Skip to content

Content 0.1.65

Compare
Choose a tag to compare
@github-actions github-actions released this 02 Dec 20:15
· 8994 commits to master since this release
02a143d

Important Highlights

  • Introduce cui profile for OL9 (#9638)
  • Remove Support for OVAL 5.10 (#9604)
  • Rename account_passwords_pam_faillock_audit (#9462)
  • CI ansible hardening and rename of existing Bash hardening (#9796)
  • Update contributors list for v0.1.65 release (#9843)

New Rules and Profiles

  • Add profile for SUSE SAP Public Cloud Images (#9571)
  • Introduce cui profile for OL9 (#9638)
  • Created SLES 12 PCI DSS 4.0 profile and added rules to it (#9729)
  • Add new rules related to system banners - /etc/issue.net (#9733)
  • add new rule logind_session_timeout (#9475)
  • Pci dss shadow rule (#9756)

Updated Rules and Profiles

  • Update chronyd_no_chronyc_network to align with RHEL9 STIG (#9505)
  • Update rules for RHEL 9 STIG (#9512)
  • Update chronyd_client_only to align with RHEL9 STIG (#9500)
  • Update rules for RHEL 9 STIG (#9527)
  • RHEL9 stig_gui: don't remove GUI (#9581)
  • Remove RPM verify rules from RHEL 9 STIG (#9591)
  • Rule updates wrt RHEL9 STIG (#9509)
  • Clarify instructions for implementing SCCs (#9569)
  • Added SLES_15/12 CCE codes related to rules in the group restict_at_c… (#9643)
  • Add pci-dss rules (#9627)
  • Two small corrections (#9644)
  • Added 6 SLES 15/12 CCE codes to the rules sshd_... (#9669)
  • Add PCI-DSS rules (#9645)
  • CIS RHEL8 gnome related requirements (#9670)
  • Add dconf_gnome_disable_user_list to the RHEL 9 STIG (#9677)
  • RHEL 9 STIG Fix Up (#9676)
  • Added CCE number for SLES_15 in the rule sshd_use_approved_ciphers (#9680)
  • Added 4 SLES 15/12 codes to the rules group_unique_id/name (#9682)
  • Add support for PCI DSS v3.2.1 for SLE12 (#9613)
  • service_ntp_enabled: Fix description as service name is ntp (#9707)
  • Fix issue introduced in commit 1ba11cb (#9692)
  • remove ospp-mls.profile (#9710)
  • Add pcidss Req-ids (#9705)
  • Ubuntu 20.04: fix grub2 password related rules (#9708)
  • Fix rsyslog_remote_tls Remediations (#9711)
  • Added 2 SLES 15/12 CCE codes to the rule disable_prelink (#9706)
  • Assign RHEL-07-010271 to account_emergency_expire_date. (#9717)
  • Ubuntu 20.04 CIS Level1 profile: add package_pam_pwquality_installed (#9721)
  • Add Ubuntu specific bash for ensure_rsyslog_log_file_configuration (#9719)
  • install_smartcard_packages: Add Ubuntu specific remediation (#9720)
  • Ubuntu 20.04: Make sure xatrr audit rules contains a check for root user (#9722)
  • Added rules to PCI DSS 4.0 SLES 15 profile (#9716)
  • Add pci-dss rules to SLE15 (#9728)
  • Refactor firewalld_sshd_port_enabled rule (#9712)
  • Added 4 rules to SLES 12/15 PCI DSS 4.0 profiles (#9735)
  • Update SLE 15 SAP hardening profile (#9742)
  • Update RHEL8 STIG to V1R8 (#9780)
  • Update RHEL7 STIG to V3R9 (#9781)
  • Align ClientAliveCountMax and ClientAliveInterval on RHEL8 STIG V1R8 (#9784)
  • Removed wrong rule from hipaa.profile (#9840)
  • Stabilization: Include warning regarding quota options in XFS (#9877)
  • Stabilization: Update the sshd_set_keepalive regarding ClientAliveCountMax (#9868)

Removed Products

  • Remove the VSEL Product (#9547)
  • Remove the fuse6 product (#9544)
  • Remove the Debian 9 Product (#9546)
  • Remove the JRE product (#9545)

Changes in Remediations

  • Move kernel_module_disabled use more genric RHEL in conditionals (#9450)
  • Improve ansible remediation of accounts_umask_etc_login_defs (#9490)
  • Add bash and ansible remediation for rsyslog_remote_tls (#9484)
  • Fix rsyslog_remote_tls Remediations (#9711)
  • Add Ubuntu specific bash for ensure_rsyslog_log_file_configuration (#9719)
  • install_smartcard_packages: Add Ubuntu specific remediation (#9720)
  • Fix config file and interpreter check control flow (#9695)
  • Refactor firewalld_sshd_port_enabled rule (#9712)
  • Dconf macros update to align them with OVAL expectation (#9751)
  • rsyslog_files_permissions: Consider the last field in the config line the log file path (#9750)
  • Fix nmcli bug (#9773)
  • Align service_disabled template to service_enabled (#9806)
  • Remove deprecated warn parameter from Ansible command module (#9807)
  • CI ansible hardening and rename of existing Bash hardening (#9796)
  • Stabilization: Make Ansible remediation less prone to fatal errors (#9911)

Changes in Checks

  • Move kernel_module_disabled use more genric RHEL in conditionals (#9450)
  • Update accounts_password template's OVAL (#9459)
  • OCP4: Fix OCIL of machine_volume_encrypted (#9597)
  • Clarify instructions for implementing SCCs (#9569)
  • Remove jinja condition to make rule applicability to all products in Kerberos rules (#9412)
  • Ubuntu 20.04: fix grub2 password related rules (#9708)
  • Add Ubuntu specific bash for ensure_rsyslog_log_file_configuration (#9719)
  • Refactor firewalld_sshd_port_enabled rule (#9712)
  • Dconf macros update to align them with OVAL expectation (#9751)

Changes in the Infrastructure

  • Remove superflous check of rule ID consistency (#9539)
  • Add tests to auditd_lineinfile template (#9519)
  • Generate XCCDF 1.2 directly (#9464)
  • Add support for regulated fields (#9553)
  • SRG Import/Export Uses Policy Specific Content (#9570)
  • Add Git Mail Map (#9573)
  • Remove ident_size for .py files from editorconfig (#9603)
  • Make CodeClimate to use .editorconfig (#9630)
  • Remove function drop_oval_definitions (#9629)
  • Add mypy to CI (#9430)
  • Remove shorthand.xml from the build process (#9548)
  • Remove XCCDF 1.1 from enable_derivatives.py (#9654)
  • Remove XCCDF 1.1 from profile tool (#9655)
  • Remove unused import (#9656)
  • Remove XCCDF 1.1 from ssg/xccdf.py (#9657)
  • Remove Support for OVAL 5.10 (#9604)
  • Import SRG content for RHEL9 (#9574)
  • Don't use editorconfig to check for indentation (#9653)
  • Remove get_fixgroup_for_type (#9661)
  • Remove superfluous XML namespaces from HTML tables (#9662)
  • Update sysctl template's OVAL and tests to align with STIG (#9458)
  • Remove unused XSLT xccdf2table-profileanssirefs.xslt (#9659)
  • CMake Improvements (#9646)
  • Remove Travis CI (#9683)
  • Remove comparison utilities (#9688)
  • Create unit tests for ssg.id_translate (#9624)
  • Add unit tests of XCCDF 1.2 elements (#9617)
  • Add unit tests for warnings and sub elements (#9637)
  • Refactor and speed up combine_ovals.py (#9689)
  • Fix unit tests to work with CentOS 7 (#9727)
  • make CPE items compiled during the build process (#9700)
  • SRG Diff: Add section for rows without a CCE (#9763)
  • Make the utils/srg_diff.py more generic (#9767)
  • parametrize methods for getting remediation conditionals of XCCDF platforms (#9777)
  • build_remediations.py: deduplicate code which retrieves conditionals (#9779)
  • Add sorted results to srg_diff (#9778)
  • Add Smoke Tests for Some Scripts (#9787)
  • Platforms can accept parameters and pass them to underlying CPE items (#9799)
  • Do not remove blank lines when building profile playbook (#9809)
  • SRG Export XLSX in CMake (#9811)
  • Add config for Ansible lint (#9838)

Changes in the Test Suite

  • [Master] add accounts_password_set_max_life_existing to unselect_rules_list (#9554)
  • Fix issue introduced in commit 1ba11cb (#9692)
  • Add tests to rule dconf_gnome_screensaver_idle_activation_enabled (#9701)
  • Refactor firewalld_sshd_port_enabled rule (#9712)
  • Complete tests to validate Ol9 pci dss profile (#9739)
  • Add tests to accounts_password template (#9743)
  • Do not instantiate Builder() when running Automatus (#9755)
  • Fix Automatus --duplicate-templates (#9766)
  • accounts_password_pam_retry: Add test for dupes and conflicts (#9805)
  • accounts_passwords: Add tests for value conflicts and duplicates (#9804)
  • sshd_lineinfile: Add tests for duplicated params (#9802)
  • CI ansible hardening and rename of existing Bash hardening (#9796)
  • Stabilization: Ensure pwquality.conf.d dir exists on test scenarios (#9864)

Documentation

  • Doc fix up (#9596)
  • Add PR gating guideline (#9611)
  • Move to MyST as recommonmark and CommonMark are not supported (#9560)
  • Fix docs refs (#9704)
  • Include SLE products into the CCE tooling for auto assignment (#9714)
  • Docs/developer: Mention that rules will inherit its group(s) platforms (#9635)
  • Reformulate the release process documentation (#9736)
  • Update gitignore (#9810)
  • Document rule deprecation instructions and agreements (#9797)
  • Update contributors list for v0.1.65 release (#9843)
  • Add Sanity Test for generate_contributors.py (#9845)