Releases
v0.1.49
Highlights:
Add OL8 Essential Eight profile (#5211 )
Add support to Ignition remediation type (#5137 )
Profiles changed in this release:
ol8: pci-dss, e8, ospp
rhel8: pci-dss, stig, ospp
ocp4: coreos-ncp, moderate
sle12: stig
rhel7: stig
Profiles:
Add OL8 Essential Eight profile (#5211 )
Remove ocp4 checks (#5216 )
Update OL8 PCI-DSS profile (#5191 )
Add rsyslog TLS configuration to STIG (#5167 )
Re-add configure_firewalld_rate_limiting to rhel7 stig profile (#5168 )
remove Rsyslog rules from OSPP for Rhel8 (#5158 )
ocp4/moderate: Remove check for AIDE package (#5146 )
PCI-DSS profile should install audispd plugins (#5124 )
Adjust OL8 OSPP profile (#5210 )
ocp4/moderate: Enable more kernel module checks (#5136 )
ocp4: Add controls that cover AC-2 better (#5134 )
rhel8: modify rule selections for OSPP and STIG to meet baselines (#5181 )
Enable rules that cover AU-9 better in OCP4 moderate profile (#5138 )
ocp4/moderate: Add CM-* checks (#5129 )
Add moderate profile (#5128 )
Add dconf_db_up_to_date to RHEL8 STIG profile. (#5274 )
Rules:
Sort prodtypes lexicographicaly (#5130 )
Added OL support to ospp profile rules (#5203 )
Update rpm_verification group rules with OL support (#5204 )
Add OL support to packages and services rules (#5198 )
Add OL support to policy audit rules (#5197 )
Add OL support to configuring_ipv6 rules (#5196 )
Add OL support to the partitions mount rules (#5195 )
Add OL support to accounts user_umask rules (#5194 )
Also remove 389-ds LDAP server (#5186 )
Add check for read-write SNMP users (#5185 )
Add RADIUS group and rule to remove server (#5188 )
Permit setting sshd GSSAPI to yes (#5184 )
Stig sle12 security patches up to date (#5192 )
network_host_and_router_parameters group as machine-only (#5190 )
Remove krb5-server (#5187 )
Permit enforcement of nosuid on /var (#5183 )
Add CCE identifier for openssh-server installed (#5189 )
create checks for (grub2|uefi)_no_removeable_media (#5178 )
Map missing SRG rules (#5177 )
Split rule for audit sample rules according to audit component (#5110 )
Add and fix few entries of SRG mapping (#5170 )
create new rule for ipv4 tcp rate limiting through sysctl (#5126 )
Add a rule for the openssl strong entropy wrapper (#5127 )
Update OVAL templates with oval_affected macro. (#5148 )
Add CCE identifiers to OCP moderate profile rules (#5149 )
Add ocp4 prod to grub2_enable_fips_mode (#5140 )
Add CoreOS CCE for service_auditd_enabled (#5133 )
Added a few NIST references to audit related rules (#5131 )
Add a shell lineinfile template (#5109 )
Check EKU in rsyslog remote configuration (#5119 )
audit package on ubuntu* is auditd. (#5117 )
Tests:
fix wrong value in test scenario (#5214 )
Introduce resolved profiles, and test for profile stability (#5209 )
Fix newline discrepancies in jinja macros for file content (#5202 )
fix regex in accounts_passwords_pam_faillock_deny (#5166 )
Add support to Ignition remediation type (#5137 )
Update crypto policies ospp scenarios (#5121 )
Don't check for path length of logs directory (#5122 )
You can’t perform that action at this time.