Skip to content

Content 0.1.67
Compare
Choose a tag to compare
@github-actions github-actions released this 11 Apr 21:56
· 7445 commits to master since this release
v0.1.67
ee68832
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Important Highlights

  • Add utils/controlrefcheck.py (#10096)
  • RHEL 9 STIG Update Q1 2023 (#10185)
  • Include warning for NetworkManager keyfiles in RHEL9 (#10330)
  • OL7 stig v2r10 update (#10125)
  • Bump version of OL8 STIG to V1R5 (#10123)

New Rules and Profiles

  • Add new rule package_systemd-journal-remote_installed (#10105)
  • New SLE 15 rule service_nftables_enabled (#10113)
  • Add CIS iptables rules (#10121)
  • New SLE 15 rule set_nftables_new_connections (#10114)
  • Introduce new rule sshd_use_approved_kex_ordered_stig (#10103)
  • Add a new rule ssh_keys_passphrase_protected (#10017)
  • Introduce new rule authconfig_config_files_symlinks (#10129)
  • Added rule partition_for_dev_shm (#9984)
  • New rule for SLE 15 unnecessary_firewalld_services_ports_disabled (#10090)
  • New SLE 15 rule set_nftables_table (#10128)
  • Add implementation for rsyslog_logging_configured rule (#10063)
  • New SLE 12/15 rule audit_rules_mac_modification_usr_share (#10223)
  • OCP4 STIG: Cover SRG-APP-000297-CTR-000705 with a new rule oauth_logout_url_set (#10187)
  • Added a new rule accounts_password_set_warn_age_existing (#10006)
  • Add new rule socket_systemd-journal-remote_disabled (#10210)
  • Introduce rule to remove nginx package (#10291)
  • Introduce rule to remove cyrus-imapd package (#10292)
  • Add package_dnsmasq_removed rule (#10293)
  • Add package_ftp_removed rule (#10294)
  • Add new rule rsyslog_filecreatemode (#10264)
  • New SLE 12/15 rule all_apparmor_profiles_in_enforce_complain_mode whi… (#10064)
  • Add rule package_nfs-kernel-server_removed for Ubuntu CIS (#10358)

Updated Rules and Profiles

  • accounts_passwords_pam_tally2: Move to bash_ensure_pam_module_option (#10058)
  • Assign CCE-IDs for sysctl_net_ipv4_conf_default_log_martians for SLES-12 and SLES-15 (#10082)
  • Ol8 v1r5 small updates - update policy text & remove rule for OL08-00-010510 (#10093)
  • Add CIS iptables rules (#10121)
  • OL7 stig v2r10 update (#10125)
  • Bump version of OL8 STIG to V1R5 (#10123)
  • assign ntp_configure_restrictions to SLE12 (#10122)
  • Update tmux rules and add them to OL8 STIG profiles (#10124)
  • Change applicability of rules configuring idle session timeouts (going to master branch) (#10149)
  • Add missing SRG to aide_build_database rule (for master branch) (#10150)
  • remove service_rngd_enabled from RHEL9 and RHEL8 STIG profiles (#10153)
  • Extends rsyslog_logfiles_attributes_modify template for permissions (#10139)
  • Update levels of some rules in RHEL8 CIS (#10157)
  • Change custom zones check in firewalld_sshd_port_enabled (#10162)
  • improve applicability of rule package_rear_installed (master branch) (#10156)
  • Accept required and requisite control flag for pam_pwhistory (#10175)
  • OCP4 Modify etcd encryption check rules for hypershift (#10179)
  • Fixes related to SLE 12/15 for the rules set_min/max_life_existing (#10173)
  • Fix prefer_64bit_os for SLE platforms (#10178)
  • remove rule logind_session_timeout and associated variable from profiles (#10202)
  • Shorten rule title (#10196)
  • products/alinux2 && products/alinux3: fix some missing rules in the cis profile (#10138)
  • Create OVAL macro to consistently identify Interactive Users (#10215)
  • Include avahi related rules in RHEL CIS control files (#10233)
  • Include partition_for_dev_shm in CIS RHEL7 and RHEL9 (#10239)
  • Update CIS RHEL requirements for log files permissions (#10241)
  • Include rule for checking password last change in RHEL (#10243)
  • Include accounts_set_post_pw_existing rule in CIS RHEL (#10269)
  • Enable no_empty_passwords_etc_shadow rule for RHEL7 (#10276)
  • Update password hashing algorithm CIS requirement (#10271)
  • Complete CIS requirements related to dot-files (#10279)
  • Fix package names for some SUSE packages (#10283)
  • Enable accounts_password_set_warn_age_existing rule for RHEL (#10284)
  • Corrections in the rule package_openldap-clients_removed (#10273)
  • Enable sshd_enable_warning_banner_net for RHEL (#10287)
  • Add package_nginx_removed to Ubuntu CIS profiles (#10301)
  • Add package_cyrus-imapd_removed to Ubuntu CIS profiles (#10302)
  • accounts_passwords_pam_faildelay_delay: depend on pam (#10304)
  • accounts_passwords_pam_tally2: depend on pam being installed (#10305)
  • package_pam_pwquality_installed: depend on pam being installed (#10306)
  • apparmor: apply only to platform machine (#10303)
  • sudo_require_reauthentication: depend on sudo being installed (#10318)
  • vlock_installed: apply only to platform machine (#10307)
  • Remove VMM SRG References (#10336)
  • Add apparmor rule to Ubuntu CIS profiles and minor fixes to profiles (#10338)
  • Add some nftables rules to Ubuntu CIS profile (#10300)
  • make accounts_password_last_change_is_in_past not applicable to containers (#10339)
  • Align rhel7 dracut-fips-aesni remediations (#10352)
  • Add package_cups_removed to Ubuntu CIS Level 2 Worstation profiles (#10360)
  • NTP related rules for CIS on Ubuntu 20.04 and 22.04 (#10344)

Changes in Remediations

  • Extends rsyslog_logfiles_attributes_modify template for permissions (#10139)
  • Update sebool_secure_mode_insmod OL remediations (#9979)
  • Enable rsyslog_filecreatemode rule for RHEL (#10328)
  • kernel_module_disable template - regexp matches multiple lines (#10351)
  • fix loops within ansible template for rsyslog_files (#10349)

Changes in Checks

  • Update tmux rules and add them to OL8 STIG profiles (#10124)
  • Remove check of /var/log/dmesg from OVAL (#10145)
  • Extends rsyslog_logfiles_attributes_modify template for permissions (#10139)
  • Fix prefer_64bit_os for SLE platforms (#10178)
  • postfix_prevent_unrestricted_relay: allow whitespaces and no comma for 'smtpd_client_restrictions' value (#10219)
  • Create OVAL macro to consistently identify Interactive Users (#10215)
  • Add offline capability to the 'mount_option' OVAL template (#10200)

Changes in the Infrastructure

  • Introduce script shorthand to OVAL (#10085)
  • Remove utils/count_oval_objects.py (#10133)
  • Update Rawhide Before Use (#10141)
  • Move to Code Climate for PEP 8 Checking (#10158)
  • Enable SCE integrity checks for RHEL8 (#10165)
  • Refactor ssg.build_ovals module (#10048)
  • Update srg diff (#10199)
  • Require OVAL ID to match rule ID (#10346)
  • Various python fixes (#10345)
  • Move platform_mount to use cpe-oval vs oval (#10441)

Changes in the Test Suite

  • Add utils/controlrefcheck.py (#10096)
  • Extends rsyslog_logfiles_attributes_modify template for permissions (#10139)
  • Update test scenarios for accounts_password_last_change_is_in_past (#10213)
  • add cap_system_chroot capability to Automatus podman container (#10246)
  • Fix Automatus on Python 3.6 (#10281)
  • Disable logrotate timer in ensure_logrotate_activated tests (#10375)

Documentation

  • Update Ansible section in project Style Guide (#10211)
  • Fix broken link to statistics page (#10217)
  • Introduce style guidelines for commit messages (#10220)
  • Remove VMM SRG References (#10336)
  • Add URL for ISM (#10337)
  • Convert User Docs (#10214)
  • Update Contributors for v0.1.67 (#10350)
Assets 6
Loading