Skip to content

Content 0.1.61
Compare
Choose a tag to compare
@github-actions github-actions released this 01 Apr 17:27
· 14296 commits to master since this release
v0.1.61
4ba3353
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Important Highlights

  • Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7 (#8122)
  • Introduce OL9 product (#8102)
  • Implement handling of logical expressions in platform definitions (#8043)

New Rules and Profiles

  • Introduce OL9 product (#8102)
  • RHEL9 OSPP boot parameter rules (#8092)
  • Introduce stig_gui profile for OL8 (#8200)
  • New rules related to pam_pwquality (#8185)
  • add rules to add page_alloc.shuffle kernel boot parameter (#8234)
  • Add GRUB2 rule for slab_nomerge and mce (#8282)
  • Include rule mount_option_proc_hidepid (#8288)
  • New sysctl fs parameters (#8304)
  • Parametrize configuration of kernel.kptr_restrict and add rule for kernel.panic_on_oops (#8285)

Updated Rules and Profiles

  • Ol7 stig v2r5 (#7913)
  • HIPAA Rules in test (#7916)
  • Ubuntu specific bash and oval for dconf_gnome_login_banner_text (#7908)
  • The audit package and auditd service are needed for FAU_GEN.1 SFR. (#8069)
  • Clarify that log_format and name_format affects specifically information included in the audit records, not events for which audit records get generated. (#8071)
  • Ensuring immutable UIDs is related to the subject identity required by FAU_GEN.1.2, it does not affect for wihch events audit records will be generated. (#8072)
  • These auditd configurations affect the whole SFR, not just its specific parts. (#8070)
  • RHEL9 OSPP: drop some rules disabling kernel module loading (#8093)
  • The write_logs is related to where audit records end up stored, not what records get generated. (#8114)
  • Amend OSPP references for rsyslog omfwd/gtls configuration. (#8113)
  • On OSPP installation, the primary reason for having rsyslog installed… (#8111)
  • Configuring the CA certificate targets the TLS "internal" requirements, so FTP_ITC_EXT.1.1 is not needed. (#8112)
  • Ensure all processes are auditable and rules loaded for FAU_GEN.1 are applied. (#8098)
  • Update OL8 stig profile rule selection (#8124)
  • Requirement of not losing data at least to a limit comes from FAU_STG family. (#8133)
  • RHEL9 OSPP boot parameter rules (#8092)
  • Simple stig v2r6 updates for OL7 (#8162)
  • Create OVAL check for selinux_context_elevation_for_sudo [OL7] (#8160)
  • Update rule to only remove the graphical interface (#8170)
  • drop not needed auditd.conf rules from rhel9 ospp (#8188)
  • New rules related to pam_pwquality (#8185)
  • Update configure_bashrc_exec_tmux to consider .d directory (#8146)
  • align ospp audit rules with the latest upstream release (#8152)
  • Align description of grub2 rules with checks and remediations (#8184)
  • Update RHEL7 STIG items to V3R6 (#8225)
  • update description of rhel9 ospp profile (#8232)
  • Add sudoers_default_includedir to ol7 STIG (#8229)
  • add rules to add page_alloc.shuffle kernel boot parameter (#8234)
  • Fix bug 1195521 (#8215)
  • Fix for bug 1195523 (#8242)
  • Extend package_pam_pwquality_installed rule for RHEL (#8186)
  • make rule enable_fips_mode check only for technical state (#8255)
  • UEFI booting requires FAT support. (#8269)
  • Removed criteria in OVAL check of require_singleuser_auth (#8121)
  • no iptables.service in sle15 (#8292)
  • fix aide_build_database rule and remediation to work with sles 12 and 15 (#8287)
  • SLE 12 and 15 merge auditd file modification rules STIG IDs (#8295)
  • OL8 STIG severity adjustments (#8103)
  • Oval update for two rules to only allow results from only one file [ol7] (#8161)
  • Performance improvements for file permission and ownership templates (#8456)

Changes in Remediations

  • HIPAA Rules in test (#7916)
  • Fix handling of literal dollars in macros (#8252)
  • Various bash fixes (#8253)
  • Simplify generated augen bash expressions (#8254)
  • Fix the firewalld remediation (#8251)
  • Fix bash remediations of browsers (#8258)
  • Introduce convenience macros for find and awk (#8257)
  • Introduce a shellcheck test (#8032)
  • Refactor pam_faillock remediation (#8347)

Changes in the Infrastructure

  • Add condition to SCAPVal script that will trigger when SCAP standard is updated (#8062)
  • stop building PCI-DSS-centric XCCDF benchmark for RHEL 7 (#8122)
  • Implement handling of logical expressions in platform definitions (#8043)
  • Add backends attribute to template in rules schema (#8090)
  • Add gitpod support (#8123)
  • Added utils/compare_disa_xml.py (#8120)
  • Gitpod: Build OpenSCAP 1.3.6 so it can build OCP4 and EKS content (#8206)
  • Fix issue with getting STIG items in create_scap_delta_tailoring.py (#8245)
  • Store OVAL of compiled platforms as string (#8238)
  • Add a script to audit the SRG export CSV (#8077)
  • Add version to delta tailoring file name (#8247)
  • Various improvments to SRG Export Script (#8091)

Changes in the Test Suite

  • align ospp audit rules with the latest upstream release (#8152)
  • Remove grub2_pti_argument tests (#8310)
  • Delete test scenario that removes SSH keys from machine (#8309)
  • Remove RHEL7 platform from invalid_rescue.pass.sh (#8311)

Documentation

  • Document boolean expressions in "platform" definitions (#8094)
  • Add github workflow to publish statistics, guides and tables (#8136)
  • Add missing rsync dependency to gh-pages workflow (#8151)
  • Fix badges and remove Centos legacy CI integration (#8244)
Assets 8
Loading