Releases: Cingulara/openrmf-docs
OpenRMF OSS v1.12 Release
Version 1.12 has the following added features and fixes:
- Added unique checklist match based on system package, hostname, checklist/STIG type, web or database, site, and instance fields
- Updated the checklist naming to account for unique web or database fields
- Updated Keycloak v25.0.4
KC_PROXY_HEADERS=xforwarded
environment variable fromKC_PROXY=edge
- Updated Keycloak v25.0.5 theme for OpenRMF OSS
- Updated base images for web, code
- Updated 3rd party infrastructure images
- Updated matching SCAP to DISA Checklist Templates on naming conventions
- Latest DISA Templates as of September 16, 2024
If you are upgrading and have not made major configuration changes (password, HTTPS, etc.), stop the current OpenRMF® OSS stack. Then unzip the contents of the OpenRMF v1.12 ZIP file into another directory/folder.
Otherwise, the only file you need if upgrading from v1.11 is the docker-compose.yml
file with the changes to updated image tags and the full path to images. There is an update to the Keycloak KC_PROXY
as it got renamed and needs a new value as well. If manually editing your own docker-compose.yml
please note this area.
It is a good idea to make a backup of all your files before upgrading.
Step-by-Step Instructions for Initial Setup/Installation Everyone Must Read and Apply
https://cingulara.github.io/openrmf-docs/install.html use these once you download the ZIP into its own folder.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" or "127.0.0.1" as inside a docker container those mean that container, not the host it is running on.
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly.
Once done read over the other documents in the repo on minimum requirements, HTTPS, security, etc. as well.
What's Changed
- v1.12 updated release by @Cingulara in #350
Full Changelog: v1.11.00...v1.12.00
OpenRMF OSS v1.11 Release
Version 1.11 has the following added features and fixes:
- Added MARKING, HOST IP, HOST MAC, Web or Database Fields for display and editing
- Get Host IP, MAC, FQDN from the SCAP scan results, if there, for a checklist
- Read for Not Applicable in SCAP scan results, and fill in CKL record accordingly
- Updated Keycloak
KC_PROXY
environment variable frompassthrough
toedge
for HTTPS setup later - Updated base images for web, code
- Updated 3rd party infrastructure images
- Updated matching SCAP to DISA Checklist Templates on naming conventions
- Removed Jaeger and OpenTracing older code not used
- Removed build warnings on NLog and throwing extra exceptions
- Sped up loading of report and template data
- Latest DISA Templates as of April 18, 2024
- Mounted the initial JS for database collections with :Z versus :ro to work in REL/podman
If you are upgrading, stop the current OpenRMF® OSS stack. Then unzip the contents of the OpenRMF v1.11 ZIP file into another directory/folder. The only file you need if upgrading from v1.10 is the docker-compose.yml
file with the changes to mount points for REL and updated image tags.
It is a good idea to make a backup of all your files before upgrading.
If you are not at v1.10, download that release first and look for the "add indexes" scripts you can apply for performance.
Step-by-Step Instructions for Initial Setup/Installation Everyone Must Read and Apply
https://cingulara.github.io/openrmf-docs/install.html use these once you download the ZIP into its own folder.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" or "127.0.0.1" as inside a docker container those mean that container, not the host it is running on.
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly.
Once done read over the other documents in the repo on minimum requirements, HTTPS, security, etc. as well.
What's Changed
- updating base containers for vulnerabilities by @Cingulara in #300
- docs: missing step for keycloak by @CRdeGraaf in #302
- Update configuration and documents for v1.9 by @DaleBinghamSoteriaSoft in #306
- Fixing online HTTPS docs image links by @DaleBinghamSoteriaSoft in #307
- update to the YAML for K8s deployments by @Cingulara in #329
- fixing online docs by @Cingulara in #338
New Contributors
- @CRdeGraaf made their first contribution in #302
Full Changelog: v1.10.0...v1.11.00
OpenRMF OSS v1.10 Release
Updates in this v1.10.0 release:
- Sped up reports using AJAX calls to load some tables versus "foreach" Javascript
- Added indexes on certain fields for speeding up the listing and searching of data in 5 MongoDB databases
- Added a report to list vulnerabilities by status and severity options
- Added a report to show activity on checklists for age and stale data
- Added a report to show all Vulnerabilities with severity override set
- Added a report to list all Checklists that require an Upgrade
- Fix for Empty Comments / Details not saved on Checklists
- Fix for Apostrophe and special HTML characters being escaped in data on textboxes
- Fix for matching SCAP to Checklists on certain changed DISA templates
- Fix for Severity Override not resetting after being on a VULN record that has one, to one that does not
- Fix bug to hide upload Template if not an Administrator
- Remove Caching on Reporting API to show proper data after deleting checklists correctly
- Latest DISA Templates as of November 4, 2023
- Updated help with better descriptions and overview
- Update to the latest NGINX Unprivileged web container
- Update the base containers to Alpine Linux 3.17.3
- Update to the latest DISA Templates as of November 4, 2023
If you are upgrading, stop the current OpenRMF® OSS stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Then run the 4 scripts in the database index update directory in the ZIP file for performance and newer reports:
- ./addChecklistIndexes.sh "ROOT-PASSWORD-FROM-MONGO-IN-YML"
- ./addReportIndexes.sh "ROOT-PASSWORD-FROM-MONGO-IN-YML"
- ./addScoreIndexes.sh "ROOT-PASSWORD-FROM-MONGO-IN-YML"
- ./addTemplateIndexes.sh "ROOT-PASSWORD-FROM-MONGO-IN-YML"
If upgrading, be careful on just copying the .env
as you will have one setup for your environment. It is a good idea to make a backup of all your files before upgrading.
Step-by-Step Instructions Everyone Must Read and Apply
https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download the ZIP into its own folder. Note that for those upgrading before v1.9, v1.9 onward moves Keycloak under a single docker-compose.yml
for a single port. The instructions are in this document.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" or "127.0.0.1" as inside a docker container those mean that container, not the host it is running on.
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly.
Once done read over the other documents in the repo on minimum requirements, HTTPS, security, etc. as well.
OpenRMF OSS v1.9.0
Updates in this v1.9.0 release:
- Update to the latest NGINX Unprivileged web container
- Update the base containers to Alpine Linux 3.17.2
- Update to the latest DISA Templates as of March 9, 2023
- Fix a bug on filtering hostnames case insensitive to host
- Update to using Keycloak 20.0.3
- Update configuration to run all under 1 NGINX port (breaking change with Keycloak 20)
- Updated documentation for setup, install, min requirements, HTTPS
If you are upgrading, stop the current OpenRMF® OSS stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files.
I upgrading, be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache. Then everyone will have to setup Keycloak as directed in the step-by-step instructions below. Keycloak 20 was put under the single docker-compose.yml
file and it has to be setup again with the setup scripts. Then add back the users / assign roles as required.
Step-by-Step Instructions Everyone Must Read and Apply
https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download the ZIP into its own folder. Note that for those upgrading, v1.9 moves Keycloak under a single docker-compose.yml
for a single port. The instructions are in this document.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" or "127.0.0.1" as inside a docker container those mean that container, not the host it is running on.
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly.
Once done read over the other documents in the repo on minimum requirements, HTTPS, security, etc. as well.
OpenRMF OSS v1.8.3
Updates in this v1.8.2 release:
- Update to the latest NGINX Unprivileged web container
- Update to the latest DISA Templates as of November 9, 2022
If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache.
Login and run! Verify the .env file is correct with the correct IP/DNS entry.
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .
Step by Step Instructions
https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.
ALSO: Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.
OpenRMF OSS v1.8.2
Updates in this v1.8.2 release:
- Update to the latest Alpine 3.16.2 base image for vulnerabilities
- Update to the latest NGINX Unprivileged web container
- Update to the latest DISA Templates as of August 28, 2022
If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache.
Login and run! Verify the .env file is correct with the correct IP/DNS entry.
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .
Step by Step Instructions
https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.
ALSO: Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.
OpenRMF OSS v1.8.1
Updates in this v1.8.1 release:
- Fix the Nessus SCAP parser to pull results correctly
- Fix the msg-system consolidated code from msg-checklist to score new checklists correctly
- Please see the note on v1.8.0 release on updating the MongoDB compatibility before upgrading from 1.7.2 or earlier
If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache.
Login and run! Verify the .env file is correct with the correct IP/DNS entry.
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .
Step by Step Instructions
https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.
ALSO: Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.
OpenRMF OSS v1.8.0
Updates in this v1.8.0 release:
- 👍🏼 Templates are updated to the DISA May 10, 2022 and earlier checklists they released recently!
- Updated the POAM format to better match DoD and eMASS type format
- Allow creating checklists from a template record page
- .NET Core 6
- Keycloak 15
- MongoDB 5
- NATS 2.8
- Consolidated Save, Upload, Compliance into Read API
- Consolidated Checklist MSG client into System MSG Client
YOU MUST RUN the "update-mongodb.sh" or "update-mongodb.cmd" to set your MongoDB compatibility for the database or the newer 5.0.6 MongoDB will keep restarting. Do that BEFORE you shut down and copy over YML and CONF files.
If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment.
Relaunch the OpenRMF stack and clear your browser cache.
Login and run! Verify the .env file is correct with the correct IP/DNS entry.
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .
Step by Step Instructions
https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.
Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.
OpenRMF OSS v1.7.2
Updates in this v1.7.2 release:
- The SCAP results will go into the Finding Details every time a SCAP scan is uploaded, whether a NEW or UPDATE of an existing checklist (see snapshot below) — if using SCAP d_o not edit that field manually_ if you want to keep data there
- When updating a checklist by uploading the whole CKL, all status/finding/comments/severity override are copied from the uploaded checklist to the current checklist record — if you need to “upgrade it” first then upgrade it as the upload only copies data
- when updating a checklist by uploading a SCAP XCCDF result, only the status and finding detail is updated for pass (Not a Finding) and fail (Open) issues from the SCAP only — anything else is left alone (see screenshots of Chrome checklist below)
- ⬆️ this is a change as we were incorrectly updating EVERY SINGLE thing from a SCAP XCCDF upload like it was new, overwriting the current CKL data and that is not the right way to handle SCAP uploads
- 👍🏼 Templates are updated to the DISA January 25, 2022 and earlier checklists they released recently!
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .
Step by Step Instructions
https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.
If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment. Relaunch the OpenRMF stack and clear your browser cache. Login and run! Verify the .env file is correct with the correct IP/DNS entry.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.
Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.
OpenRMF OSS 1.7
Updates in this v1.7 release:
- updated base container image for vulnerability fixes
- updated NGINX container for the web UI for vulnerability fixes
- easier editing of vulnerabilities, all on one page w/o a popup
- fixing a bug removing \n from Template formatting
- fixing loading of HTML / XML characters in checklist details listings
- adding the NGINX prometheus exporter for tracking metrics of the web UI
- allow tagging of checklists (one at a time)
- listing all templates, including internal ones from DISA's public site
- updated DISA checklist templates up to December 24, 2021
- better formatting of plugin description for Nessus report
- better formatting for vulnerability detail on reports and chekclist vulnerability listings
This release is for AMD or Intel based 64-bit operating systems and machines. ARM machines such as Windows Surface and Raspberry Pi are not supported and do not work correctly .
Step by Step Instructions
https://github.com/Cingulara/openrmf-docs/blob/master/step-by-step.md use these once you download each ZIP into its own folder.
If you are upgrading, stop the current OpenRMF stack. Then unzip the contents of the OpenRMF ZIP file into the folder you are currently using and overwrite the YML and other script files. Be careful on the .env as you will have one setup for your environment. Relaunch the OpenRMF stack and clear your browser cache. Login and run! Verify the .env file is correct with the correct IP/DNS entry.
IMPORTANT: You must look at the .env file to set the Keycloak/OpenID location and realm. Check the .env file in the OpenRMF folder you unzip to set the IP address correctly. The docker-compose stack YML files read that .env file to launch. These cannot be "localhost" as "localhost" inside a docker container is that container, not the host it is running on.
Make sure Keycloak is running correctly with a new "openrmf" realm before starting OpenRMF. This keeps it separate from other realms. We included a separate Keycloak setup ZIP file below. There are Linux, Mac, and Windows scripts to auto-create the Keycloak realm.