Content 0.1.63
github-actions
released this
29 Jul 19:45
·
9227 commits
to master
since this release
Important Highlights
- Expand project guidelines (#8314)
- Add Draft OCP4 STIG profile (#8799)
- Add anssi_bp28_intermediary profile (#9045)
- add products/uos20 to support UnionTech OS Server 20 (#8779)
- products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles (#9103)
- Remove WRLinux Products (#9106)
- Update CIS RHEL8 Benchmark for v2.0.0 (#9154)
New Rules and Profiles
- Fill gaps in the RHEL8/RHEL9 STIG (#9016)
- Add anssi_bp28_intermediary profile (#9045)
- Introduce OL9 ospp profile (#9057)
- products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles (#9103)
- add Audit OSPP rules for AArch64 (#9091)
- Add grub2_systemd_debug-shell_argument_absent (#9100)
- CIS RHEL8 v2.0.0 small fixes (#9165)
Updated Rules and Profiles
- Make krb5 rules applicable only to older versions of certain package (#9003)
- RHEL8 STIG: Install redhat gpg key (#8993)
- Add anssi gshadow rules (#9022)
- Fill gaps in the RHEL8/RHEL9 STIG (#9016)
- remove support for external Audit files and cleanup test scenarios (#9073)
- Remove sysctl_fs_protected_* rules from RHEL 9 OSPP (#9081)
- Remove rule zip_vsyscall_argument (#9083)
- Enforce rule sysctl_user_max_user_namespaces in RHEL 9 OSPP (#9084)
- Make rule audit_access_success in OSPP profile unenforcing (#9082)
- Cleanup RHEL9 OSPP networking sysctl rules (#9092)
- Add two rules and some more CCEIDs (#9107)
- add Audit OSPP rules for AArch64 (#9091)
- remove rule accounts_password_minlen_login_defs from RHEL and Fedora profiles (#9113)
- remove Rsyslog related rules from RHEL9 OSPP (#9116)
- Anssi Rules Added (#9105)
- remove sshd_enable_strictmodes from RHEL9 OSPP (#9143)
- Update SLE15 DISA STIG from v1r6 (#9146)
- Remove yp-related rules from RHEL9 (#9148)
- Add Enable Auth Select to RHEL8/9 STIG (#9151)
- BUG: 2105878 OCP: Fix rule ocp4-kubelet-enable-streaming-connections (#9135)
- Relax chrony check and remediations (#9156)
- make RHEL-08-020231 automated again (#9125)
- Unify the RHEL approach for rule file_permissions_var_log_audit (#9129)
- Review and improve sssd_enable_smartcards rule (#9145)
- Amend OSPP references for some package_*_installed rules. (#9164)
- Add automation content to kernel_module_uvcvideo_disabled (#9162)
- Add missing rules to OL8 STIG profile (#9171)
- Remove rule dnf-automatic_security_updates_only from RHEL 9 OSPP (#9179)
- [Stabilization] remove accounts_max_concurrent_login_sessions from RHEL9 OSPP (#9219)
- Make Audit aarch64 rules specific to RHEL9 only (#9187)
- [stabilization] Remove umask-related rules from RHEL9 OSPP (#9224)
- Remove 3 package rules from RHEL 9 OSPP (#9228)
- Remove 3 crypto rules from RHEL 9 OSPP (#9227)
- [Stabilization] remove 4 PAM rules from RHEL9 OSPP (#9220)
- add new rule package_postfix_installed (stabilization) (#9214)
- [Stabilization] remove securetty_root_login_console_only from RHEL9 OSPP (#9235)
- [stabilization] Remove rules for package removal from RHEL 9 OSPP (#9236)
- [Stabilization] remove redundant rules configuring partitioning from RHEL9 OSPP (#9238)
- Polishing the RHEL 9 OSPP profile file, removing the DRAFT designation (#9239)
Removed Products
- Remove WRLinux Products (#9106)
Changes in Remediations
- Add whitespace in macro function so CTF can properly parse tokens (#9030)
- EKS: Fix typo (#9037)
- Fix regular expression in Ansible remediation (#9063)
- Add ansible remediation for postfix_prevent_unrestricted_relay (#9072)
- Ansible remediation for
enable_authselect
(#9085) - Refactor bash macros for PAM (#9017)
- Adjust bash to correspond to rule.yml for correct value of TimedLoginEnable (#9098)
- Fix ubuntu logic in display_login_attempts (#9110)
- Refactor Ansible macros for PAM (#9097)
- Add Ansible remediation (#9114)
- Create Ansible macro for authselect backup command (#9128)
- Align PAM Bash macros to equivalent in Ansible (#9127)
- SLE15 SP4 audit_rules_augenrules broken. (#9130)
- fix bash remediation of configure_libreswan_crypto_policy (#9134)
- add Ansible conditionals to CPE platforms determining architecture (#9126)
- Set pipefail in Ansible shell commands with pipe (#9123)
- Update faillock related macros (#9139)
- Command 'chown', change from '.' to ':' separator (#9159)
- Review and improve sssd_enable_smartcards rule (#9145)
- SUSE dconf_gnome_screensaver_lock_enabled fix bash and ansible remediation (#9138)
- add new rule package_postfix_installed (stabilization) (#9214)
- [Stabilization] Add DISA STIG ids to when conditions in ansible roles (#9240)
Changes in Checks
- Add missing ocil_clause for audit rules (#9109)
- SLE15 SP4 audit_rules_augenrules broken. (#9130)
- Reduce the list of FIPS crypto policies (#9149)
- Review and improve sssd_enable_smartcards rule (#9145)
- Store intermediate OVAL check files (#9157)
Changes in the Infrastructure
- Parametrize the file name of the container used by gitpod integration (#9043)
- Add python vscode extension to the gitpod environment (#9074)
- Add a markdown output target to create_srg_export (#9064)
- Update docker files (#9153)
- Remove the vendor-zipfile and redhat-zipfile targets (#9152)
- Add per profile filter of missing_cce test (#9155)
- Store intermediate OVAL check files (#9157)
- [Stabilization] Install ansible for the extra modules (#9274)
Changes in the Test Suite
- test_env.py: add more attempts when executing ssh command (#9015)
- Rework tarball generation (#8883)
- Add OL9 Dockerfile (#9099)
- Update CIS L2 test for configure_crypto_policy (#9163)
- Automatus: close hanging tempfiles descriptors (#9200)