Skip to content

Content 0.1.49

Compare
Choose a tag to compare
@vojtapolasek vojtapolasek released this 13 Mar 12:46

Highlights:

  • Add OL8 Essential Eight profile (#5211)
  • Add support to Ignition remediation type (#5137)

Profiles changed in this release:

  • ol8: pci-dss, e8, ospp
  • rhel8: pci-dss, stig, ospp
  • ocp4: coreos-ncp, moderate
  • sle12: stig
  • rhel7: stig

Profiles:

  • Add OL8 Essential Eight profile (#5211)
  • Remove ocp4 checks (#5216)
  • Update OL8 PCI-DSS profile (#5191)
  • Add rsyslog TLS configuration to STIG (#5167)
  • Re-add configure_firewalld_rate_limiting to rhel7 stig profile (#5168)
  • remove Rsyslog rules from OSPP for Rhel8 (#5158)
  • ocp4/moderate: Remove check for AIDE package (#5146)
  • PCI-DSS profile should install audispd plugins (#5124)
  • Adjust OL8 OSPP profile (#5210)
  • ocp4/moderate: Enable more kernel module checks (#5136)
  • ocp4: Add controls that cover AC-2 better (#5134)
  • rhel8: modify rule selections for OSPP and STIG to meet baselines (#5181)
  • Enable rules that cover AU-9 better in OCP4 moderate profile (#5138)
  • ocp4/moderate: Add CM-* checks (#5129)
  • Add moderate profile (#5128)
  • Add dconf_db_up_to_date to RHEL8 STIG profile. (#5274)

Rules:

  • Sort prodtypes lexicographicaly (#5130)
  • Added OL support to ospp profile rules (#5203)
  • Update rpm_verification group rules with OL support (#5204)
  • Add OL support to packages and services rules (#5198)
  • Add OL support to policy audit rules (#5197)
  • Add OL support to configuring_ipv6 rules (#5196)
  • Add OL support to the partitions mount rules (#5195)
  • Add OL support to accounts user_umask rules (#5194)
  • Also remove 389-ds LDAP server (#5186)
  • Add check for read-write SNMP users (#5185)
  • Add RADIUS group and rule to remove server (#5188)
  • Permit setting sshd GSSAPI to yes (#5184)
  • Stig sle12 security patches up to date (#5192)
  • network_host_and_router_parameters group as machine-only (#5190)
  • Remove krb5-server (#5187)
  • Permit enforcement of nosuid on /var (#5183)
  • Add CCE identifier for openssh-server installed (#5189)
  • create checks for (grub2|uefi)_no_removeable_media (#5178)
  • Map missing SRG rules (#5177)
  • Split rule for audit sample rules according to audit component (#5110)
  • Add and fix few entries of SRG mapping (#5170)
  • create new rule for ipv4 tcp rate limiting through sysctl (#5126)
  • Add a rule for the openssl strong entropy wrapper (#5127)
  • Update OVAL templates with oval_affected macro. (#5148)
  • Add CCE identifiers to OCP moderate profile rules (#5149)
  • Add ocp4 prod to grub2_enable_fips_mode (#5140)
  • Add CoreOS CCE for service_auditd_enabled (#5133)
  • Added a few NIST references to audit related rules (#5131)
  • Add a shell lineinfile template (#5109)
  • Check EKU in rsyslog remote configuration (#5119)
  • audit package on ubuntu* is auditd. (#5117)

Tests:

  • fix wrong value in test scenario (#5214)
  • Introduce resolved profiles, and test for profile stability (#5209)
  • Fix newline discrepancies in jinja macros for file content (#5202)
  • fix regex in accounts_passwords_pam_faillock_deny (#5166)
  • Add support to Ignition remediation type (#5137)
  • Update crypto policies ospp scenarios (#5121)
  • Don't check for path length of logs directory (#5122)