Skip to content

Content 0.1.51
Compare
Choose a tag to compare
@vojtapolasek vojtapolasek released this 17 Jul 09:42
v0.1.51
0e0c859

Highlights:

  • Add SSG content for McAfee VSEL (#5864)
  • Creation of Australian ISM 'Official' RHEL 8 profile (#5861)
  • Add RHCOS4 product (#5775)
  • Add ubuntu cis profile (#5750)

Profiles changed in this release:

  • rhel8: ospp, cis, ism_o, stig
  • ocp4: cis, moderate, platform-moderate, coreos-ncp, opencis-node, ncp, e8
  • vsel: stig
  • rhcos4: coreos-ncp, ncp, moderate, e8
  • firefox: stig
  • rhel7: cis, stig
  • sle15: cis
  • ubuntu1804: cis

Profiles:

  • Creation of Australian ISM 'Official' RHEL 8 profile (#5861)
  • Attribute credit for CIS content (#5779)
  • Update CoreOS profile to short name (#5834)
  • rhcos4: Remove checks for nmcli permissions (#5826)
  • Sle15 cis (#5807)
  • Add ubuntu cis profile (#5750)

Rules:

  • Add stigid reference to rpm_verify_ownership according to STIG RHEL7 v2r7 (#5919)
  • Fix file regex in OCP3 content (#5920)
  • Fix of issues seen with OpenShift 3.11 (#5860)
  • Add zipl and grub2 CPEs (#5905)
  • Add ocp rules to cis profile (#5872)
  • Update RHEL7 documentation link for grub2_uefi_admin_username. (#5890)
  • fix filename in configure_openssl_crypto_policy (#5885)
  • Add SSG content for McAfee VSEL (#5864)
  • Add 'bls_audit_option' rule (#5793)
  • Add OCP XCCDF CIS policy rules (#5833)
  • Updating Firefox content (#5858)
  • OCP4 allowed registries (#5839)
  • Template for yamlfilecontent checks (#5758)
  • Remove grub documentation links from RHEL7 rationale (#5851)
  • More CIS OCP checks (#5837)
  • Update OCP permissions add master, worker, and general content changes (#5838)
  • Add OCP4 CIS API server XCCDF content (#5843)
  • Add support for blacklisting directories when doing system-wide file scans (#5804)
  • Finish RHCOS product migration (#5835)
  • Add missing CCEs for CIS RHEL8 (#5781)
  • Update unowned user rule warning (#5806)
  • Add dev_shm rules to rhel7 stig profile (#5830)
  • add rule ssh_client_rekey_limit (#5788)
  • pkgname@debian auditd (#5809)
  • Add RHCOS4 product (#5775)
  • Add rules to configure zIPL (#5784)
  • Made the rule sshd_rekey_limit parametrized (#5772)
  • Introduced a rule that uses non-standard yaml checks (#5326)
  • Cis partitions rules (#5749)
  • Add Ansible for ensure_logrotate_activated (#5753)
  • Change oval check to verify if we're in OCP4 (#5824)
  • Use templates to generate Machineconfigs (#5814)
  • Simplify check for no_shelllogin_for_systemaccounts (#5810)
  • change sshd rekey limit to 1G 1 hour in rhel8 ospp (#5782)
  • Create macro for selinux ansible/bash remediation. (#5785)
  • Fix ansible/bash remediation for rule grub2_enable_selinux. (#5787)
  • fix rhel8 hipaa ansible playbook (#5777)
  • Add Ansible for audit_rules_system_shutdown (#5761)
  • Add Bash and Ansible remediations for sshd_set_max_sessions (#5757)

Tests:

  • test_parse_affected.py: Handle empty rendered content (#5840)
  • Add test scenario for sshd_rekey_limit to cover OSPP profile (#5827)
  • add simple tests for sshd_do_not_permit_user_env (#5829)
  • Remove result files when test scenarios pass (#5812)
  • ocp4: Test amount of check results for scans (#5803)
  • ocp4: Check for diminishing failures in e2e test (#5794)
  • ocp4: Create complianceSuites in debug mode (#5798)
  • OCP4: Add remediation equality unit tests (#5743)
Assets 5
Loading