Skip to content

Content 0.1.72

Compare
Choose a tag to compare
@github-actions github-actions released this 09 Feb 13:29
· 3065 commits to master since this release
7fb44f7

Important Highlights

  • ANSSI BP 028 profile for debian12 (#11368)
  • Building on Windows (#11406)
  • Control for BSI APP.4.4 (#11342)
  • update to CIS RHEL 7 and RHEL 8 profiles aligning them with the latest benchmarks

New Rules and Profiles

  • Add alinux2/alinux3 support for pci-dss compliance (#11398)
  • Add anolis23/anolis8 support for pci-dss compliance. (#11401)
  • Add new rule file_cron_allow_exists (#11441)
  • Add rules for /etc/shells (#11467)
  • Add rules STIG UBTU-20-010437 and UBTU-20-010451 (#11325)
  • ANSSI BP 028 profile for debian12 (#11368)
  • Control for BSI APP.4.4 (#11342)
  • Add rules for /etc/shells (#11467)
  • Add rules STIG UBTU-20-010437 and UBTU-20-010451 (#11325)

Updated Rules and Profiles

  • Review CIS RHEL8 v3.0.0 Section 3 (#11469)
  • Add 2 CCE-IDs for SLE12 & SLE15 (#11375)
  • Add package_firewalld_installed to RHEL 9 CIS (#11351)
  • align description of audit_rules_kernel_module_loading (#11443)
  • Align RHEL 7 CIS control file with CIS v4.0.0 - Section 3 (#11446)
  • Align RHEL 8 CIS control file with CIS v3.0.0 - Section 6 (#11462)
  • align rule audit_rules_privileged_commands_kmod (#11320)
  • Allow spaces in rule sudo_custom_logfile (#11433)
  • Enable Rules For OSBuild (#11362)
  • enable sshd_distributed_config for ubuntu 2004 & 2204 (#11305)
  • Fix a duplication of the code ID 3.5.2.1 (#11421)
  • Fix ANSSI URL in control file and update RHEL profiles (#11365)
  • Fix RHEL 8 STIG version (#11515)
  • Fix Service Applicability for RHEL 9 Profiles (#11367)
  • Handle rules trying to remove no longer existing packages (#11354)
  • Improve Performance on rules probing the whole file system (#11319)
  • Minor modifications to RHEL STIG profiles (#11327)
  • Move to /bin/false for disabling kernel modules (#11475)
  • Remove Alibaba Cloud Linux CIS-related profile and associated references (#11486)
  • Remove irrelevant rules from PCI-DSS profiles (#11338)
  • Remove timer_logrotate_enabled from some pci-dss profiles (#11349)
  • Remove warning from kubelet rule (#11243)
  • Review CIS RHEL8 v3.0.0 Section 1 - Initial Setup (#11445)
  • Review rpm_verify_hashes rule (#11332)
  • Review rpm_verify_ownership rule (#11333)
  • Review rpm_verify_permissions rule (#11335)
  • RHEL 7: change how xwindows is disabled in CIS profile (#11466)
  • RHEL 8: align with CIS 3, section 2 (#11457)
  • RHEL7 CIS: align section 2 with the final version (#11453)
  • Stablization: Update audit_ospp_general (#11520)
  • Support drop-in config in journald rules on RHEL (#11440)
  • Update CIS profiles descriptions (#11491)
  • Update grub2_mitigation_argument (#11271)
  • Update OL stig references (#11472)
  • Update OL8 STIG id references (#11451)
  • Update OL8 stig selection for OL08-00-040259 (#11312)
  • Update Oracle Linux anssi profiles (#11313)
  • Update RHEL 7 CIS Section 1 (#11449)
  • Update RHEL 7 STIG to V3R14 (#11477)
  • Update RHEL 8 STIG to V1R13 (#11478)
  • Update RHEL 9 STIG to V1R2 (#11479)
  • Update Select SSSD Rules for RHEL 7 STIG Update (#11476)
  • Update STIG version for SLES 12 and SLES 15 (#11357)
  • Update Ubuntu STIG-20-010072 and fix faillock rules (#11355)
  • Use correct HTML element for inline code (#11408)
  • various small fixes to RHEL 7 and RHEL 8 CIS (#11487)
  • xccdf_org.ssgproject.content_rule_accounts_tmout: replace 'declare' by 'typeset' (#11289)

Changes in Remediations

  • [Stabilization] fix regex used in Ansible remediation of configure_ssh_crypto_policy (#11525)
  • A fix into ansible part of the rule audit_rules_suid_privilege_function (#11170)
  • Add blueprint remedation for enable_fips_mode (#11363)
  • Add check if to continue with ansible task (#11299)
  • add explaining comment to mount_option bash template (#11444)
  • Add support to disable wifi interfaces via wicked (#11428)
  • Ansible: change the sysctl module fqcn for rhel7 product (#11465)
  • configure_bashrc_*_tmux: escape braces within regex in Ansible (#11388)
  • Do not change comments by remediations (#11434)
  • Fix Ansible in rule ensure_redhat_gpgkey_installed (#11413)
  • Fix in sebool ansible (#11245)
  • Fix ShellCheck Issues in CPE Checks (#11322)
  • fix: service_timesyncd_configured (#11410)
  • Make some improvements to bash remediation template (#11361)
  • Move to /bin/false for disabling kernel modules (#11475)
  • Sle15 fix ansible cis remediations (#11258)
  • Sle15 fix ansible hipaa remediation (#11264)
  • Sle15 fix ansible pci-dss remediations in check mode (#11263)
  • Stabilization - Fix Ansible compatibility with sysctl module (#11538)
  • Support drop-in config in journald rules on RHEL (#11440)
  • Turn off blueprint for package_MFEhiplsm_installed (#11350)
  • Turn off remedations for /dev/shm (#11364)
  • Use commit hash for image tag (#11233)

Changes in Checks

  • Add ocp platforms to some eks shared OVALs (#11436)
  • Fix audit key check in audit_rules_privileged_commands_fdisk (#11306)
  • Fix invoke parent's init function (#11400)
  • Generate OVAL document for each rule (#11291)
  • Improve Performance on rules probing the whole file system (#11319)
  • Move install_mcafee_hbss shared OVAL to the install_hids rule (#11432)
  • Rename inconsistent shared OVAL IDs (Oracle Linux) (#11392)
  • Review rpm_verify_ownership rule (#11333)
  • Review rpm_verify_permissions rule (#11335)
  • Support drop-in config in journald rules on RHEL (#11440)
  • Update Select SSSD Rules for RHEL 7 STIG Update (#11476)

Changes in the Infrastructure

  • Add Gate tests back to master (#11331)
  • Add missing group.yml (#11373)
  • Add Windows CI (#11412)
  • add XSLT_PATH prefix with environment override (#11390)
  • Adds an oscal directory and GitHub Actions workflow for upstream OSCAL content (#11286)
  • Building on Windows (#11406)
  • Control Files' level key must be an array (#11417)
  • Fix Debian 10 CI (#11426)
  • Fix duplicate OVAL ids (gpgkey package, GDM login) (#11377)
  • Fix invoke parent's init function (#11400)
  • Fixes update-oscal.yml to remove env context from matrix variables (#11374)
  • Generate OVAL document for each rule (#11291)
  • Ignore mypy in the EOF Checker (#11323)
  • OCP4: Update k8s action to build image on new PR (#11384)
  • Refactoring: Remove 'prodtype' Mk.2 (#11378)
  • Remove bogus specifier from audit_rules_privileged_commands_unix2_chkpwd (#11379)
  • remove the task which deletes artifacts from automatus GH workflows (#11482)
  • Update GitHub Artifacts Action Steps to v4 (#11411)
  • Validate levels in controls (#11427)
  • We should raise NotImplementedError (#11414)

Changes in the Test Suite

  • Allow tests/test_product_stability.py to be executed (#11464)
  • Fix OpenEmbedded name in test stability (#11463)
  • Fix Secure Boot Automatus VM Installs (#11239)
  • Fix tests for sudo_require_authentication (#11315)
  • OCP4: Fix e2e result on OCP 4.14 changes (#11207)
  • Update test-check-eof for smoke test (#11402)
  • Update Install VM to use Fedora 39 (#11418)

Documentation

  • Add documentation of the steps that OVAL content goes through during the build (#11336)
  • Add GitHub Actions Style Guide (#11330)
  • Add STIG Tables for RHEL 9 (#11376)
  • bump version to 0.1.72 (#11308)
  • Finish rename to Automatus (#11404)
  • Fix broken formatting (#11403)
  • Remove all contributors file (#11317)
  • Update contributors list for v0.1.72 release (#11483)
  • Update SRG GPOS to V2R7 (#11480)