mitre · jrmetzger · Jan 13, 2025 · Jan 13, 2025 · Jan 17, 2025 · Jan 17, 2025
diff --git a/Rakefile b/Rakefile
@@ -14,7 +14,7 @@ end
 
 begin
   RuboCop::RakeTask.new(:lint) do |task|
-    task.options += %w[--display-cop-names --no-color --parallel]
+    task.options += %w(--display-cop-names --no-color --parallel)
   end
 rescue LoadError
   puts 'rubocop is not available. Install the rubocop gem to run the lint tests.'

diff --git a/controls/SV-230221.rb b/controls/SV-230221.rb
@@ -51,16 +51,16 @@
   release = os.release
 
   EOMS_DATE = {
-    /^8\.1/ => '30 November 2021',
-    /^8\.2/ => '30 April 2022',
-    /^8\.3/ => '30 April 2021',
-    /^8\.4/ => '31 May 2023',
-    /^8\.5/ => '31 May 2022',
-    /^8\.6/ => '31 May 2024',
-    /^8\.7/ => '31 May 2023',
-    /^8\.8/ => '31 May 2025',
-    /^8\.9/ => '31 May 2024',
-    /^8\.10/ => '31 May 2029'
+    /^8\.1$/ => '30 November 2021',
+    /^8\.2$/ => '30 April 2022',
+    /^8\.3$/ => '30 April 2021',
+    /^8\.4$/ => '31 May 2023',
+    /^8\.5$/ => '31 May 2022',
+    /^8\.6$/ => '31 May 2024',
+    /^8\.7$/ => '31 May 2023',
+    /^8\.8$/ => '31 May 2025',
+    /^8\.9$/ => '31 May 2024',
+    /^8\.10$/ => '31 May 2029'
   }.find { |k, _v| k.match(release) }&.last
 
   describe "The release \"#{release}\" is still be within the support window" do

diff --git a/controls/SV-230332.rb b/controls/SV-230332.rb
@@ -87,7 +87,7 @@
     !input('central_account_management')
   }
 
-  if os.release.to_f >= 8.2
+  if Gem::Version.new(os.release) < Gem::Version.new('8.2')
     impact 0.0
     describe 'This requirement only applies to RHEL 8 version(s) 8.0 and 8.1' do
       skip "Currently on release #{os.release}, this control is Not Applicable."

diff --git a/controls/SV-230338.rb b/controls/SV-230338.rb
@@ -76,9 +76,9 @@
   tag 'host'
   tag 'container'
 
-  only_if('This check applies to RHEL versions 8.0 and 8.1, if the system is RHEL version 8.2 or newer, this check is not applicable.', impact: 0.0) {
-    (os.release.to_f) < 8.2
-  }
+  only_if('This check applies to RHEL versions 8.0 and 8.1. If the system is RHEL version 8.2 or newer, this check is Not Applicable.', impact: 0.0) do
+    Gem::Version.new(os.release) < Gem::Version.new('8.2')
+  end
 
   pam_auth_files = input('pam_auth_files')
 

diff --git a/controls/SV-230342.rb b/controls/SV-230342.rb
@@ -75,9 +75,9 @@
   tag cci: ['CCI-000044']
   tag nist: ['AC-7 a']
 
-  only_if('If the system is RHEL version 8.2 or newer, this check is not applicable.', impact: 0.0) {
-    (os.release.to_f) < 8.2
-  }
+  only_if('This check applies to RHEL versions 8.0 and 8.1. If the system is RHEL version 8.2 or newer, this check is Not Applicable.', impact: 0.0) do
+    Gem::Version.new(os.release) < Gem::Version.new('8.2')
+  end
 
   pam_auth_files = input('pam_auth_files')
 

diff --git a/controls/SV-230344.rb b/controls/SV-230344.rb
@@ -79,9 +79,9 @@
   tag 'host'
   tag 'container'
 
-  only_if('If the system is RHEL version 8.2 or newer, this check is not applicable.', impact: 0.0) {
-    (os.release.to_f) < 8.2
-  }
+  only_if('This check applies to RHEL versions 8.0 and 8.1. If the system is RHEL version 8.2 or newer, this check is Not Applicable.', impact: 0.0) do
+    Gem::Version.new(os.release) < Gem::Version.new('8.2')
+  end
 
   pam_auth_files = input('pam_auth_files')
 

diff --git a/controls/SV-230475.rb b/controls/SV-230475.rb
@@ -62,13 +62,13 @@
     !virtualization.system.eql?('docker')
   }
 
-  audit_tools = %w[/usr/sbin/auditctl
+  audit_tools = %w(/usr/sbin/auditctl
                    /usr/sbin/auditd
                    /usr/sbin/ausearch
                    /usr/sbin/aureport
                    /usr/sbin/autrace
                    /usr/sbin/rsyslogd
-                   /usr/sbin/augenrules]
+                   /usr/sbin/augenrules)
 
   if package('aide').installed?
     audit_tools.each do |tool|

diff --git a/controls/SV-250316.rb b/controls/SV-250316.rb
@@ -65,9 +65,9 @@ module with the following command:
   tag 'host'
   tag 'container'
 
-  only_if('This check applies to RHEL versions 8.0 and 8.1. If the system is RHEL version 8.2 or newer, this check is Not Applicable.', impact: 0.0) {
-    os.release.to_f < 8.2
-  }
+  only_if('This check applies to RHEL versions 8.0 and 8.1. If the system is RHEL version 8.2 or newer, this check is Not Applicable.', impact: 0.0) do
+    Gem::Version.new(os.release) < Gem::Version.new('8.2')
+  end
 
   describe selinux do
     it { should be_installed }

diff --git a/inspec.yml b/inspec.yml
@@ -4,7 +4,7 @@ maintainer: MITRE SAF Team
 copyright: MITRE
 license: Apache-2.0
 summary: "This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil."
-version: 1.14.1
+version: 1.14.2
 
 inspec_version: ">= 5.0"
 
@@ -1047,4 +1047,4 @@ inputs:
     type: String
     value: 'local'
 
-
+