CIS v2.0.1 Jan 2026 Updates

What's Changed

• .github standardization by @frederickw082922 in #187
• .github standardization by @frederickw082922 in #188
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #189
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #190
• Update main with latest pre-commits by @uk-bolly in #191
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #192
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #193
• Update to main by @uk-bolly in #194

New Contributors

• @frederickw082922 made their first contribution in #187

Full Changelog: 2.2.5...2.2.6

CIS v2.0.1 - Oct25 final updates

Based on Ubuntu 20.04 CIS v2.0.1

Overview

• issue 148 thanks to @karlg100
• workflow updates for new pipeline
• audit
  • updated files and variables
  • updated vars/audit.yml
  • improved when using local copies or archived

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #181
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #182
• Sept25 updates by @uk-bolly in #183
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #184
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #185
• Release to main by @uk-bolly in #186

Full Changelog: 2.2.4...2.2.5

CIS v2.0.1 June 2025 Updates

Final release of v2.0.1

Overview

audit updates
workflow improvements
pre-commit updates

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #171
• Updated march25 by @uk-bolly in #172
• Fetch and facts by @uk-bolly in #173
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #174
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #175
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #176
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #177
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #178
• Updated audit components by @uk-bolly in #179
• Release of v2.0.1 to main by @uk-bolly in #180

Full Changelog: 2.2.3...2.2.4

CIS v2.0.1 March 2025 Updates

CIS - V 2.0.1 - 27 Jun 2023

##Remediation
Pre-commit updates

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #154
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #155
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #156
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #157
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #158
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #159
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #160
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #161
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #162
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #163
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #164
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #165
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #166
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #167
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #168
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #169
• devel to main release by @uk-bolly in #170

Full Changelog: 2.2.2...2.2.3

CIS 2.0.1 - August 24 update

CIS - V 2.0.1 - 27 Jun 2023

Remediate

Issues closed and PRs merged - What's changed
Pre-commit updates
workflow updates

What's Changed

• use ubtu20cis_auditd[admin_space_left_action] by @kdebisschop in #142
• Do not make bootloader config less secure by @kdebisschop in #143
• Fix incorrect tag on cis_5.1.1.1.x.yml by @tekchansin in #144
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #145
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #146
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #147
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #150
• Issue 148, audit and workflow updates by @uk-bolly in #151
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #152
• workflow update devel to main by @uk-bolly in #153

New Contributors

• @tekchansin made their first contribution in #144

Full Changelog: 2.2.1...2.2.2

CIS 2.0.1 - March 24 update

CIS - V 2.0.1 - 27 Jun 2023

Remediate

Issues closed and PRs merged - What's changed
Pre-commit updates
Many improvements to different controls

AUDIT

• Audit only option added
• New goss binary now supported
• Audit variables tidied and moved

What's Changed

• Fix/cis 5 2 4 5 loop by @arousseau-coveo in #124
• fix prelim check to check for AIDE install rule and updates rule by @dderemiah in #130
• Groups the Defaults together by @dderemiah in #131
• Run post_remediation - quote group_names by @diepes in #128
• Fix regex to prevent swallowing closing quote in bootloader config. by @kdebisschop in #133
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #134
• Fixes a couple typos by @dderemiah in #135
• Fixes list privileged cmd collection to match benchmark by @dderemiah in #136
• Fix/ubtu20cis uses root default by @arousseau-coveo in #129
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #137
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #138
• fixed test for the arm64 conditional by @uk-bolly in #139
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #140
• cis2.0.1 release March 24 by @uk-bolly in #141

New Contributors

• @arousseau-coveo made their first contribution in #124
• @diepes made their first contribution in #128

Full Changelog: 2.2.0...2.2.1

CIS 2.0.1

What's Changed

• Cis 2.0.1 release by @uk-bolly in #91
• updated discord link by @uk-bolly in #92
• added to create when configured logfile does not exist by @uk-bolly in #94
• Issue #90 by @uk-bolly in #95
• updated badges by @uk-bolly in #96
• Fixes remount /tmp typo by @dderemiah in #93
• Grub passwd update by @uk-bolly in #98
• readme update and gitattributes by @uk-bolly in #99
• devel -> main cis 2.0.1 by @uk-bolly in #97
• Import tasks update by @uk-bolly in #100
• updated to import_tasks module by @uk-bolly in #101
• adds superusers and fixes issue #88 by @dderemiah in #102
• devel- main release by @uk-bolly in #103

New Contributors

• @dderemiah made their first contribution in #93

Full Changelog: V1.1.3...2.1.1

What's Changed

• collections and lint update by @uk-bolly in #104
• adds feature to allow rsync install CIS compliant by @dderemiah in #105
• fixes cron typo in rsyslog.conf generation by @dderemiah in #107
• rule 1.5.4 moved when in package list to service stop by @dderemiah in #108
• updated to use sleep variable and lint by @uk-bolly in #109
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #111
• auditd 5.2.3.12 logins should refer to /var/run/faillock by @kdebisschop in #114
• updated typos and layout by @uk-bolly in #110
• removes unexpected variable by @dderemiah in #122
• CIS 2.1.1.1 should not fail if systemd-timesyncd is not installed by @kdebisschop in #119
• CIS 4.5.1.6 difok regex incorrectly matches any line by @kdebisschop in #120
• Fixes case sensitive umask setting by @dderemiah in #121
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #123
• Multiple issues with CIS 4.3.x sudo by @kdebisschop in #118
• Nov23 improvements by @uk-bolly in #117
• Release to main by @uk-bolly in #125

New Contributors

• @pre-commit-ci made their first contribution in #111

Full Changelog: 2.1.1...2.2.0

CIS 2.0.1 Issues and improvements

What's Changed

• Cis 2.0.1 release by @uk-bolly in #91
• updated discord link by @uk-bolly in #92
• added to create when configured logfile does not exist by @uk-bolly in #94
• Issue #90 by @uk-bolly in #95
• updated badges by @uk-bolly in #96
• Fixes remount /tmp typo by @dderemiah in #93
• Grub passwd update by @uk-bolly in #98
• readme update and gitattributes by @uk-bolly in #99
• devel -> main cis 2.0.1 by @uk-bolly in #97
• Import tasks update by @uk-bolly in #100
• updated to import_tasks module by @uk-bolly in #101

New Contributors

• @dderemiah made their first contribution in #93

Full Changelog: 2.0...2.1

CIS 1.1.0

• lint files updated
• ansible version updated
• Lots of lint and standardisation changes
• fqcn
• Assertions for root and grub passwords
• Import tasks to allow tags to be used
• Warnings made standard
• warn count feature added
• workflow updates
• wireless interface discovery
• idempotency checks and updates

reboot variable changed from ubtu20_skip_reboot to skip_reboot (still default true)

Remediate portion

Issues and PRs address

• #1 set bootloader pwd - Allowed unrestricted by default but set new variables

  • Added extra variable options ubtu20cis_set_grub_password and ubtu20cis_set_root_password (defaults true)

• #2 Ensure locks for failed attempts

• #3 root path integrity

• thanks to @vbotka

  • #63 parse_etc_password

• thanks to @makefu

  • #67 UFW incoming firewall ports (optional)

• thanks to @CFoltin

  • #68 logrotate alignment
  • #69 stop rule overwrite UFW

• thanks to @hackery

  • #70 TMOUT stops being repeated

Many improvements on multiple controls
Remediate and audit version now match. When using remediate will pull in latest version of audit for that release.

Audit

• updated goss version used
• aligned new variables with audit
• audit path used now default to /opt from /var/tmp

What's Changed

• Yamllint Check, Ansible-lint Chek, Module Updates, Bug #73&80 Fixed, Included FIX PR #81 by @MrSteve81 in #83
• Installing chrony removes systemd timesyncd by @kdebisschop in #79
• Issue 84 addressed by @uk-bolly in #85
• Ufw optional by @uk-bolly in #86
• Release to main branch by @uk-bolly in #87

New Contributors

• @MrSteve81 made their first contribution in #83
• @kdebisschop made their first contribution in #79

Full Changelog: v1.1.2...V1.1.3

Added Issue/PR Templates and Fixes

CIS Version: 1.1.0 (03-31-21)

Issue Fixes:
#20 - Typo in default/main.yml file

Enhancements:

• Added Issue templates
• Add PR template