Releases: ansible-lockdown/RHEL9-CIS
Releases · ansible-lockdown/RHEL9-CIS
CIS V2.0.0 Jan26 Updates
Issue Fixes:
#408
#409
#410
#413
#416
#418
#419
#420
What's Changed
- .github standardization by @frederickw082922 in #408
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #409
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #411
- #410 add fix provided by @kpi-nourman via discord community by @uk-bolly in #412
- issues 413 addressed thansk to @bbaassssiiee by @uk-bolly in #415
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #417
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #421
- Issue 416 fix by @georgenalen in #422
- Tidy up wording regarding crypto policy module by @uk-bolly in #423
- Issue 416: update changelog and ansible_vars_goss by @frederickw082922 in #424
- 2026 Jan Updates by @frederickw082922 in #425
- fix: make 5.3.2.2 idempotent with 5.3.3.1.1 by @bol7742 in #420
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #426
- Release to main by @uk-bolly in #427
New Contributors
- @georgenalen made their first contribution in #422
- @bol7742 made their first contribution in #420
Full Changelog: 2.0.3...2.1.0
Contributors
bbaassssiiee, georgenalen, and 5 other contributors
Assets 2
CIS v2.0.0 Updates October 2025
CIS 2.0.0 October 25 updates
#380 thanks to @numericillustration
#385 and #390 and #391 thanks to @polski-g
#387 and #393 thank you to @fragglexarmy
#394 thank you to @dbeuker
#398 & #399 thanks to trumbaut
Added max-concurrent options for audit
work flow updates
audit logic improvements
auditd template 2.19 compatible
What's Changed
- Fixing issue for Control 6.3.4.5 by @DianaMariaDDM in #360
- Fixing issue for Control 5.4.2.5 by @DianaMariaDDM in #361
- Fixing issue for Control 6.3.3.5 by @DianaMariaDDM in #359
- Enhancing variable documentation by @DianaMariaDDM in #363
- Fixing minor inconsistencies by @DianaMariaDDM in #367
- July 25 Release to main by @uk-bolly in #368
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #370
- Audit update by @uk-bolly in #375
- renames 3 uses of ansible.builtin.systemd_service by @numericillustration in #380
- August25 updates by @uk-bolly in #381
- 2025 Sep Updates: Issue fixes and Improved logic by @frederickw082922 in #392
- 5.4.1.1: shell command should run in check_mode by @polski-g in #385
- 1.4.2: grep command should run in check_mode by @polski-g in #391
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #376
- 5.3.2.2: fix regex failing to match whitespace by @polski-g in #386
- Support section modularization (for Sec 5 only right now) by @polski-g in #390
- Suggestion for the missing assert parameter by @dbeuker in #394
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #395
- ensure check mode runs all non-destructive tasks by @polski-g in #396
- Update cis_3.2.x.yml (add dccp to blacklist instead of cramfs by @trumbaut in #398
- Oct25 updates by @uk-bolly in #401
- update workflow benchmark_tracking_controller by @frederickw082922 in #403
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #402
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #404
- workflow and audit improvements by @uk-bolly in #405
- Add workflow to auto add new issues to project by @frederickw082922 in #406
- Latest fixed to merge with main by @uk-bolly in #407
New Contributors
- @DianaMariaDDM made their first contribution in #360
- @dbeuker made their first contribution in #394
- @trumbaut made their first contribution in #398
Full Changelog: 2.0.2...2.0.3
Contributors
trumbaut, numericillustration, and 7 other contributors
Assets 2
CIS 2.0.0 release - June updates
CIS Version: 2.0.0
Remediate
workflow updates
ansible facts added
audit improvements and fetch added
lint updates
typos addressed
check_mode updates
Issue Fixes:
#305
#306
#309
#311
#312
#315
#317
#318
#320
#321
#322
#323
#324
#325
#332
#336
#337
#338
#346
#348
#353
#354
What's Changed
- March25 updates by @uk-bolly in #312
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #313
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #316
- Improvements by @uk-bolly in #317
- 2025 Update - April Typo Fixes + Logic update on rhel9cis_discover_int_uid by @frederickw082922 in #321
- Fix for #320 thank you @kodebach by @frederickw082922 in #323
- Fix for #322 thank @mindrb by @frederickw082922 in #324
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #326
- May25 issues by @uk-bolly in #332
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #339
- Check for existence of sshd_config.d/50-redhat.conf by @polski-g in #336
- Variablize network-manager package name by @polski-g in #337
- Fix typo in variable name discovered_group_check by @polski-g in #338
- Updated variable naming for interactive_users by @uk-bolly in #340
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #342
- Fix for #325 thank you @mindrb by @frederickw082922 in #346
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #347
- auditd: ensure check mode runs non-destructive call to ausyscall --dump by @polski-g in #343
- root password and other improvements by @uk-bolly in #348
- Audit only fetch by @uk-bolly in #351
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #352
- Addresses #318 - Thank you @kodebach & @bgro by @frederickw082922 in #353
- Fix re.error due to (?i) not at start of re by @davidalexander83 in #354
- Merge devel to main by @uk-bolly in #355
New Contributors
- @frederickw082922 made their first contribution in #321
- @polski-g made their first contribution in #336
- @davidalexander83 made their first contribution in #354
Full Changelog: 2.0.1...2.0.2
Contributors
bgro, davidalexander83, and 6 other contributors
Assets 2
CIS v2.0.0 release - March25 updates
CIS Version: 2.0.0
Remediate
Many issues addressed
ARM64support added into Auditd
pre-commit updates
What's Changed
- Feb25 updates by @uk-bolly in #295
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #302
- Issues resolved enhancements by @uk-bolly in #303
- Updates to benchmark v2.0.0 by @uk-bolly in #307
Full Changelog: 2.0.0...2.0.1
Contributors
pre-commit-ci and uk-bolly
Assets 2
CIS V2.0.0 release
CIS Version: 2.0.0
Remediate
Complete rewrite
Controls and sections moved as per new baseline
Audit updates
Pipeline Updates
pre-commit updates
Various improvements and enhancements
company naming updated
What's Changed
- Benchmark v2.0.0 by @uk-bolly in #268
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #269
- Title tidy up by @uk-bolly in #270
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #271
- Use shell for grep with shell expansions by @jsonar-cpapke in #274
- remove extra discovered_ prefix from variable by @jsonar-cpapke in #275
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #276
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #277
- Issue #272 by @uk-bolly in #278
- pwquality 5.3.3.2.x logic updates by @uk-bolly in #279
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #284
- Jan25 updates by @uk-bolly in #286
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #287
- updated logic on 7.2.9 by @uk-bolly in #289
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #291
- CIS V2 release to main by @uk-bolly in #290
New Contributors
- @jsonar-cpapke made their first contribution in #274
Full Changelog: v1.3.4...2.0.0
Contributors
pre-commit-ci, uk-bolly, and jsonar-cpapke
Assets 2
CIS v1.0.0 Final
CIS Version: 1.0.0
Remediate
Audit updates
Pipeline Updates
pre-commit updates
Various improvements and enhancements
company naming updated
Issues
What's Changed
- License and issue262 by @uk-bolly in #263
- Update to how auditd restarts by @uk-bolly in #264
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #266
- CIS v1.0.0 final release to main by @uk-bolly in #267
Full Changelog: 1.3.3...v1.3.4
Contributors
pre-commit-ci and uk-bolly
Assets 2
CIS Version: 1.0.0 - Nov24 Updates
CIS Version: 1.0.0 - Nov24 Updates
Remediate
Audit updates
Pipeline Updates
pre-commit updates
Various improvements and enhancements
Issues Addressed
#245
#247
#249
#250
#251
#252
#253
#255
#256
AUDIT
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #238
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #241
- Sept 24 updates by @uk-bolly in #240
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #242
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #243
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #244
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #246
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #248
- Added selectattr filter to fix #249 by @yinggs in #250
- issue_247 and pipeline update for first interaction by @uk-bolly in #251
- Mount opts and gpg by @uk-bolly in #252
- Added a means to allow system users to have a shell by @Thulium-Drake in #253
- Added _lock to filename by @uk-bolly in #256
- updated Readme by @uk-bolly in #257
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #258
- removed skip_ansible_lint tag by @uk-bolly in #260
- CIS v1.0.0 updates Nov 2024 by @uk-bolly in #259
New Contributors
- @yinggs made their first contribution in #250
- @Thulium-Drake made their first contribution in #253
Full Changelog: 1.3.2...1.3.3
Contributors
Thulium-Drake, yinggs, and 2 other contributors
Assets 2
RHEL9-CIS update Sept2024- v1.0.0
RHEL9-CIS v1.0.0
Remediate:
pre-commit updates
workflow updates
jmespath dependancy removal
tidy up of some var naming for ssh config path
Latest workflow updates
6.1.10 and 6.1.11 improvements
Issue Fixes:
#216
#217
#221
#222
#224
#226
#227
#228
#230
#231
#232
#233
#234
Audit:
audit updates and alignment
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #214
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #215
- Issue audit updates by @uk-bolly in #221
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #222
- August issues by @uk-bolly in #228
- added calls to sshd restart handler to fix #230 by @numericillustration in #231
- added fix for #232 thanks to @Arkhenys by @uk-bolly in #233
- Fix link to Changelog.md in README.md by @markgoddard in #234
- Sshd config create by @uk-bolly in #236
- rhel9-cis main release v1.0.0 by @uk-bolly in #235
New Contributors
- @markgoddard made their first contribution in #234
Full Changelog: 1.3.1...1.3.2
Contributors
numericillustration, markgoddard, and 3 other contributors
Assets 2
RHEL9-CIS update June2024
Remediate:
- Issues closed and PRs merged - What's changed
- Pre-commit updates
- Many improvements to different controls
- meta update for galaxy compatability
- Standardize versioning across all repos - removing v
What's Changed
- removing the async; the results of init are needed in the subsequent step by @mark-tomich in #199
- Typo by @svennd in #206
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #207
- 2.4 : socket vs sockets (typo) by @svennd in #208
- June24 updates by @uk-bolly in #209
- Release to main by @uk-bolly in #210
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #211
- updated due to galaxy limitation by @uk-bolly in #212
- Update to galaxy meta by @uk-bolly in #213
New Contributors
- @mark-tomich made their first contribution in #199
- @svennd made their first contribution in #206
Full Changelog: 1.2.0...1.3.1
Contributors
svennd, pre-commit-ci, and 2 other contributors
Assets 2
RHEL9-CIS 1.0.0 - Update May2024
Remediate:
- Issues closed and PRs merged - What's changed
- Pre-commit updates
- Many improvements to different controls
Audit:
- Audit_only ability now added to run standalone audit
- audit_only: true
- Related Audit repo updated to improve tests audit binary(goss updated to latest version)
Many thanks to all the contributors and discord community members for feedback
What's Changed
- Sept23 to devel by @uk-bolly in #93
- updated discord link in readme by @uk-bolly in #95
- fix rule_1.8.1.1 by @uk-bolly in #96
- Goss version by @uk-bolly in #97
- Sept lint by @uk-bolly in #98
- updated 5.6.5 by @uk-bolly in #99
- updated collections by @uk-bolly in #100
- updated workflow for galaxy and versions by @uk-bolly in #108
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #110
- Audit only enhancement and goss update by @uk-bolly in #120
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #119
- Update cis_5.6.1.x.yml by @senihucar in #122
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #127
- Fixed chrony configuration options by @dulin in #121
- Removing redundant conditional statements by @ipruteanu-sie in #129
- Timeout value defined in defaults/main.yml file not used by @ipruteanu-sie in #133
- Masking service when server package is needed by @ipruteanu-sie in #136
- Using correct conditional for ftpd by @ipruteanu-sie in #138
- 3.4.2.5 conditional fix by @ipruteanu-sie in #140
- find hidden files in /var/log for 4.3.2 by @Corey0219 in #103
- Using rhel9cis_authselect['options'], otherwise not used at all by @ipruteanu-sie in #145
- Siemens/feat/4.2.1.3conditional and section header by @ipruteanu-sie in #143
- Remove trailing comma to align with other roles by @jLemmings in #152
- Adding missing lines to usr: sysctl.d/50-default.conf by @brisky in #105
- Adding new entry in /etc/pam.d/system-auth by @brisky in #112
- Siemens/feat/audit vars refactoring by @ipruteanu-sie in #148
- Corrections to tags and a variable by @sickbock in #151
- Remove trailing comma to align with other roles by @jLemmings in #154
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #159
- fixing some mismatched tags and tasks in 5.6.1.x by @numericillustration in #150
- Using a patch to refactor doc-extension by @ipruteanu-sie in #164
- Siemens/feat/bgrubby usage for params by @ipruteanu-sie in #166
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #167
- Update cis_6.1.x.yml by @Illibur in #169
- oscap scan found 2 issues in sshd configuration override files by @bbaassssiiee in #174
- Replacing vars according to Audit needs by @ipruteanu-sie in #131
- Bugfix 5 3 4 against issue #176 by @RoboPickle in #177
- fix: idempotency molecule issue fixed for logfiles #173 by @rjacobs1990 in #175
- Feb24 updates by @uk-bolly in #179
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #178
- Gpg import for rhel servers by @uk-bolly in #185
- March 24 to devel by @uk-bolly in #186
- Address issues in 4.1.1.2 and 4.1.1.3 including idempotent status by @RoboPickle in #188
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #192
- April_24 updates by @uk-bolly in #201
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #200
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #202
- updated audit binary assert statement by @uk-bolly in #204
- Release to main by @uk-bolly in #205
New Contributors
- @pre-commit-ci made their first contribution in #110
- @senihucar made their first contribution in #122
- @dulin made their first contribution in #121
- @ipruteanu-sie made their first contribution in #129
- @Corey0219 made their first contribution in #103
- @jLemmings made their first contribution in #152
- @brisky made their first contribution in #105
- @sickbock made their first contribution in #151
- @numericillustration made their first contribution in #150
- @Illibur made their first contribution in #169
- @bbaassssiiee made their first contribution in #174
- @RoboPickle made their first contribution in #177
- @rjacobs1990 made their first contribution in #175
Full Changelog: v1.1.0...1.2.0
Contributors
dulin, numericillustration, and 12 other contributors