Skip to content

Content 0.1.66
Compare
Choose a tag to compare
@github-actions github-actions released this 03 Feb 10:23
· 6529 commits to master since this release
v0.1.66
dac8184
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Important Highlights

  • Ubuntu 22.04 CIS (#9953)
  • OL7 stig v2r9 update (#9976)
  • Bump OL8 STIG version to V1R4 (#9974)
  • Update RHEL7 STIG to V3R10 (#10079)
  • Update RHEL8 STIG to V1R9 (#10078)
  • Introduce CIS RHEL9 profiles (#10091)

New Rules and Profiles

  • Add nonessential services rule (#9912)
  • Added a new rule package_firewalld_removed (#9937)
  • Added a new SLE 12/15 rule package_rsync_removed (#9932)
  • Added a new rule package_cups_removed (#9930)
  • Added a new rule firewalld_service_disabled (#9941)
  • Added a new SLE 15 rule package_nftables_installed (#9934)
  • Add rule for no .forward files (#9990)
  • Add new rule grub2_enable_apparmor (#9978)
  • Added a new rule package_tcp_wrappers_removed (#9981)
  • Added a new SLE 12/15's rule package_rcpbind_removed (#9931)
  • Add package prelink removed (#10062)
  • add new rule audit_rules_immutable_login_uids (#10070)
  • Added 2 rules for 15 related to nftables (#10068)
  • New SLE 15 rule ensure_iptables_are_flushed (#10107)
  • add new rule configure_bashrc_tmux (#10100)

Updated Rules and Profiles

  • Include warning regarding quota options in XFS (#9879)
  • Update the sshd_set_keepalive regarding ClientAliveCountMax (#9903)
  • Sync rules for RHEL 9 STIG (#9788)
  • Changing a few harcoded OS names for full_name (#9936)
  • Assign CIS and CCE-IDs to multiple rules (SLES) (#9940)
  • SLE 12/15 CCE and CIS numbers for the CIS group job schedulers (#9883)
  • Update sudo_require_reauthentication (#9923)
  • Update kmod audit rule for OL7 (#9949)
  • Update rules related to pam_pwhistory module to consider pwhistory.conf file (#9994)
  • Add rule to OL7 stig profile (#10028)
  • Small corrections related to 3 rules (#9995)
  • Add new rule grub2_enable_apparmor (#9978)
  • Include Ubuntu products in package_rsync_removed (#10051)
  • Include Ubuntu products in package_nftables_installed (#10052)
  • Fix the service_telnet_disabled rule (#10033)
  • Update package name for RHEL in package_rsync_removed (#10053)
  • Include Ubuntu products in package_cups_removed (#10050)
  • Include Ubuntu products in package_rpcbind_removed (#10055)
  • Update link to NTP docs (#10056)
  • Include Ubuntu products in package_prelink_removed (#10071)
  • Add account_emergency_expire_date to OL7 stig (#10073)
  • Add aide_build_database to STIG in OL and RHEL (#10094)
  • Include Ubuntu products in two nftables rules (#10101)
  • Move two rules to higher level in cis_rhel8 control file (#10109)
  • add new rule configure_bashrc_tmux (#10100)
  • add missing SRG to aide_build_database rule (#10136)
  • change applicability of rules configuring idle session timeouts (#10127)
  • Stabilization: remove service_rngd_enabled from RHEL9 and RHEL8 STIG profiles (#10152)
  • improve applicability of rule package_rear_installed (#10144)
  • stabilization: Update levels of some rules in RHEL8 CIS (#10155)

Changes in Remediations

  • Fix indentation in Ansible shell module parameter (#9851)
  • Recognize 64bit architectures in Ansible remediations (#9887)
  • Make Ansible remediation less prone to fatal errors (#9914)
  • Add bash and ansible remediation for set_loopback_traffic (#9939)
  • Ansible and bash remediations for set_ipv6_loopback_traffic (#9938)
  • Update sudo_require_reauthentication (#9923)
  • Improve the arguments for Ansible command module (#9921)
  • Update rules related to pam_pwhistory module to consider pwhistory.conf file (#9994)
  • Fix Jinja condition in macro for pam_faillock (#10009)
  • Install NetworkManager as part of wireless_disable_interfaces remediation (#10018)
  • aide_periodic_cron_checking: Improve ubuntu-specific OVAL and bash (#9977)
  • Update accounts_password template for OL due to precedence confs (#9935)
  • accounts_password_set_min_life_existing: Avoid system accounts (#9955)
  • Improve service_disabled template (#10026)
  • accounts_password_set_max_life_existing does not exclude no passwords or locked accounts (#9954)
  • Rewrite remediations for rsyslog_remote_tls (#9866)
  • Fix accounts_password template for OL (#10045)
  • Using the Ansible shell actions is needed in package_prelink_remove (#10086)

Changes in Checks

  • Add SUSE Manager 4.x in installed_OS_is_sle15 (#9854)
  • Update sudo_require_reauthentication (#9923)
  • accounts_user_dot_group_ownership: Improve OVAL to avoid nobody group (#9956)
  • Update rules related to pam_pwhistory module to consider pwhistory.conf file (#9994)
  • aide_periodic_cron_checking: Improve ubuntu-specific OVAL and bash (#9977)
  • Update accounts_password template for OL due to precedence confs (#9935)
  • accounts_password_set_min_life_existing: Avoid system accounts (#9955)
  • accounts_password_set_max_life_existing does not exclude no passwords or locked accounts (#9954)

Changes in the Infrastructure

  • Refactor build_cpe.py (#9834)
  • Formatting and bug fixes in utils/import_srg_spreadsheet.py (#9827)
  • Refactor templates v2 (#9870)
  • Add automatic detection of platform_package_overrides when using automatus (#9897)
  • Add Sanity test for utils/create_scap_delta_tailoring.py (#9839)
  • Introduce templated platforms (CPEs) (#9906)
  • Sort conditional remediation platform checks (#9902)
  • Add sanity tests for controleval.py (#9918)
  • Add Refchecker to Tests (#9862)
  • Wait for buffer flushes to finish writes (#9933)
  • Fix the file param in rule_dir_json (#9928)
  • Fix typing import in create_srg_export.py (#9929)
  • Build all profiles on all CentOS and CentOS Streams (#9946)
  • CTest Fixes (#9962)
  • CPE AL: Introduce version specifiers support (#9945)
  • Correctly process templated Ansible conditionals and introduce os_linux platform (#9959)
  • Raise exception when parametrized platform receives invalid argument (#9996)
  • Fix --datastream-only in ./build_product (#10020)
  • Add sanity tests for compare_disa_xml.py (#10030)
  • Add Ubuntu 22.04 to Gating (#9986)
  • Fix a few isssues in test-compare-disa-xml (#10034)
  • Update Ansible Lint Config (#10025)
  • platforms: rewrite mechanism which parses version into EVR (#10038)
  • Produce an understanable error when remediation collections goes wrong (#10027)
  • Platforms: prevent building content when version comparison is used and platform provides remediation conditional (#10040)
  • Bump fedora version in Dockerfiles to 37 (#10036)
  • Fix the generation of SCE checks in the output datastream (#10015)
  • Scripts clean up (#10061)
  • Clean up SRG export (#10067)

Changes in the Test Suite

  • Ensure pwquality.conf.d dir exists on test scenarios - main branch (#9865)
  • Add automatic detection of platform_package_overrides when using automatus (#9897)
  • Add Refchecker to Tests (#9862)
  • Update rules related to pam_pwhistory module to consider pwhistory.conf file (#9994)
  • Improve service_disabled template (#10026)

Documentation

  • Add Timezone to the Contributors Script (#9844)
  • Add documentation about readthedocs.org integration (#9875)
  • Update Upstream Release doc (#9952)
  • Update contributors list for v0.1.66 release (#10108)
Assets 6