Skip to content

Content 0.1.75

Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 14 Nov 19:57
· 226 commits to master since this release
73a89fb

Important Highlights

  • Add new product kylinserver10 (#12393)
  • Create OL10 product (#12290)
  • Update PCI-DSS control file for version 4.0.1 (#12435)

New Rules and Profiles

  • [New Rule] Package kea removed (#12464)
  • Add Ism profile for ol8 (#12493)
  • Add Ism profile to OL9 (#12346)
  • Create CIS rules for login banners (#12472)
  • New rule tftp_uses_secure_mode_systemd (#12436)
  • Update chrony rules for RHEL 10 (#12415)
  • Update RHEL 9 STIG to V2R2 (#12551)

Updated Rules and Profiles

  • Add to slmicro5 STIG pam pwhistory remember rule (#12255)
  • Add CCI to package_postfix_installed (#12446)
  • Add hipaa reference to sshd_use_directory_configuration (#12437)
  • Add Ism profile for ol8 (#12493)
  • Add Missing CPEs for RHEL10 (#12411)
  • Add OL into jinja conditionals (#12461)
  • Add package_rng-tools_installed to Fedora OSPP profile (#12244)
  • Add RHEL 10 to Jinja if statements in firewalld_sshd_port_enabled (#12504)
  • Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524)
  • Add rule chronyd_or_ntpd_set_maxpoll to SLE Micro 5 STIG profile (#12499)
  • Add rule security_patches_up_to_date to SLE Micro 5 STIG profile (#12506)
  • Add rules removed from RHEL8/RHEL9 profiles back to datastream (#12572)
  • Add STIG rules for slmicro5 covering lib dirs root ownership (#12252)
  • Add support for XCCDF variables into sshd_lineinfile template (#12251)
  • Adjust FIPS enable_fips_mode for RHEL 10 (#12414)
  • Adjust zipl_bls_entries_option template remedation to allow RHEL 10 (#12410)
  • Change directory_permissions_etc_iptables to 700 (#12384)
  • Change platform for rules related to partitions (#12562)
  • Change platform in xwindows_runlevel_target (#12563)
  • Consolidate ASCS RHEL profiles lastlog via sshd (#12249)
  • convert more rules to sshd_lineinfile template (#12301)
  • Create CIS rules for login banners (#12472)
  • Fix a typo (#12275)
  • Fix Audit related rules in RHEL 10 (#12359)
  • Fix chronyd remote server filepath dir regex (#12312)
  • fix for issue 11909 (#12318)
  • Fix rules from the net-snmp component (#12391)
  • grub2_vsyscall_argument should only be applicable to x86_64 (#12408)
  • Hide CJIS profile for OL8 (#12357)
  • Move daemon.* to /var/log/messages (#12433)
  • Move package_rear_installed to related rules in e8 (#12456)
  • Move RPM verify rules to use --restore (#12413)
  • OCP4: Optimize ingress trusted ca remediation (#12268)
  • Remove sshd_enable_warning_banner_net from HIPAA control file (#12534)
  • Remove Outdated GNOME Rules in RHEL 10 (#12460)
  • Remove package_talk-server_removed from RHEL 10 ANSSI (#12457)
  • Remove rng-tools package rules from RHEL 10 (#12455)
  • Remove sendmail from RHEL 10 profiles (#12452)
  • Remove sshd_allow_only_protocol2 from RHEL 10 (#12390)
  • Remove ypbind rules from RHEL10 (#12450)
  • Remove ypserv from RHEL 10 profiles (#12451)
  • Rename cron package to cronie for RHEL10 product (#12463)
  • Review PCI-DSS requirements and rules for RHEL 10 (#12347)
  • Review sshd_set_maxstartups rule (#12419)
  • RHEL 10 HIPAA Profile Updates (#12345)
  • RHEL 10 ISM_O: add back enable_fips_mode rule (#12449)
  • RHEL 10 STIG Update (#12348)
  • RHEL 10 tmux changes (#12383)
  • RHEL 9 STIG: change remediated Networkmanager DNS mode (#12448)
  • Slmicro5 stig add accounts and amount rules support (#12353)
  • Slmicro5 stig add accounts and software rules support (#12364)
  • Slmicro5 stig add rules selinux ssh and audit (#12316)
  • Slmicro5 stig add services and software rules support (#12395)
  • Stabilization: update audit_ospp_general with the latest content (#12592)
  • Two CIS RHEL 9 enhancements (#12453)
  • Ubuntu 22.04 STIG V2R1 changes (#12298)
  • Update ANSSI BP28 profiles in rhel10 product (#12351)
  • Update CCI Numbers due to new STIG/SRG GPOS (#12374)
  • Update chrony rules for RHEL 10 (#12415)
  • Update e8 profile for RHEL 10 (#12402)
  • Update file_permissions_etc_chrony_keys (#12521)
  • Update file_permissions_etc_chrony_keys to 640 (#12577)
  • Update install_smartcard_packages for RHEL10 (#12459)
  • update ism_o profiles for RHEL 10 (#12418)
  • Update Jinja for package_rsync_removed for RHEL 10 (#12480)
  • Update networkmanager_dns_mode for bootable containers (#12574)
  • Update of the rule encrypt_partitions to support SLEM (#12343)
  • Update ol7 stig (#12544)
  • Update ol8 stig (#12545)
  • Update OSPP control file (#12369)
  • Update PCI-DSS control file for version 4.0.1 (#12435)
  • update pwd length requirements for ism_o profile (#12431)
  • Update RHEL 10 STIG Selections (#12376)
  • Update RHEL 8 STIG due to rule removal (#12559)
  • Update RHEL 8 STIG to V2R1 (#12550)
  • Update RHEL 9 STIG to V2R1 (#12373)
  • Update RHEL 9 STIG to V2R2 (#12551)
  • Update rsyslog_cron_logging for bootable containers (#12575)
  • Update service_rngd_enabled for RHEL 10 (#12243)
  • Update SLE12 STIG version to V3R1 (#12580)
  • Update SLE15 STIG version to V2R2 (#12570)
  • Update various openshift assertions (#12443)
  • Updated 6 rules 2 for sle micro (#12331)
  • Updated packages related to openssh to support slem (#12338)
  • Updated rules based on template service_disabled to support slem (#12337)
  • Updates for Debian 12.6 (#12432)
  • Updates related to the rule permissions_local_var_log_audit (#12356)
  • Various Bug Fixes for Debian (#12084)

Removed Products

Changes in Remediations

  • Add ansible remediation configure_bind_crypto_policy (#12325)
  • Add ansible remediation to ensure_oracle_gpgkey_installed rule (#12323)
  • Add ansible remediation to mount_option_home template (#12546)
  • Add ansible remediaton for rsyslog_cron_logging rule (#12326)
  • Add insensitive option to ansible_lineinfile macro (#12314)
  • Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524)
  • Add rule security_patches_up_to_date to SLE Micro 5 STIG profile (#12506)
  • Add rules to support remote offload of journal logs (#12479)
  • Add support for XCCDF variables into sshd_lineinfile template (#12251)
  • Added remediation and tests for the rule permissions_local_var_log_audit (#12360)
  • Avoid tmpfiles override (#12218)
  • Bring bash version in-sync with Ansible (#12398)
  • Change flags cleanup (#12397)
  • Create CIS rules for login banners (#12472)
  • Don't autoremove packages on dnf package uninstall (#12389)
  • Fix "unknown predicate -L" (#12305)
  • Fix ansible remediation for audispd plugin UBTU-20-010216 (#12293)
  • Skip users with ID above UID MAX on accounts_user_interactive_home_directory_defined (#12527)
  • SLE15 related fixes in ntp and aide rules (#12548)
  • Slmicro5 stig add accounts and software rules support (#12364)
  • Update ansible remediation to harden_sshd_ciphers_openssh_conf_crypto_policy rule (#12324)
  • Update bash remediation to fix bug into account_disable_inactivity* (#12134)
  • Update remedation for firewalld_sshd_port_enabled (#12522)
  • Update select rules for RHEL not to modify systemd units in /usr (#12486)
  • Update SLE12 STIG version to V3R1 (#12580)
  • Update SLE15 STIG version to V2R2 (#12570)

Changes in Checks

  • Add "is_substring" variable to grub2_bootloader_argument template (#12308)
  • Add OL9 into installed_OS_is_vendor_supported (#12333)
  • Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524)
  • Add support for XCCDF variables into sshd_lineinfile template (#12251)
  • convert more rules to sshd_lineinfile template (#12301)
  • Create CIS rules for login banners (#12472)
  • enhance the grub2_argument template to cover more use cases (#12375)
  • Fix Audit related rules in RHEL 10 (#12359)
  • Fix inventory_test_kernel_installed for SLE (#12516)
  • Remove redundant sshd oval macro (#12532)
  • Slmicro5 stig add accounts and software rules support (#12364)
  • Update SLE15 STIG version to V2R2 (#12570)

Changes in the Infrastructure

  • Add ocp4 pci dss references (#12309)
  • Add setuptools python package to Fedora (#12565)
  • Add setuptools to ocp4 build (#12566)
  • Build empty OVAL (#12262)
  • Build SCE content by default in rhel9 and rhel10 products (#12488)
  • Enable templated SCE checks (#12445)
  • Ensure that platforms is valid in Automatus tests (#12505)
  • Fix issue with ambiguity of control product (#12454)
  • Fix thin data streams with SCE (#12503)
  • Fix validation with OpenSCAP 1.4 (#12303)
  • Fix Windows for OpenSCAP 1.4.0 release (#12304)
  • Introduce bootc remediation type (#12497)
  • Move data stream component references (#12557)
  • Remove template option (#12341)
  • Stop SCAP content validation if not necessary (#12523)
  • Update Fedora in install_vm.py to F41 (#12567)

Changes in the Test Suite

  • add debian12 automatus workflow (#12128)
  • Add OCP and RHCOS assertion files for 4.17 (#12266)
  • Add RHEL Platform to Select AIDE Tests (#12483)
  • add rule sysctl_kernel_modules_disabled to unselect_rules_list (#12354)
  • Fix automatus podman (#12230)
  • Fix Automatus Sanity (#12188)
  • Improve Benchmark detection in Automatus (#12554)
  • Introduce /rpmbuild-ctest-fedora CI for all Fedora versions (#12176)
  • modify test scenarios of grub2_argument template to handle variables (#12428)
  • Remove missing-references ctest (#12434)
  • Remove template option (#12341)
  • Review and update install_vm.py script (#12254)

Documentation

  • Add UOS 20 removal to docs (#12257)
  • Align release date calculation with documentation (#12240)
  • Bump master version to 0.1.75 (#12235)
  • Clarify stabilization dates process for more predictability (#12232)
  • Include a section for fixed bugs in changelog (#12239)
  • Remove old and broken tldp.org link (#12284)
  • Update contributors for 0.1.75 (#12576)

Fixed Bugs

  • Remove installed_OS_is_FIPS_certified from sshd_use_approved_ciphers (#12242)
  • firewalld_sshd_port_enabled add zone to all connections (#12256)
  • Create CIS rules for login banners (#12472)
  • Disable sysctl_kernel_modules_disabled Ansible remediation (#12514)
  • Explicitly state FindOpenSCAP cmake so it loads before it's used. (#12538)
  • Extend mount_option_nodev_nonroot_local_partitions (#12270)
  • Fix crypto policy selection rhel10 (#12466)
  • Fix references section in the workshop artificial rule data. (#12261)
  • Fix title of var_networkmanager_dns_mode (#12258)
  • Remove enable_dracut_fips_module from RHEL 10 profiles (#12467)
  • Two CIS RHEL 9 enhancements (#12453)
  • Update Account Home Folder Rules (#12465)
  • Update audit_rules_suid_privilege_function to use ExecStart instead of ExecStartPost (#12549)
  • Update Regex for sudoers_explicit_command_args (#12350)
  • Update SLE15 STIG version to V2R1 (#12269)