Releases: ansible-lockdown/RHEL7-STIG
RHEL 7 DISA STIG V3R14
This role is based on RHEL 7 DISA STIG: Version 3, Rel 14 released on January 24, 2024
Remediate
Issues closed and PRs merged - What's changed
Pre-commit updates
Standards and linting
Audit
- updated
- jmespath dependency removed
What's Changed
- Task validation fixes and rewrites (by Steampunk Spotter) by @anzoman in #437
- Discord updates, lint and tidy by @uk-bolly in #438
- Collections lint by @uk-bolly in #439
- Adding additional condition for rhel7stig_grub2_user_cfg for task by @layluke in #441
- updated the workflow version and galaxy setup by @uk-bolly in #442
- Tidyup by @uk-bolly in #444
- rhel7stig_boot_part variable now discovered by @uk-bolly in #445
- removed doc dir by @uk-bolly in #449
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #447
- Jan 24 updates by @uk-bolly in #450
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #451
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #454
- Feb 24 updates by @uk-bolly in #455
- Stig v3r13 into devel by @uk-bolly in #457
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #458
- 2024 April Update: prelim.yml fixes on when conditions on cronie and passwd_tasks by @frederickw082922 in #460
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #461
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #468
- Excluding non-interactive logins shells from being parsed by @layluke in #466
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #469
- Workflow audit by @uk-bolly in #470
- Updated workflow by @uk-bolly in #471
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #472
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #474
- Stig v3r14 by @uk-bolly in #473
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #475
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #476
- Oct24 updated by @uk-bolly in #478
- V3R14 to main release by @uk-bolly in #477
New Contributors
- @anzoman made their first contribution in #437
- @layluke made their first contribution in #441
- @pre-commit-ci made their first contribution in #447
- @frederickw082922 made their first contribution in #460
Full Changelog: 1.8.2...1.9.0
Final Stig V3r12 release
STIG Version3 Release 12 release - July 23
Remediate
Issues closed and PRs merged - What's changed
Pre-commit updates
Many improvements to different controls
ansible version to 2.10.1
Update to allow Galaxy Releases for new galaxy_ng
What's Changed
- Stig v3r12 by @uk-bolly in #432
- Workflow lint readme and prereq tags by @uk-bolly in #433
- V3R12 update by @uk-bolly in #434
- updated assert for workflow run by @uk-bolly in #435
- workflow update by @uk-bolly in #436
- Task validation fixes and rewrites (by Steampunk Spotter) by @anzoman in #437
- Discord updates, lint and tidy by @uk-bolly in #438
- Collections lint by @uk-bolly in #439
- Adding additional condition for rhel7stig_grub2_user_cfg for task by @layluke in #441
- updated the workflow version and galaxy setup by @uk-bolly in #442
- Tidyup by @uk-bolly in #444
- rhel7stig_boot_part variable now discovered by @uk-bolly in #445
- removed doc dir by @uk-bolly in #449
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #447
- Jan 24 updates by @uk-bolly in #450
- devel to main update for release by @uk-bolly in #443
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #451
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #454
- Feb 24 updates by @uk-bolly in #455
New Contributors
- @whitehat237 made their first contribution in #430
- @anzoman made their first contribution in #437
- @layluke made their first contribution in #441
- @pre-commit-ci made their first contribution in #447
Full Changelog: 1.7.0...1.8.2
Stig V3R12 release July 2023
What's Changed
- Devel to Main for release 1.0 by @uk-bolly in #342
- Version 1.0.1 - Minor Updates by @georgenalen in #350
- Issue Fixes and Enhancements by @georgenalen in #364
- Devel to main for release by @uk-bolly in #367
- Benchmark 3.3 updates and other fixes by @georgenalen in #374
- Added Issue/PR Templates and Issue Fixes by @georgenalen in #378
- Devel to Main release Stig V3R4 by @uk-bolly in #384
- release 1.3.2 - issue fixes by @uk-bolly in #389
- Release 1.4.0 by @georgenalen in #395
- Benchmark Version 3 Release 6 Updates by @georgenalen in #402
- Stig v3r10 to main by @uk-bolly in #420
- Stig V3R11 release by @uk-bolly in #427
- Improve sudo user password check by @uk-bolly in #429
- Update fix-cat2.yml by @whitehat237 in #430
- Stig v3r12 by @uk-bolly in #432
- Workflow lint readme and prereq tags by @uk-bolly in #433
- V3R12 update by @uk-bolly in #434
- updated assert for workflow run by @uk-bolly in #435
- workflow update by @uk-bolly in #436
New Contributors
- @whitehat237 made their first contribution in #430
Full Changelog: 1.7.0...1.8.0
What's Changed
Full Changelog: 1.8.0...1.8.1
Stig V3R11 Release
Stig V3r11 27th April 2023
Consistent on ansible version
Improvement in checking ansible user has password 010340
tidy of boootloader discovery and paths
-
New controls
- RHEL-07-010019
- RHEL-07-010063
- RHEL-07-020028
-
rule id updates and changes
- RHEL-07-010119
- RHEL-07-010199
- RHEL-07-010271
- RHEL-07-020028
- RHEL-07-020030
STIG v3r10 release
Lint updates
workflow updates
goss url and version
FQCN added
alignment to audit benchmark version
-
Thanks to @joseph Hoffman
-
Thanks to @bordenit
-
Update to V3R10 - Jan 2023
All controls have rules updated-
cat_1
- 010010
- 010290
-
cat 2
- 010060
- 010062
- 010070
- 010081
- 010082
- 010090 Added back in for screen pkgs to be installed
- 010100
- 010101
- 010110
- 010199 - new control
- 010200
- 010270
- 010320
- 010330
- 010342 - updated grep command to grep -E
- 020029 - added notify and updated rule
- 020030 - updated mail path in cron job
- 020040
- 020650
- 021620
- 040201
- 040420
- 040470 - conditional added only pre 7.4
- 040610
- 040611
- 040612
- 040620
- 040630
- 040640
- 040641
- 040650
- 040660
- 040712 - new control ssh KEX
- 040740
- 040830
-
-
cat 3
- 010375 - new control
- 021600
- 021610
-
RHEL-07-010271 - New Control Added
-
Update to STIG V3R9 Oct 27th 2022 - Changes Listed Below
- RHEL-07-010342, RHEL-07-010343, RHEL- 07-020023, RHEL-07-030201 - Updated fix text.
- RHEL-07-021040, RHEL-07-021700 - Updated check text command to eliminate false positives.
- RHEL-07-030840 - Updated check and fix text.
- RHEL-07-040160 - Updated check text.
- RHEL-07-040310 - Corrected typo in the Vulnerability Discussion.
- RHEL-07-040360, RHEL-07-040530 - Updated CCI.
-
Update to README and requirements
-
RHEL-07-010010, RHEL-07-010020, RHEL-07-010291, RHEL-07-021030,RHEL-07-021040 - Updated Tag Information
What's Changed
- Audit vars by @uk-bolly in #409
- Update main.yml by @dirtyharrycallahan in #406
- Update fix-cat2.yml by @dirtyharrycallahan in #407
- Update fix-cat2.yml by @dirtyharrycallahan in #408
- updates for v3r7 changes by @georgenalen in #415
- Idempotency by @uk-bolly in #416
- Steve stig v3r9 v2 by @MrSteve81 in #417
- Audit align v3r9 by @uk-bolly in #418
- updated title of audit summary steps by @uk-bolly in #419
- STIG v3r10 release by @uk-bolly in #421
- lint updated inline with galaxy by @uk-bolly in #423
- Stig v3r10 to main by @uk-bolly in #420
New Contributors
- @MrSteve81 made their first contribution in #417
Full Changelog: 1.5.0...v1.6.0
Benchmark Version 3 Release 6 Updates
STIG Benchmark Version: 3.6
STIG Benchmark Release Date: Jan 27, 2022
Issue Fixes:
- #397 - SCAP scan fails for RHEL-07-040160 (TMOUT)
- #398 - RHEL-07-010119 is potentially not idempotent
- #400 - RHEL-07-010110 setting incorrect lock-delay value
Enhancements:
- STIG Benchmark 3.6 updates
- New automated testing pipeline for PR's
- New GitHub Action for first time contributors
- General tidy up of README layout
- Mention of Discord server in READE, along with the creation of the Discord server
Benchmark Version 3 Release 5 Updates
Issue Fixes
Benchmark 3.4 updates
STIG Version: Version 3 Rel 4
Issue Fixes:
None
Enhancements:
- Benchmark Version 3 Rel 4 updates
- Updated Issue and PR template
Added Issue/PR Templates and Issue Fix
STIG Version: Ver 3 Rel 3
Issue Fixes:
#371 - Error in RHEL-07-010491 (update)
Enhancements:
- Added issue templates
- Added PR template