Skip to content

Releases: Cingulara/openrmf-docs

OpenRMF OSS v1.12 Release

19 Sep 12:12
b10279e
Compare
Choose a tag to compare

Version 1.12 has the following added features and fixes:

  • Added unique checklist match based on system package, hostname, checklist/STIG type, web or database, site, and instance fields
  • Updated the checklist naming to account for unique web or database fields
  • Updated Keycloak v25.0.4 KC_PROXY_HEADERS=xforwarded environment variable from KC_PROXY=edge
  • Updated Keycloak v25.0.5 theme for OpenRMF OSS
  • Updated base images for web, code
  • Updated 3rd party infrastructure images
  • Updated matching SCAP to DISA Checklist Templates on naming conventions
  • Latest DISA Templates as of September 16, 2024

If you are upgrading and have not made major configuration changes (password, HTTPS, etc.), stop the current OpenRMF® OSS stack. Then unzip the contents of the OpenRMF v1.12 ZIP file into another directory/folder.

Otherwise, the only file you need if upgrading from v1.11 is the docker-compose.yml file with the changes to updated image tags and the full path to images. There is an update to the Keycloak KC_PROXY as it got renamed and needs a new value as well. If manually editing your own docker-compose.yml please note this area.

It is a good idea to make a backup of all your files before upgrading.

Step-by-Step Instructions for Initial Setup/Installation Everyone Must Read and Apply

https://cingulara.github.io/openrmf-docs/install.html use these once you download the ZIP into its own folder.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" or "127.0.0.1" as inside a docker container those mean that container, not the host it is running on.

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly.

Once done read over the other documents in the repo on minimum requirements, HTTPS, security, etc. as well.

What's Changed

Full Changelog: v1.11.00...v1.12.00

OpenRMF OSS v1.11 Release

23 Apr 13:13
b6ddbda
Compare
Choose a tag to compare

Version 1.11 has the following added features and fixes:

  • Added MARKING, HOST IP, HOST MAC, Web or Database Fields for display and editing
  • Get Host IP, MAC, FQDN from the SCAP scan results, if there, for a checklist
  • Read for Not Applicable in SCAP scan results, and fill in CKL record accordingly
  • Updated Keycloak KC_PROXY environment variable from passthrough to edge for HTTPS setup later
  • Updated base images for web, code
  • Updated 3rd party infrastructure images
  • Updated matching SCAP to DISA Checklist Templates on naming conventions
  • Removed Jaeger and OpenTracing older code not used
  • Removed build warnings on NLog and throwing extra exceptions
  • Sped up loading of report and template data
  • Latest DISA Templates as of April 18, 2024
  • Mounted the initial JS for database collections with :Z versus :ro to work in REL/podman

If you are upgrading, stop the current OpenRMF® OSS stack. Then unzip the contents of the OpenRMF v1.11 ZIP file into another directory/folder. The only file you need if upgrading from v1.10 is the docker-compose.yml file with the changes to mount points for REL and updated image tags.

It is a good idea to make a backup of all your files before upgrading.

If you are not at v1.10, download that release first and look for the "add indexes" scripts you can apply for performance.

Step-by-Step Instructions for Initial Setup/Installation Everyone Must Read and Apply

https://cingulara.github.io/openrmf-docs/install.html use these once you download the ZIP into its own folder.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" or "127.0.0.1" as inside a docker container those mean that container, not the host it is running on.

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly.

Once done read over the other documents in the repo on minimum requirements, HTTPS, security, etc. as well.

What's Changed

New Contributors

Full Changelog: v1.10.0...v1.11.00

OpenRMF OSS v1.10 Release

07 Nov 11:24
Compare
Choose a tag to compare

Updates in this v1.10.0 release:

  • Sped up reports using AJAX calls to load some tables versus "foreach" Javascript
  • Added indexes on certain fields for speeding up the listing and searching of data in 5 MongoDB databases
  • Added a report to list vulnerabilities by status and severity options
  • Added a report to show activity on checklists for age and stale data
  • Added a report to show all Vulnerabilities with severity override set
  • Added a report to list all Checklists that require an Upgrade
  • Fix for Empty Comments / Details not saved on Checklists
  • Fix for Apostrophe and special HTML characters being escaped in data on textboxes
  • Fix for matching SCAP to Checklists on certain changed DISA templates
  • Fix for Severity Override not resetting after being on a VULN record that has one, to one that does not
  • Fix bug to hide upload Template if not an Administrator
  • Remove Caching on Reporting API to show proper data after deleting checklists correctly
  • Latest DISA Templates as of November 4, 2023
  • Updated help with better descriptions and overview
  • Update to the latest NGINX Unprivileged web container
  • Update the base containers to Alpine Linux 3.17.3
  • Update to the latest DISA Templates as of November 4, 2023

If you are upgrading, stop the current OpenRMF® OSS stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Then run the 4 scripts in the database index update directory in the ZIP file for performance and newer reports:

  • ./addChecklistIndexes.sh "ROOT-PASSWORD-FROM-MONGO-IN-YML"
  • ./addReportIndexes.sh "ROOT-PASSWORD-FROM-MONGO-IN-YML"
  • ./addScoreIndexes.sh "ROOT-PASSWORD-FROM-MONGO-IN-YML"
  • ./addTemplateIndexes.sh "ROOT-PASSWORD-FROM-MONGO-IN-YML"

If upgrading, be careful on just copying the .env as you will have one setup for your environment. It is a good idea to make a backup of all your files before upgrading.

Step-by-Step Instructions Everyone Must Read and Apply

https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download the ZIP into its own folder. Note that for those upgrading before v1.9, v1.9 onward moves Keycloak under a single docker-compose.yml for a single port. The instructions are in this document.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" or "127.0.0.1" as inside a docker container those mean that container, not the host it is running on.

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly.

Once done read over the other documents in the repo on minimum requirements, HTTPS, security, etc. as well.

OpenRMF OSS v1.9.0

11 Mar 17:14
d926e24
Compare
Choose a tag to compare

Updates in this v1.9.0 release:

  • Update to the latest NGINX Unprivileged web container
  • Update the base containers to Alpine Linux 3.17.2
  • Update to the latest DISA Templates as of March 9, 2023
  • Fix a bug on filtering hostnames case insensitive to host
  • Update to using Keycloak 20.0.3
  • Update configuration to run all under 1 NGINX port (breaking change with Keycloak 20)
  • Updated documentation for setup, install, min requirements, HTTPS

If you are upgrading, stop the current OpenRMF® OSS stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files.

I upgrading, be careful on the .env as you will have one setup for your environment.

Relaunch the OpenRMF stack and clear your browser cache. Then everyone will have to setup Keycloak as directed in the step-by-step instructions below. Keycloak 20 was put under the single docker-compose.yml file and it has to be setup again with the setup scripts. Then add back the users / assign roles as required.

Step-by-Step Instructions Everyone Must Read and Apply

https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download the ZIP into its own folder. Note that for those upgrading, v1.9 moves Keycloak under a single docker-compose.yml for a single port. The instructions are in this document.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" or "127.0.0.1" as inside a docker container those mean that container, not the host it is running on.

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly.

Once done read over the other documents in the repo on minimum requirements, HTTPS, security, etc. as well.

OpenRMF OSS v1.8.3

27 Nov 13:55
6b2a101
Compare
Choose a tag to compare

Updates in this v1.8.2 release:

  • Update to the latest NGINX Unprivileged web container
  • Update to the latest DISA Templates as of November 9, 2022

If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache.

Login and run! Verify the .env file is correct with the correct IP/DNS entry.

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .

Step by Step Instructions

https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

ALSO: Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.

OpenRMF OSS v1.8.2

28 Aug 15:58
3adb320
Compare
Choose a tag to compare

Updates in this v1.8.2 release:

  • Update to the latest Alpine 3.16.2 base image for vulnerabilities
  • Update to the latest NGINX Unprivileged web container
  • Update to the latest DISA Templates as of August 28, 2022

If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache.

Login and run! Verify the .env file is correct with the correct IP/DNS entry.

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .

Step by Step Instructions

https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

ALSO: Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.

OpenRMF OSS v1.8.1

20 May 12:53
08733f7
Compare
Choose a tag to compare

Updates in this v1.8.1 release:

  • Fix the Nessus SCAP parser to pull results correctly
  • Fix the msg-system consolidated code from msg-checklist to score new checklists correctly
  • Please see the note on v1.8.0 release on updating the MongoDB compatibility before upgrading from 1.7.2 or earlier

If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache.

Login and run! Verify the .env file is correct with the correct IP/DNS entry.

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .

Step by Step Instructions

https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

ALSO: Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.

OpenRMF OSS v1.8.0

19 May 13:11
46f6e2b
Compare
Choose a tag to compare

Updates in this v1.8.0 release:

  • 👍🏼 Templates are updated to the DISA May 10, 2022 and earlier checklists they released recently!
  • Updated the POAM format to better match DoD and eMASS type format
  • Allow creating checklists from a template record page
  • .NET Core 6
  • Keycloak 15
  • MongoDB 5
  • NATS 2.8
  • Consolidated Save, Upload, Compliance into Read API
  • Consolidated Checklist MSG client into System MSG Client

YOU MUST RUN the "update-mongodb.sh" or "update-mongodb.cmd" to set your MongoDB compatibility for the database or the newer 5.0.6 MongoDB will keep restarting. Do that BEFORE you shut down and copy over YML and CONF files.

If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache.

Login and run! Verify the .env file is correct with the correct IP/DNS entry.

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .

Step by Step Instructions

https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.

OpenRMF OSS v1.7.2

30 Jan 15:38
4d0d4d6
Compare
Choose a tag to compare

Updates in this v1.7.2 release:

  • The SCAP results will go into the Finding Details every time a SCAP scan is uploaded, whether a NEW or UPDATE of an existing checklist (see snapshot below) — if using SCAP d_o not edit that field manually_ if you want to keep data there
  • When updating a checklist by uploading the whole CKL, all status/finding/comments/severity override are copied from the uploaded checklist to the current checklist record — if you need to “upgrade it” first then upgrade it as the upload only copies data
  • when updating a checklist by uploading a SCAP XCCDF result, only the status and finding detail is updated for pass (Not a Finding) and fail (Open) issues from the SCAP only — anything else is left alone (see screenshots of Chrome checklist below)
  • ⬆️ this is a change as we were incorrectly updating EVERY SINGLE thing from a SCAP XCCDF upload like it was new, overwriting the current CKL data and that is not the right way to handle SCAP uploads
  • 👍🏼 Templates are updated to the DISA January 25, 2022 and earlier checklists they released recently!

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .

Step by Step Instructions

https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.

If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment. Relaunch the OpenRMF stack and clear your browser cache. Login and run! Verify the .env file is correct with the correct IP/DNS entry.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.

OpenRMF OSS 1.7

28 Dec 11:44
3845375
Compare
Choose a tag to compare

Updates in this v1.7 release:

  • updated base container image for vulnerability fixes
  • updated NGINX container for the web UI for vulnerability fixes
  • easier editing of vulnerabilities, all on one page w/o a popup
  • fixing a bug removing \n from Template formatting
  • fixing loading of HTML / XML characters in checklist details listings
  • adding the NGINX prometheus exporter for tracking metrics of the web UI
  • allow tagging of checklists (one at a time)
  • listing all templates, including internal ones from DISA's public site
  • updated DISA checklist templates up to December 24, 2021
  • better formatting of plugin description for Nessus report
  • better formatting for vulnerability detail on reports and chekclist vulnerability listings

This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .

Step by Step Instructions

https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.

If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment. Relaunch the OpenRMF stack and clear your browser cache. Login and run! Verify the .env file is correct with the correct IP/DNS entry.

IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.

Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.