Skip to content

Content 0.1.48
Compare
Choose a tag to compare
@yuumasato yuumasato released this 15 Jan 19:37
v0.1.48
b3f50c3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Highlights:

  • New product added for Debian 10 (debian10)
  • New product added for Red Hat OpenStack Platform 10 (rhosp10)
  • New draft Profile for RHEL8 STIG

Profiles changed in this release:

  • rhosp10: cui, stig
  • debian10: standard, anssi_np_nt28_average, anssi_np_nt28_high, anssi_np_nt28_minimal, anssi_np_nt28_restrictive
  • rhel8: rhelh-vpp, stig, rhelh-stig, ospp, e8, sap
  • rhel7: e8, sap
  • ocp4: sample-linux_os, coreos-ncp, opencis-node, opencis-master, coreos-fedramp
  • sle12: stig

Profiles:

  • Add security autoupdates to the RHEL8 E8 profile. (#5107)
  • E8: ensure there is a single account with uid zero (#5105)
  • Add draft RHELH content for rhel8 (#5040)
  • Remove SSSD rules from RHEL8 OSPP Profile (#5032)
  • Updated the e8 profile for RHEL8. (#5024)
  • Add draft RHEL8 STIG profile (#4991)
  • Remove coreos-fedramp profile (#4994)

Rules:

  • Rhosp10 (#5019)
  • Add debian10 content (#5058)
  • Added machine-only CPEs to a subset of rules requiring non-virtualized systems (#5104)
  • Fix CPE to properly check /etc/login.defs on Ubuntu & Debian systems (#5093)
  • Update NIST 800-53 mappings (#5083)
  • NIST 800-53 Mapping Updates (#5079)
  • Delete rules in favour of package_subscription-manager_installed (#5059)
  • Set sshd private key permission to 0600 for Ubuntu 18.04 (#5089)
  • Add missing CCE for package_telnetd_removed rule (#5090)
  • PermitUserEnvironment Checks For Incorrect Setting (#5087)
  • Use the FIPS:OSPP Crypto Policy (#5072)
  • Enable ansible template for service_fapolicyd_enable rule. (#5064)
  • modify usbguard_allow_* rules to use new match-all keyword (#5055)
  • Stig sle12 initial (#4847)
  • Update api-server XCCDF and OVAL for ocp4-isms (#5039)
  • Mark rules as platform: machine. (#5062)
  • Fix OVAL applicability for RHV4 (#5053)
  • Remove configure_fapolicyd_mounts rules from profiles. (#5057)
  • Update ETCD XCCDF and OVAL for ocp4-isms (#5036)
  • Update api-server rules (#5034)
  • Coreos build - enable more rules (#5018)
  • Various minor fixes (#5025)
  • Update etcd rules (#5008)
  • [WIP] Add SAP profile to rhel (#3551)
  • Add missing CCEs to rules from STIG profile (#5021)
  • Add some NIST mappings for FISMA high (#4932)
  • Fix RHEL7 rules sshd_use_strong_macs and sshd_use_strong_ciphers. (#5010)
  • Ansible tasks fixes (#5004)
  • make aide_periodic_cron_checking accepting broader array of time specs (#4989)
  • SRG Mapping - misc rules (#4969)
  • additional srg mappings (#4981)
  • Verified that proper SRGs are in rules that need to be added (#4987)
  • adding DISA SRG references to rules found in the OSPP profile (#4877)
  • OCP4 content cleanup (#4970)
  • Add Network Policies rule to OCP (#4934)
  • Make coreos-ncp.profile buildable (#5001)
  • Added SRG rule for auditd_audispd_configure_remote_server (#4988)
  • DISA STIG SRG mappings (#4940)
  • added SRG rule for Exec Shield (#4982)
  • Day 2 - Yasir's Contributions (#4975)
  • day 2 changes to rules with SRG info (#4974)
  • add srg-os-000378-GPOS-00163 reference to usbguard install and enable (#4973)
  • Added SRG to rules (#4968)
  • mapped ipv4 and ipv6 SRGs to rules (#4967)
  • add SRG to rule (#4966)
  • Updated to include SRG number (#4971)

Tests:

  • oscap: modify using variables in the printf format (#5063)
  • Improve fine-tuning of rule/group ordering (#5078)
  • Use the DEFAULT:NO-SHA1 Crypto Policy for the E8 profile. (#5073)
  • Extend waiting time till virtual machine is again in RUNNING state (#5041)
  • SSGTS: Use wildcards instead of matching substring (#5029)
  • Add waiting for RUNNING state of virtual machine (#5023)
  • Add audit_rules_unsuccessful_file_modification_detailed remediation scripts (#4058)
  • Fixed the remediation for rsyslog_files_permissions (#4906)
Assets 5
Loading