Releases: ansible-lockdown/UBUNTU20-CIS
Releases · ansible-lockdown/UBUNTU20-CIS
CIS 2.0.1 - August 24 update
CIS - V 2.0.1 - 27 Jun 2023
Remediate
Issues closed and PRs merged - What's changed
Pre-commit updates
workflow updates
What's Changed
- use ubtu20cis_auditd[admin_space_left_action] by @kdebisschop in #142
- Do not make bootloader config less secure by @kdebisschop in #143
- Fix incorrect tag on cis_5.1.1.1.x.yml by @tekchansin in #144
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #145
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #146
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #147
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #150
- Issue 148, audit and workflow updates by @uk-bolly in #151
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #152
- workflow update devel to main by @uk-bolly in #153
New Contributors
- @tekchansin made their first contribution in #144
Full Changelog: 2.2.1...2.2.2
Contributors
tekchansin, kdebisschop, and 2 other contributors
Assets 2
CIS 2.0.1 - March 24 update
CIS - V 2.0.1 - 27 Jun 2023
Remediate
Issues closed and PRs merged - What's changed
Pre-commit updates
Many improvements to different controls
AUDIT
- Audit only option added
- New goss binary now supported
- Audit variables tidied and moved
What's Changed
- Fix/cis 5 2 4 5 loop by @arousseau-coveo in #124
- fix prelim check to check for AIDE install rule and updates rule by @dderemiah in #130
- Groups the Defaults together by @dderemiah in #131
- Run post_remediation - quote group_names by @diepes in #128
- Fix regex to prevent swallowing closing quote in bootloader config. by @kdebisschop in #133
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #134
- Fixes a couple typos by @dderemiah in #135
- Fixes list privileged cmd collection to match benchmark by @dderemiah in #136
- Fix/ubtu20cis uses root default by @arousseau-coveo in #129
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #137
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #138
- fixed test for the arm64 conditional by @uk-bolly in #139
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #140
- cis2.0.1 release March 24 by @uk-bolly in #141
New Contributors
- @arousseau-coveo made their first contribution in #124
- @diepes made their first contribution in #128
Full Changelog: 2.2.0...2.2.1
Contributors
diepes, kdebisschop, and 4 other contributors
Assets 2
CIS 2.0.1
What's Changed
- Cis 2.0.1 release by @uk-bolly in #91
- updated discord link by @uk-bolly in #92
- added to create when configured logfile does not exist by @uk-bolly in #94
- Issue #90 by @uk-bolly in #95
- updated badges by @uk-bolly in #96
- Fixes remount /tmp typo by @dderemiah in #93
- Grub passwd update by @uk-bolly in #98
- readme update and gitattributes by @uk-bolly in #99
- devel -> main cis 2.0.1 by @uk-bolly in #97
- Import tasks update by @uk-bolly in #100
- updated to import_tasks module by @uk-bolly in #101
- adds superusers and fixes issue #88 by @dderemiah in #102
- devel- main release by @uk-bolly in #103
New Contributors
- @dderemiah made their first contribution in #93
Full Changelog: V1.1.3...2.1.1
What's Changed
- collections and lint update by @uk-bolly in #104
- adds feature to allow rsync install CIS compliant by @dderemiah in #105
- fixes cron typo in rsyslog.conf generation by @dderemiah in #107
- rule 1.5.4 moved when in package list to service stop by @dderemiah in #108
- updated to use sleep variable and lint by @uk-bolly in #109
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #111
- auditd 5.2.3.12 logins should refer to /var/run/faillock by @kdebisschop in #114
- updated typos and layout by @uk-bolly in #110
- removes unexpected variable by @dderemiah in #122
- CIS 2.1.1.1 should not fail if systemd-timesyncd is not installed by @kdebisschop in #119
- CIS 4.5.1.6 difok regex incorrectly matches any line by @kdebisschop in #120
- Fixes case sensitive umask setting by @dderemiah in #121
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #123
- Multiple issues with CIS 4.3.x sudo by @kdebisschop in #118
- Nov23 improvements by @uk-bolly in #117
- Release to main by @uk-bolly in #125
New Contributors
- @pre-commit-ci made their first contribution in #111
Full Changelog: 2.1.1...2.2.0
Contributors
kdebisschop, dderemiah, and 2 other contributors
Assets 2
CIS 2.0.1 Issues and improvements
What's Changed
- Cis 2.0.1 release by @uk-bolly in #91
- updated discord link by @uk-bolly in #92
- added to create when configured logfile does not exist by @uk-bolly in #94
- Issue #90 by @uk-bolly in #95
- updated badges by @uk-bolly in #96
- Fixes remount /tmp typo by @dderemiah in #93
- Grub passwd update by @uk-bolly in #98
- readme update and gitattributes by @uk-bolly in #99
- devel -> main cis 2.0.1 by @uk-bolly in #97
- Import tasks update by @uk-bolly in #100
- updated to import_tasks module by @uk-bolly in #101
New Contributors
- @dderemiah made their first contribution in #93
Full Changelog: 2.0...2.1
Contributors
dderemiah and uk-bolly
Assets 2
CIS 1.1.0
- lint files updated
- ansible version updated
- Lots of lint and standardisation changes
- fqcn
- Assertions for root and grub passwords
- Import tasks to allow tags to be used
- Warnings made standard
- warn count feature added
- workflow updates
- wireless interface discovery
- idempotency checks and updates
reboot variable changed from ubtu20_skip_reboot to skip_reboot (still default true)
Remediate portion
Issues and PRs address
-
#1 set bootloader pwd - Allowed unrestricted by default but set new variables
- Added extra variable options ubtu20cis_set_grub_password and ubtu20cis_set_root_password (defaults true)
-
#2 Ensure locks for failed attempts
-
#3 root path integrity
-
thanks to @vbotka
- #63 parse_etc_password
-
thanks to @makefu
- #67 UFW incoming firewall ports (optional)
-
thanks to @CFoltin
-
thanks to @hackery
- #70 TMOUT stops being repeated
Many improvements on multiple controls
Remediate and audit version now match. When using remediate will pull in latest version of audit for that release.
Audit
- updated goss version used
- aligned new variables with audit
- audit path used now default to /opt from /var/tmp
What's Changed
- Yamllint Check, Ansible-lint Chek, Module Updates, Bug #73&80 Fixed, Included FIX PR #81 by @MrSteve81 in #83
- Installing chrony removes systemd timesyncd by @kdebisschop in #79
- Issue 84 addressed by @uk-bolly in #85
- Ufw optional by @uk-bolly in #86
- Release to main branch by @uk-bolly in #87
New Contributors
- @MrSteve81 made their first contribution in #83
- @kdebisschop made their first contribution in #79
Full Changelog: v1.1.2...V1.1.3
Contributors
makefu, hackery, and 5 other contributors
Assets 2
Added Issue/PR Templates and Fixes
CIS Version: 1.1.0 (03-31-21)
Issue Fixes:
#20 - Typo in default/main.yml file
Enhancements:
- Added Issue templates
- Add PR template
CIS 1.1.0 Update and Enhancements
CIS Version: 1.1.0 (03-31-21)
Enhancements:
- Updates for version 1.1.0 of CIS benchmarks
- Gather more subsets to avoid undefined ansible_* variables
- Run information gathering commands even in check mode
Minor README and Contributing Updates
Changes:
- README.md updates
- Added CONTRIBUTING.rst
CIS Version: 1.0.0
Initial Release
Initial Ubuntu 20 CIS role