_use_strong_ciphers
+ - sshd_use_strong_macs
+ - sshd_use_strong_kex
+ # Retained from the ism_o baseline for parity with the RHEL/OL profile. Inert
+ # on Ubuntu: its only consumer, configure_crypto_policy, is unselected above
+ # and Ubuntu has no system-wide crypto-policy mechanism.
+ - var_system_crypto_policy=fips
+
+ # ISM-1493 (Guidelines for system management): "Software registers for
+ # workstations, servers, network devices and networked IT equipment are
+ # developed, implemented, maintained and regularly verified." The RHEL
+ # mapping verifies package provenance via dnf/yum gpgcheck; on Ubuntu this
+ # is apt package authentication.
+ - '!ensure_gpgcheck_globally_activated'
+ - '!ensure_gpgcheck_local_packages'
+ - '!ensure_gpgcheck_never_disabled'
+ - '!ensure_redhat_gpgkey_installed'
+ - '!ensure_oracle_gpgkey_installed'
+ - '!package_sequoia-sq_installed'
+ - apt_conf_disallow_unauthenticated
+ - apt_sources_list_official
+
+ # ISM-1467 / ISM-1483 (Guidelines for system hardening): "The latest release
+ # of email clients, office productivity suites, PDF applications, security
+ # products and web browsers ... are used." / "The latest release of
+ # internet-facing server applications is used." dnf-automatic provides
+ # automatic patching on RHEL; the Ubuntu equivalent is unattended-upgrades
+ # (package_unattended-upgrades_installed, added by this change).
+ - '!dnf-automatic_apply_updates'
+ - '!dnf-automatic_security_updates_only'
+ - '!package_libdnf-plugin-subscription-manager_installed'
+ - '!package_subscription-manager_installed'
+ - package_unattended-upgrades_installed
+
+ # ISM-1657 (Guidelines for system hardening): "Application control restricts
+ # the execution of executables, libraries, scripts, installers ... to an
+ # organisation-approved set." fapolicyd is the RHEL mechanism; Ubuntu uses
+ # AppArmor.
+ - '!package_fapolicyd_installed'
+ - '!service_fapolicyd_enabled'
+ - package_apparmor_installed
+ - all_apparmor_profiles_enforced
+
+ ### SELinux (Ubuntu uses AppArmor)
+ - '!selinux_state'
+ - '!selinux_policytype'
+ - '!sebool_kerberos_enabled'
+ - '!sebool_authlogin_nsswitch_use_ldap'
+ - '!sebool_authlogin_radius'
+ - '!sebool_auditadm_exec_content'
+ - '!audit_rules_execution_restorecon'
+ - '!audit_rules_execution_semanage'
+ - '!audit_rules_execution_setfiles'
+ - '!audit_rules_execution_setsebool'
+ - '!audit_rules_execution_seunshare'
+
+ ### RPM-based integrity verification (no dpkg equivalent rule upstream)
+ - '!rpm_verify_hashes'
+ - '!rpm_verify_ownership'
+ - '!rpm_verify_permissions'
+ - '!file_permissions_unauthorized_sgid'
+ - '!file_permissions_unauthorized_suid'
+
+ ### RHEL-only config files / tooling
+ - '!enable_ldap_client'
+ - '!network_nmcli_permissions'
+ - '!network_ipv6_static_address'
+ - '!openssl_use_strong_entropy'
+ - '!sysctl_kernel_exec_shield'
+ - '!enable_authselect'
+
+ ### RHEL/SLES PAM stack and legacy account lockout
+ - '!set_password_hashing_algorithm_libuserconf'
+ - '!set_password_hashing_algorithm_passwordauth'
+ - '!accounts_passwords_pam_faillock_deny_root'
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!accounts_passwords_pam_tally2_unlock_time'
+ - '!audit_rules_login_events_tallylog'
+
+ ### Legacy SSH protocol (inherent on modern OpenSSH)
+ - '!sshd_allow_only_protocol2'
diff --git a/products/ubuntu2404/profiles/e8.profile b/products/ubuntu2404/profiles/e8.profile
new file mode 100644
index 000000000000..514f8dc37995
--- /dev/null
+++ b/products/ubuntu2404/profiles/e8.profile
@@ -0,0 +1,78 @@
+---
+documentation_complete: true
+
+metadata:
+ SMEs:
+ - ndfivegn
+
+reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
+
+title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
+
+description: |-
+ This profile contains configuration checks for Ubuntu 24.04
+ that align to the Australian Cyber Security Centre (ACSC) Essential Eight.
+
+ A copy of the Essential Eight in Linux Environments guide can be found at the
+ ACSC website:
+
+ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
+
+selections:
+ - e8:all
+
+ # The e8 control file maps each requirement to Red Hat Enterprise Linux
+ # rules. The unselections below drop rules that are not applicable to Ubuntu
+ # (SELinux, RPM, dnf/yum, authselect, firewalld, system-wide crypto-policies),
+ # and the additions re-cover the same control areas with their Ubuntu
+ # equivalents (AppArmor, ufw, apt) so coverage parity with the RHEL/OL e8
+ # profile is preserved.
+
+ ### Application control (fapolicyd -> AppArmor)
+ - '!package_fapolicyd_installed'
+ - '!service_fapolicyd_enabled'
+ - package_apparmor_installed
+ - all_apparmor_profiles_enforced
+
+ ### Network firewall (firewalld -> ufw)
+ - '!package_firewalld_installed'
+ - '!service_firewalld_enabled'
+ - package_ufw_installed
+ - service_ufw_enabled
+
+ ### Package authenticity (dnf/yum gpgcheck -> apt)
+ - '!ensure_redhat_gpgkey_installed'
+ - '!ensure_gpgcheck_globally_activated'
+ - '!ensure_gpgcheck_local_packages'
+ - '!ensure_gpgcheck_never_disabled'
+ - '!package_sequoia-sq_installed'
+ - apt_conf_disallow_unauthenticated
+
+ ### Automatic patching (dnf-automatic -> unattended-upgrades)
+ - '!dnf-automatic_security_updates_only'
+ - package_unattended-upgrades_installed
+
+ ### Mandatory access control (SELinux -> AppArmor, covered above)
+ - '!selinux_state'
+ - '!selinux_policytype'
+ - '!audit_rules_execution_restorecon'
+ - '!audit_rules_execution_semanage'
+ - '!audit_rules_execution_setsebool'
+ - '!audit_rules_execution_setfiles'
+ - '!audit_rules_execution_seunshare'
+
+ ### RPM-based integrity verification (no dpkg equivalent rule upstream)
+ - '!rpm_verify_hashes'
+ - '!rpm_verify_permissions'
+ - '!rpm_verify_ownership'
+ - '!file_permissions_unauthorized_sgid'
+ - '!file_permissions_unauthorized_suid'
+
+ ### System-wide crypto policy / authselect (RHEL-only mechanisms)
+ - '!configure_crypto_policy'
+ - '!configure_ssh_crypto_policy'
+ - '!enable_authselect'
+
+ ### RHEL-only kernel sysctl / legacy lockout audit
+ - '!sysctl_kernel_exec_shield'
+ - '!audit_rules_login_events_tallylog'
diff --git a/products/ubuntu2404/profiles/ism_o.profile b/products/ubuntu2404/profiles/ism_o.profile
new file mode 100644
index 000000000000..d1c57270eeb8
--- /dev/null
+++ b/products/ubuntu2404/profiles/ism_o.profile
@@ -0,0 +1,140 @@
+---
+documentation_complete: true
+
+metadata:
+ SMEs:
+ - ndfivegn
+
+reference: https://www.cyber.gov.au/ism
+
+title: 'Australian Cyber Security Centre (ACSC) ISM Official'
+
+description: |-
+ This profile contains configuration checks for Ubuntu 24.04
+ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM)
+ with the applicability marking of OFFICIAL.
+
+ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
+ Ubuntu security controls with the ISM, which can be used to select controls
+ specific to an organisation's security posture and risk profile.
+
+ A copy of the ISM can be found at the ACSC website:
+
+ https://www.cyber.gov.au/ism
+
+selections:
+ # The ISM Official baseline includes the ACSC Essential Eight. This profile
+ # is self-contained: it selects all rules from both the e8 and ism_o control
+ # files directly rather than extending the e8 profile.
+ - e8:all
+ - ism_o:all
+
+ # Both control files map each requirement to Red Hat Enterprise Linux rules.
+ # The unselections below drop rules not applicable to Ubuntu; the additions
+ # re-cover the affected control areas with their Ubuntu equivalents so that
+ # every control covered by the RHEL/OL ism_o profile is also covered here.
+
+ # ISM-1416 (Guidelines for system hardening): "A software firewall is
+ # implemented on workstations and servers to restrict inbound and outbound
+ # network connections to an organisation-approved set of applications and
+ # services." Ubuntu ships ufw rather than firewalld.
+ - '!package_firewalld_installed'
+ - '!service_firewalld_enabled'
+ - '!configure_firewalld_ports'
+ - '!firewalld_sshd_port_enabled'
+ - '!set_firewalld_default_zone'
+ - package_ufw_installed
+ - service_ufw_enabled
+ - ufw_default_incoming_rule
+
+ # ISM-1446 (Guidelines for cryptography): "When using elliptic curve
+ # cryptography, a suitable curve from NIST SP 800-186 is used." On RHEL this
+ # is enforced through system-wide crypto-policies; Ubuntu has no equivalent
+ # mechanism, so the approved curve/cipher set is enforced on the SSH server.
+ - '!configure_crypto_policy'
+ - '!configure_ssh_crypto_policy'
+ - '!configure_kerberos_crypto_policy'
+ - '!enable_fips_mode'
+ - '!enable_dracut_fips_module'
+ - '!system_booted_in_fips_mode'
+ - sshd_use_strong_ciphers
+ - sshd_use_strong_macs
+ - sshd_use_strong_kex
+ # Retained from the ism_o baseline for parity with the RHEL/OL profile. Inert
+ # on Ubuntu: its only consumer, configure_crypto_policy, is unselected above
+ # and Ubuntu has no system-wide crypto-policy mechanism.
+ - var_system_crypto_policy=fips
+
+ # ISM-1493 (Guidelines for system management): "Software registers for
+ # workstations, servers, network devices and networked IT equipment are
+ # developed, implemented, maintained and regularly verified." The RHEL
+ # mapping verifies package provenance via dnf/yum gpgcheck; on Ubuntu this
+ # is apt package authentication.
+ - '!ensure_gpgcheck_globally_activated'
+ - '!ensure_gpgcheck_local_packages'
+ - '!ensure_gpgcheck_never_disabled'
+ - '!ensure_redhat_gpgkey_installed'
+ - '!ensure_oracle_gpgkey_installed'
+ - '!package_sequoia-sq_installed'
+ - apt_conf_disallow_unauthenticated
+ - apt_sources_list_official
+
+ # ISM-1467 / ISM-1483 (Guidelines for system hardening): "The latest release
+ # of email clients, office productivity suites, PDF applications, security
+ # products and web browsers ... are used." / "The latest release of
+ # internet-facing server applications is used." dnf-automatic provides
+ # automatic patching on RHEL; the Ubuntu equivalent is unattended-upgrades
+ # (package_unattended-upgrades_installed, added by this change).
+ - '!dnf-automatic_apply_updates'
+ - '!dnf-automatic_security_updates_only'
+ - '!package_libdnf-plugin-subscription-manager_installed'
+ - '!package_subscription-manager_installed'
+ - package_unattended-upgrades_installed
+
+ # ISM-1657 (Guidelines for system hardening): "Application control restricts
+ # the execution of executables, libraries, scripts, installers ... to an
+ # organisation-approved set." fapolicyd is the RHEL mechanism; Ubuntu uses
+ # AppArmor.
+ - '!package_fapolicyd_installed'
+ - '!service_fapolicyd_enabled'
+ - package_apparmor_installed
+ - all_apparmor_profiles_enforced
+
+ ### SELinux (Ubuntu uses AppArmor)
+ - '!selinux_state'
+ - '!selinux_policytype'
+ - '!sebool_kerberos_enabled'
+ - '!sebool_authlogin_nsswitch_use_ldap'
+ - '!sebool_authlogin_radius'
+ - '!sebool_auditadm_exec_content'
+ - '!audit_rules_execution_restorecon'
+ - '!audit_rules_execution_semanage'
+ - '!audit_rules_execution_setfiles'
+ - '!audit_rules_execution_setsebool'
+ - '!audit_rules_execution_seunshare'
+
+ ### RPM-based integrity verification (no dpkg equivalent rule upstream)
+ - '!rpm_verify_hashes'
+ - '!rpm_verify_ownership'
+ - '!rpm_verify_permissions'
+ - '!file_permissions_unauthorized_sgid'
+ - '!file_permissions_unauthorized_suid'
+
+ ### RHEL-only config files / tooling
+ - '!enable_ldap_client'
+ - '!network_nmcli_permissions'
+ - '!network_ipv6_static_address'
+ - '!openssl_use_strong_entropy'
+ - '!sysctl_kernel_exec_shield'
+ - '!enable_authselect'
+
+ ### RHEL/SLES PAM stack and legacy account lockout
+ - '!set_password_hashing_algorithm_libuserconf'
+ - '!set_password_hashing_algorithm_passwordauth'
+ - '!accounts_passwords_pam_faillock_deny_root'
+ - '!accounts_passwords_pam_tally2_deny_root'
+ - '!accounts_passwords_pam_tally2_unlock_time'
+ - '!audit_rules_login_events_tallylog'
+
+ ### Legacy SSH protocol (inherent on modern OpenSSH)
+ - '!sshd_allow_only_protocol2'
diff --git a/tests/data/profile_stability/ubuntu2204/e8.profile b/tests/data/profile_stability/ubuntu2204/e8.profile
new file mode 100644
index 000000000000..74a885325b93
--- /dev/null
+++ b/tests/data/profile_stability/ubuntu2204/e8.profile
@@ -0,0 +1,83 @@
+accounts_no_uid_except_zero
+all_apparmor_profiles_enforced
+apt_conf_disallow_unauthenticated
+audit_rules_dac_modification_chmod
+audit_rules_dac_modification_chown
+audit_rules_execution_chcon
+audit_rules_kernel_module_loading
+audit_rules_login_events_faillock
+audit_rules_login_events_lastlog
+audit_rules_networkconfig_modification
+audit_rules_sysadmin_actions
+audit_rules_time_adjtimex
+audit_rules_time_clock_settime
+audit_rules_time_settimeofday
+audit_rules_time_stime
+audit_rules_time_watch_localtime
+audit_rules_usergroup_modification_group
+audit_rules_usergroup_modification_gshadow
+audit_rules_usergroup_modification_opasswd
+audit_rules_usergroup_modification_passwd
+audit_rules_usergroup_modification_shadow
+auditd_data_retention_flush
+auditd_freq
+auditd_local_events
+auditd_log_format
+auditd_name_format
+auditd_write_logs
+dir_perms_world_writable_sticky_bits
+file_ownership_binary_dirs
+file_ownership_library_dirs
+file_permissions_binary_dirs
+file_permissions_library_dirs
+file_permissions_unauthorized_world_writable
+mount_option_dev_shm_nodev
+mount_option_dev_shm_noexec
+mount_option_dev_shm_nosuid
+network_sniffer_disabled
+no_empty_passwords
+package_apparmor_installed
+package_rsh-server_removed
+package_rsh_removed
+package_rsyslog_installed
+package_squid_removed
+package_talk-server_removed
+package_talk_removed
+package_telnet-server_removed
+package_telnet_removed
+package_ufw_installed
+package_unattended-upgrades_installed
+package_ypbind_removed
+security_patches_up_to_date
+service_auditd_enabled
+service_avahi-daemon_disabled
+service_kdump_disabled
+service_rsyslog_enabled
+service_squid_disabled
+service_telnet_disabled
+service_ufw_enabled
+sshd_disable_empty_passwords
+sshd_disable_gssapi_auth
+sshd_disable_rhosts
+sshd_disable_root_login
+sshd_disable_user_known_hosts
+sshd_do_not_permit_user_env
+sshd_enable_strictmodes
+sshd_print_last_log
+sshd_set_loglevel_info
+sshd_use_directory_configuration
+sudo_remove_no_authenticate
+sudo_remove_nopasswd
+sudo_require_authentication
+sysctl_kernel_dmesg_restrict
+sysctl_kernel_kexec_load_disabled
+sysctl_kernel_kptr_restrict
+sysctl_kernel_randomize_va_space
+sysctl_kernel_unprivileged_bpf_disabled
+sysctl_kernel_yama_ptrace_scope
+sysctl_net_core_bpf_jit_harden
+var_auditd_flush=incremental_async
+var_authselect_profile=sssd
+var_selinux_policy_name=targeted
+var_selinux_state=enforcing
+var_system_crypto_policy=default_nosha1
diff --git a/tests/data/profile_stability/ubuntu2204/ism_o.profile b/tests/data/profile_stability/ubuntu2204/ism_o.profile
new file mode 100644
index 000000000000..a8e76d1ab8b9
--- /dev/null
+++ b/tests/data/profile_stability/ubuntu2204/ism_o.profile
@@ -0,0 +1,172 @@
+accounts_maximum_age_login_defs
+accounts_minimum_age_login_defs
+accounts_no_uid_except_zero
+accounts_password_all_shadowed
+accounts_password_minlen_login_defs
+accounts_password_pam_dcredit
+accounts_password_pam_lcredit
+accounts_password_pam_minclass
+accounts_password_pam_minlen
+accounts_password_pam_ocredit
+accounts_password_pam_ucredit
+accounts_password_warn_age_login_defs
+accounts_passwords_pam_faillock_deny
+accounts_passwords_pam_faillock_interval
+accounts_passwords_pam_faillock_unlock_time
+all_apparmor_profiles_enforced
+apt_conf_disallow_unauthenticated
+apt_sources_list_official
+audit_access_failed
+audit_access_failed_aarch64
+audit_access_failed_ppc64le
+audit_access_success
+audit_access_success_aarch64
+audit_access_success_ppc64le
+audit_rules_dac_modification_chmod
+audit_rules_dac_modification_chown
+audit_rules_execution_chcon
+audit_rules_kernel_module_loading
+audit_rules_login_events_faillock
+audit_rules_login_events_lastlog
+audit_rules_networkconfig_modification
+audit_rules_privileged_commands
+audit_rules_session_events_btmp
+audit_rules_session_events_utmp
+audit_rules_session_events_wtmp
+audit_rules_sysadmin_actions
+audit_rules_time_adjtimex
+audit_rules_time_clock_settime
+audit_rules_time_settimeofday
+audit_rules_time_stime
+audit_rules_time_watch_localtime
+audit_rules_unsuccessful_file_modification_creat
+audit_rules_unsuccessful_file_modification_ftruncate
+audit_rules_unsuccessful_file_modification_open
+audit_rules_unsuccessful_file_modification_open_by_handle_at
+audit_rules_unsuccessful_file_modification_openat
+audit_rules_unsuccessful_file_modification_truncate
+audit_rules_usergroup_modification_group
+audit_rules_usergroup_modification_gshadow
+audit_rules_usergroup_modification_opasswd
+audit_rules_usergroup_modification_passwd
+audit_rules_usergroup_modification_shadow
+auditd_data_retention_flush
+auditd_freq
+auditd_local_events
+auditd_log_format
+auditd_name_format
+auditd_write_logs
+chronyd_configure_pool_and_server
+chronyd_or_ntpd_specify_multiple_servers
+chronyd_specify_remote_server
+configure_opensc_card_drivers
+dir_perms_world_writable_sticky_bits
+disable_host_auth
+file_ownership_binary_dirs
+file_ownership_library_dirs
+file_permissions_binary_dirs
+file_permissions_library_dirs
+file_permissions_sshd_private_key
+file_permissions_unauthorized_world_writable
+force_opensc_card_drivers
+kerberos_disable_no_keytab
+mount_option_dev_shm_nodev
+mount_option_dev_shm_noexec
+mount_option_dev_shm_nosuid
+network_sniffer_disabled
+no_empty_passwords
+no_shelllogin_for_systemaccounts
+package_aide_installed
+package_apparmor_installed
+package_audit_installed
+package_chrony_installed
+package_opensc_installed
+package_pcsc-lite-ccid_installed
+package_pcsc-lite_installed
+package_rear_installed
+package_rsh-server_removed
+package_rsh_removed
+package_rsyslog-gnutls_installed
+package_rsyslog_installed
+package_squid_removed
+package_sudo_installed
+package_talk-server_removed
+package_talk_removed
+package_telnet-server_removed
+package_telnet_removed
+package_ufw_installed
+package_unattended-upgrades_installed
+package_usbguard_installed
+package_xinetd_removed
+package_ypbind_removed
+require_emergency_target_auth
+require_singleuser_auth
+rsyslog_cron_logging
+rsyslog_files_groupownership
+rsyslog_files_ownership
+rsyslog_files_permissions
+rsyslog_nolisten
+rsyslog_remote_loghost
+rsyslog_remote_tls
+rsyslog_remote_tls_cacert
+secure_boot_enabled
+security_patches_up_to_date
+service_auditd_enabled
+service_avahi-daemon_disabled
+service_chronyd_enabled
+service_chronyd_or_ntpd_enabled
+service_kdump_disabled
+service_pcscd_enabled
+service_rsyslog_enabled
+service_snmpd_disabled
+service_squid_disabled
+service_telnet_disabled
+service_ufw_enabled
+service_usbguard_enabled
+service_xinetd_disabled
+set_password_hashing_algorithm_logindefs
+set_password_hashing_algorithm_systemauth
+snmpd_use_newer_protocol
+sshd_disable_empty_passwords
+sshd_disable_gssapi_auth
+sshd_disable_kerb_auth
+sshd_disable_rhosts
+sshd_disable_root_login
+sshd_disable_user_known_hosts
+sshd_disable_x11_forwarding
+sshd_do_not_permit_user_env
+sshd_enable_strictmodes
+sshd_enable_warning_banner
+sshd_max_auth_tries_value=5
+sshd_print_last_log
+sshd_set_loglevel_info
+sshd_set_max_auth_tries
+sshd_use_directory_configuration
+sshd_use_strong_ciphers
+sshd_use_strong_kex
+sshd_use_strong_macs
+sssd_enable_smartcards
+sudo_remove_no_authenticate
+sudo_remove_nopasswd
+sudo_require_authentication
+sysctl_kernel_dmesg_restrict
+sysctl_kernel_kexec_load_disabled
+sysctl_kernel_kptr_restrict
+sysctl_kernel_randomize_va_space
+sysctl_kernel_unprivileged_bpf_disabled
+sysctl_kernel_yama_ptrace_scope
+sysctl_net_core_bpf_jit_harden
+ufw_default_incoming_rule
+usbguard_allow_hid_and_hub
+var_accounts_maximum_age_login_defs=60
+var_accounts_minimum_age_login_defs=1
+var_accounts_password_minlen_login_defs=14
+var_accounts_password_warn_age_login_defs=7
+var_auditd_flush=incremental_async
+var_authselect_profile=sssd
+var_password_hashing_algorithm_pam=yescrypt
+var_password_pam_minlen=14
+var_selinux_policy_name=targeted
+var_selinux_state=enforcing
+var_system_crypto_policy=fips
+wireless_disable_interfaces
diff --git a/tests/data/profile_stability/ubuntu2404/e8.profile b/tests/data/profile_stability/ubuntu2404/e8.profile
new file mode 100644
index 000000000000..74a885325b93
--- /dev/null
+++ b/tests/data/profile_stability/ubuntu2404/e8.profile
@@ -0,0 +1,83 @@
+accounts_no_uid_except_zero
+all_apparmor_profiles_enforced
+apt_conf_disallow_unauthenticated
+audit_rules_dac_modification_chmod
+audit_rules_dac_modification_chown
+audit_rules_execution_chcon
+audit_rules_kernel_module_loading
+audit_rules_login_events_faillock
+audit_rules_login_events_lastlog
+audit_rules_networkconfig_modification
+audit_rules_sysadmin_actions
+audit_rules_time_adjtimex
+audit_rules_time_clock_settime
+audit_rules_time_settimeofday
+audit_rules_time_stime
+audit_rules_time_watch_localtime
+audit_rules_usergroup_modification_group
+audit_rules_usergroup_modification_gshadow
+audit_rules_usergroup_modification_opasswd
+audit_rules_usergroup_modification_passwd
+audit_rules_usergroup_modification_shadow
+auditd_data_retention_flush
+auditd_freq
+auditd_local_events
+auditd_log_format
+auditd_name_format
+auditd_write_logs
+dir_perms_world_writable_sticky_bits
+file_ownership_binary_dirs
+file_ownership_library_dirs
+file_permissions_binary_dirs
+file_permissions_library_dirs
+file_permissions_unauthorized_world_writable
+mount_option_dev_shm_nodev
+mount_option_dev_shm_noexec
+mount_option_dev_shm_nosuid
+network_sniffer_disabled
+no_empty_passwords
+package_apparmor_installed
+package_rsh-server_removed
+package_rsh_removed
+package_rsyslog_installed
+package_squid_removed
+package_talk-server_removed
+package_talk_removed
+package_telnet-server_removed
+package_telnet_removed
+package_ufw_installed
+package_unattended-upgrades_installed
+package_ypbind_removed
+security_patches_up_to_date
+service_auditd_enabled
+service_avahi-daemon_disabled
+service_kdump_disabled
+service_rsyslog_enabled
+service_squid_disabled
+service_telnet_disabled
+service_ufw_enabled
+sshd_disable_empty_passwords
+sshd_disable_gssapi_auth
+sshd_disable_rhosts
+sshd_disable_root_login
+sshd_disable_user_known_hosts
+sshd_do_not_permit_user_env
+sshd_enable_strictmodes
+sshd_print_last_log
+sshd_set_loglevel_info
+sshd_use_directory_configuration
+sudo_remove_no_authenticate
+sudo_remove_nopasswd
+sudo_require_authentication
+sysctl_kernel_dmesg_restrict
+sysctl_kernel_kexec_load_disabled
+sysctl_kernel_kptr_restrict
+sysctl_kernel_randomize_va_space
+sysctl_kernel_unprivileged_bpf_disabled
+sysctl_kernel_yama_ptrace_scope
+sysctl_net_core_bpf_jit_harden
+var_auditd_flush=incremental_async
+var_authselect_profile=sssd
+var_selinux_policy_name=targeted
+var_selinux_state=enforcing
+var_system_crypto_policy=default_nosha1
diff --git a/tests/data/profile_stability/ubuntu2404/ism_o.profile b/tests/data/profile_stability/ubuntu2404/ism_o.profile
new file mode 100644
index 000000000000..a8e76d1ab8b9
--- /dev/null
+++ b/tests/data/profile_stability/ubuntu2404/ism_o.profile
@@ -0,0 +1,172 @@
+accounts_maximum_age_login_defs
+accounts_minimum_age_login_defs
+accounts_no_uid_except_zero
+accounts_password_all_shadowed
+accounts_password_minlen_login_defs
+accounts_password_pam_dcredit
+accounts_password_pam_lcredit
+accounts_password_pam_minclass
+accounts_password_pam_minlen
+accounts_password_pam_ocredit
+accounts_password_pam_ucredit
+accounts_password_warn_age_login_defs
+accounts_passwords_pam_faillock_deny
+accounts_passwords_pam_faillock_interval
+accounts_passwords_pam_faillock_unlock_time
+all_apparmor_profiles_enforced
+apt_conf_disallow_unauthenticated
+apt_sources_list_official
+audit_access_failed
+audit_access_failed_aarch64
+audit_access_failed_ppc64le
+audit_access_success
+audit_access_success_aarch64
+audit_access_success_ppc64le
+audit_rules_dac_modification_chmod
+audit_rules_dac_modification_chown
+audit_rules_execution_chcon
+audit_rules_kernel_module_loading
+audit_rules_login_events_faillock
+audit_rules_login_events_lastlog
+audit_rules_networkconfig_modification
+audit_rules_privileged_commands
+audit_rules_session_events_btmp
+audit_rules_session_events_utmp
+audit_rules_session_events_wtmp
+audit_rules_sysadmin_actions
+audit_rules_time_adjtimex
+audit_rules_time_clock_settime
+audit_rules_time_settimeofday
+audit_rules_time_stime
+audit_rules_time_watch_localtime
+audit_rules_unsuccessful_file_modification_creat
+audit_rules_unsuccessful_file_modification_ftruncate
+audit_rules_unsuccessful_file_modification_open
+audit_rules_unsuccessful_file_modification_open_by_handle_at
+audit_rules_unsuccessful_file_modification_openat
+audit_rules_unsuccessful_file_modification_truncate
+audit_rules_usergroup_modification_group
+audit_rules_usergroup_modification_gshadow
+audit_rules_usergroup_modification_opasswd
+audit_rules_usergroup_modification_passwd
+audit_rules_usergroup_modification_shadow
+auditd_data_retention_flush
+auditd_freq
+auditd_local_events
+auditd_log_format
+auditd_name_format
+auditd_write_logs
+chronyd_configure_pool_and_server
+chronyd_or_ntpd_specify_multiple_servers
+chronyd_specify_remote_server
+configure_opensc_card_drivers
+dir_perms_world_writable_sticky_bits
+disable_host_auth
+file_ownership_binary_dirs
+file_ownership_library_dirs
+file_permissions_binary_dirs
+file_permissions_library_dirs
+file_permissions_sshd_private_key
+file_permissions_unauthorized_world_writable
+force_opensc_card_drivers
+kerberos_disable_no_keytab
+mount_option_dev_shm_nodev
+mount_option_dev_shm_noexec
+mount_option_dev_shm_nosuid
+network_sniffer_disabled
+no_empty_passwords
+no_shelllogin_for_systemaccounts
+package_aide_installed
+package_apparmor_installed
+package_audit_installed
+package_chrony_installed
+package_opensc_installed
+package_pcsc-lite-ccid_installed
+package_pcsc-lite_installed
+package_rear_installed
+package_rsh-server_removed
+package_rsh_removed
+package_rsyslog-gnutls_installed
+package_rsyslog_installed
+package_squid_removed
+package_sudo_installed
+package_talk-server_removed
+package_talk_removed
+package_telnet-server_removed
+package_telnet_removed
+package_ufw_installed
+package_unattended-upgrades_installed
+package_usbguard_installed
+package_xinetd_removed
+package_ypbind_removed
+require_emergency_target_auth
+require_singleuser_auth
+rsyslog_cron_logging
+rsyslog_files_groupownership
+rsyslog_files_ownership
+rsyslog_files_permissions
+rsyslog_nolisten
+rsyslog_remote_loghost
+rsyslog_remote_tls
+rsyslog_remote_tls_cacert
+secure_boot_enabled
+security_patches_up_to_date
+service_auditd_enabled
+service_avahi-daemon_disabled
+service_chronyd_enabled
+service_chronyd_or_ntpd_enabled
+service_kdump_disabled
+service_pcscd_enabled
+service_rsyslog_enabled
+service_snmpd_disabled
+service_squid_disabled
+service_telnet_disabled
+service_ufw_enabled
+service_usbguard_enabled
+service_xinetd_disabled
+set_password_hashing_algorithm_logindefs
+set_password_hashing_algorithm_systemauth
+snmpd_use_newer_protocol
+sshd_disable_empty_passwords
+sshd_disable_gssapi_auth
+sshd_disable_kerb_auth
+sshd_disable_rhosts
+sshd_disable_root_login
+sshd_disable_user_known_hosts
+sshd_disable_x11_forwarding
+sshd_do_not_permit_user_env
+sshd_enable_strictmodes
+sshd_enable_warning_banner
+sshd_max_auth_tries_value=5
+sshd_print_last_log
+sshd_set_loglevel_info
+sshd_set_max_auth_tries
+sshd_use_directory_configuration
+sshd_use_strong_ciphers
+sshd_use_strong_kex
+sshd_use_strong_macs
+sssd_enable_smartcards
+sudo_remove_no_authenticate
+sudo_remove_nopasswd
+sudo_require_authentication
+sysctl_kernel_dmesg_restrict
+sysctl_kernel_kexec_load_disabled
+sysctl_kernel_kptr_restrict
+sysctl_kernel_randomize_va_space
+sysctl_kernel_unprivileged_bpf_disabled
+sysctl_kernel_yama_ptrace_scope
+sysctl_net_core_bpf_jit_harden
+ufw_default_incoming_rule
+usbguard_allow_hid_and_hub
+var_accounts_maximum_age_login_defs=60
+var_accounts_minimum_age_login_defs=1
+var_accounts_password_minlen_login_defs=14
+var_accounts_password_warn_age_login_defs=7
+var_auditd_flush=incremental_async
+var_authselect_profile=sssd
+var_password_hashing_algorithm_pam=yescrypt
+var_password_pam_minlen=14
+var_selinux_policy_name=targeted
+var_selinux_state=enforcing
+var_system_crypto_policy=fips
+wireless_disable_interfaces