8000 Release Content 0.1.77 · ComplianceAsCode/content · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Content 0.1.77

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 02 Jun 19:42
· 286 commits to master since this release
v0.1.77
c1e1ba1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Important Highlights

  • Introduce Architecture Decisions Records (#13019)
  • Move stablization to the third Monday of the second month (#13119)
  • Remove CCI References (#13397)
  • Remove macOS content (#13158)

New Rules and Profiles

  • [ubuntu2404] New rule: remove pkg inetutils-telnet (#13095)
  • add a check for secure boot enabled (#13094)
  • Add a default profile for Ubuntu2404 to add all rules to the datastream (#13022)
  • Add draft profile and control file for Ubuntu 24.04 STIG (#13288)
  • Add new rule for rootfiles package (#13134)
  • Add Rule for STIG Sub-Crypto Policies (#13393)
  • Implement STIG id Ol09-00-000242 (#13464)
  • Introduce new rule audit_rules_dac_modification_fchmodat2 (#13335)
  • Introduce rule enable_gpgcheck_for_all_repositories (#13156)
  • new rule sysctl_use_max_user_namespaces_no_remediation (#13351)
  • OPENSCAP-4913 - Update audit_file_deletion_events group for RHEL 10 (#13179)
  • RHEL 10 SRG GPOS PAM Hashing Update (#13421)

Updated Rules and Profiles

  • [ubuntu2404] Add ubuntu specific configuration path (#13096)
  • [Ubuntu2404] Fix rule 5.3.3.4.1 (#12940)
  • Add /sbin/audisp-syslog to audit binary rules (#13251)
  • Add dconf rules dependencies sle (#13063)
  • Add new rule for rootfiles package (#13134)
  • Add OL08-00-010423 to OL8 STIG profile (#13377)
  • Add Ol09-00-002151 to OL9 STIG (#13435)
  • Add recommendation about authselect (#13356)
  • Add Rule for STIG Sub-Crypto Policies (#13393)
  • Add xccdf status to profiles (#13045)
  • Align audit OSPP rules with audit upstream (#13295)
  • Apply 1.1.1.8 to server_l1 to match the benchmark on RHEL 8 (#13103)
  • audit_ospp_general_ppc64le: architecture cannot contain 32 bit rules (#13433)
  • dir_perms_world_writable_sticky_bits: add warning (#13466)
  • Drop irrelevant rules for SLE platform (#13475)
  • fix accounts_password_pan_rety oval check for Debian (#13174)
  • Fix logind_session_timeout in anssi controls (#13189)
  • Fix set_password_hashing_min_rounds_logindefs (#13004)
  • Fix SLE15 CIS Ensure AppArmor is installed (#13264)
  • Fix variable name in Ubuntu 22.04 CIS profiles (#12981)
  • Fixes related to STIG and SSH cryptopolicy (#13042)
  • fixes to grub2 admin user and password rules (#13467)
  • Handle XCCDF variable in key_value_pair_in_file template (#13051)
  • Improve AlmaLinux OS support (#13409)
  • Improve description in accounts_passwords_pam_faillock_dir (#13348)
  • Make accounts password pam pwhistory remember rule use template for SLE etc (#13343)
  • new rule sysctl_use_max_user_namespaces_no_remediation (#13351)
  • Ol9 stig v1r1 (#13413)
  • OPENSCAP-4913 - Update audit_file_deletion_events group for RHEL 10 (#13179)
  • OPENSCAP-4921, OPENSCAP-4922, OPENSCAP-4923, OPENSCAP-4924: Change audit watches for ARLE (#13194)
  • OPENSCAP-4926 - Use template in audit_rules_mac_modification_usr_share (#13273)
  • OPENSCAP-4927 - Update audit_rules_media_export (#13206)
  • OPENSCAP-4928 - Fix description in audit_rules_networkconfig_modification (#13207)
  • OPENSCAP-4930, OPENSCAP-4931, OPENSCAP-4932, OPENSCAP-4933, OPENSCAP-4934, OPENSCAP-4935, OPENSCAP-4936, OPENSCAP-4937, OPENSCAP-4938, OPENSCAP-4939, OPENSCAP-4940, OPENSCAP-4941, OPENSCAP-4942, OPENSCAP-4943, OPENSCAP-4944, OPENSCAP-4945, OPENSCAP-4946, OPENSCAP-4947 Add arch filter to ARPC (#13213)
  • OPENSCAP-4948 - Use modern audit watches in audit_rules_session_events (#13262)
  • OPENSCAP-4949, OPENSCAP-4950 - Change audit watches in rule audit_rules_sudoers and audit_rules_sudoers_d (#13218)
  • OPENSCAP-4951: Support modern watches in audit_rules_sysadmin_actions (#13242)
  • OPENSCAP-4952: Use template in audit_rules_time_watch_localtime (#13244)
  • OPENSCAP-4954, OPENSCAP-4955, OPENSCAP-4956, OPENSCAP-4957: Use audit_rules_watch template instead of audit_rules_usergroup_modification (#13249)
  • OPENSCAP-4959 - Add arch filter to directory_access_var_log_audit (#13215)
  • OPENSCAP-5471 Enhance systemd_dropin_configuration template (#13208)
  • Release Ubuntu 24.04 CIS v1.0.0 profiles (#13072)
  • Remove sysctl_user_max_user_namespaces from RHEL 10 STIG (#13243)
  • Remove CIS profile for slmicro5 (#13457)
  • Remove from OL8 STIG not STIG related rules (#13246)
  • Remove RHEL-09-672035 and RHEL-09-672040 from RHEL 9 STIG (#12973)
  • Remove rule enable_authselect from RHEL10 (#13341)
  • Replace pam_unix_remember with pam_pwhistory_remember (#13390)
  • Revert the uid back to rsyslog for the rule file_owner_var_log_syslog (#13169)
  • RHEL 10 SRG GPOS PAM Hashing Update (#13421)
  • RHEL: remove talk related rules (#13327)
  • rhel10 ospp: remove package_scap-security-guide_installed (#13434)
  • rsyslog_remote_loghost: support Rainer Script in OVAL (#13274)
  • Rule: sshd_include_crypto_policy, drop remediations, improve OVAL (#13028)
  • SLE15 nfs and dhcp disable service fixes (#13186)
  • SLE15 Use socket disable template for telnet (#13154)
  • Specify platform specific packages for xwindows_remove_packages rule (#12853)
  • Update CA file path (#13328)
  • Update harden_sshd_ciphers/macs_opensshserver_conf_crypto_policy (#13374)
  • Update ol10 profiles (#13292)
  • Update ol8 STIG (#13378)
  • Update OL9 hipaa profile (#13253)
  • Update OL9 profiles (#13101)
  • Update RHEL 10 Profiles Titles (#12990)
  • Update rule package_bind_removed for RHEL 9.6 (#13168)
  • Update SLE15 and SLE12 ANSSI profiles (#13190)
  • Update STIG IDs for SSH Client MAC and Ciphers rules on RHEL 8 (#13404)
  • Update Ubuntu 22.04 STIG to V2R3 (#13167)

Removed Products

  • Remove macOS content (#13158)

Changes in Remediations

  • [Ubuntu] Insert to beginning of file in Ubuntu (#13290)
  • Change checks for rexec and rlogin to use xinetd configuration (#13185)
  • Change the way in which applicability of selinux platform is determined (#13173)
  • dir_system_commands_* remediation fixes and applicability for all products (#13298)
  • Fix accounts_user_dot_user/group_ownership to only remediate regular files (#13178)
  • Fix dconf key for idle-delay lock on Ubuntu (#13112)
  • Fix oval and remediations for journald-upload rules (#13050)
  • Fix rule accounts_passwords_pam_tally2 (#13308)
  • Fix set_password_hashing_min_rounds_logindefs (#13004)
  • Improve bash/ansible_ensure_pam_module_option macros (#13405)
  • OPENSCAP-4951: Support modern watches in audit_rules_sysadmin_actions (#13242)
  • OPENSCAP-4959 - Add arch filter to directory_access_var_log_audit (#13215)
  • OPENSCAP-5471 Enhance systemd_dropin_configuration template (#13208)
  • RHEL 10 Ansible fixes (#13458)
  • RHEL 9 Ansible fixes (#13455)
  • Rule: sshd_include_crypto_policy, drop remediations, improve OVAL (#13028)
  • Rule: sshd_include_crypto_policy, platform: not osbuild (#13008)
  • SLE Add dependency to crypto-policies-scripts package (#13088)
  • Specify platform specific packages for xwindows_remove_packages rule (#12853)
  • Update Ansible find task to report on broken symbolic links, matching STIG vulnerability scanning behavior (#13386)
  • Update bash_sudo_remove_config macro (#13122)
  • Update enable_authselect remediation on bootable containers (#13131)
  • Update harden_sshd_ciphers/macs_opensshserver_conf_crypto_policy (#13374)
  • Update regex to support RainerScript in rsyslog_cron_logging (#13172)
  • Update shared.yml (#13320)
  • Use fully qualified collection name for community.general.ini_file (#13184)

Changes in Checks

  • Add Ubuntu 22.04 to the list of FIPS certified OS (#13132)
  • Change checks for rexec and rlogin to use xinetd configuration (#13185)
  • Fix Memory Usage for file_(group)owner (#13306)
  • Fix accounts_password_pam_retry (#13144)
  • Fix file_groupowner_etc_chrony_keys OVAL check (#13248)
  • Fix oval and remediations for journald-upload rules (#13050)
  • Fix sshd oval check for SLE15, SLEM5 and opensuse (#13197)
  • Fix typos and exclude symlinks in file_(group)ownerships_var_log rules (#13111)
  • Fixes related to STIG and SSH cryptopolicy (#13042)
  • Make accounts password pam pwhistory remember rule use template for SLE etc (#13343)
  • OPENSCAP-4959 - Add arch filter to directory_access_var_log_audit (#13215)
  • OPENSCAP-5471 Enhance systemd_dropin_configuration template (#13208)
  • oval macro: remove no longer used special case for sshd rules (#13193)
  • rsyslog_remote_loghost: support Rainer Script in OVAL (#13274)
  • Rule: sshd_include_crypto_policy, drop remediations, improve OVAL (#13028)
  • SLE Add dependency to crypto-policies-scripts package (#13088)
  • Specify platform specific packages for xwindows_remove_packages rule (#12853)
  • Update harden_sshd_ciphers/macs_opensshserver_conf_crypto_policy (#13374)
  • Update regex to support RainerScript in rsyslog_cron_logging (#13172)
  • Update rule package_bind_removed for RHEL 9.6 (#13168)

Changes in the Infrastructure

  • Add product_properties to open_environment for build tests (#13223)
  • Add required to controlseval.py --product switch (#13136)
  • Add rule removed test (#13358)
  • Add tar.gz file of the build data streams (#13321)
  • Add xccdf status to profiles (#13045)
  • build_product: add --render-test-scenarios option (#13309)
  • Clean Up CMake and build_product Product List (#13280)
  • Fail if the build causes empty OCIL (#13148)
  • Fix Memory Usage for file_(group)owner (#13306)
  • Fix stabilization job (#13367)
  • Fix timestamps for data-stream composition (#12625)
  • Format thin data streams (#13416)
  • Improve profile stability test (#13476)
  • Introduce Architecture Decisions Records (#13019)
  • Make Delta tailoring for RHEL 8 only (#13120)
  • Make overrding tests work in built tests (#13330)
  • OCPBUGS-55180: Fix file groupowner oval template on OCP (#13357)
  • OPENSCAP-4118 - Add script to build tests (#13029)
  • Remove CCI References (#13397)
  • Remove Ubuntu 20.04 from Gating (#13294)
  • Remove unnecessary Jinja2 macros in control files (#13180)
  • Speed up build by using JSON for interim atifacts (#13445)
  • Stop adding list of contributors to thin data streams (#13453)
  • Stop processing templated remediations by Jinja (#13471)
  • Stop using deprecated CMake code (#13089)
  • Update Logic and Data for IA Control on SRG Export (#13269)
  • Update release script based on new stabilization date (#13140)
  • We don't care about Windows (#13212)

Changes in the Test Suite

  • [Ubuntu] Drop pam config for faillock audit tests (#13362)
  • accounts_authorized_local_users: align test scenario with remediation (#13318)
  • Add rhel10 stability test data (#13091)
  • Add templated tests to tests/validate_automatus_metadata.py (#12985)
  • Clean up unit tests a bit (shebang, metadata consistency) (#13220)
  • dir_group_ownership_library_dirs: exclude test scenario (#13372)
  • enable_dracut_fips_module: test scenario does not expect remediation on rhel (#13303)
  • file_owner template: add no_remediation option (#13382)
  • Fix variables= for chronyd_configure_pool_and_server tests (#13252)
  • Fix double mknod, expect PATH entries not existing in tests (#13229)
  • Fix sshd_set_idle_timeout for RHEL 10 (#13411)
  • gid_passwd_group_same: test scenario does not expect remediation (#13304)
  • Improve platform processing in Automatus (#13162)
  • Improve snapshot handling in automatus (#13138)
  • Make sure latest ansible setup works on sle15 (#13389)
  • Make the RHEL Automatus work with 10.1 (#13442)
  • network_configure_name_resolution: test scenarios know there is no remediation (#13324)
  • package_bind_removed: unify test scenarios (#13392)
  • package_libselinux_installed: enhance test scenarios (#13299)
  • package_pam_pwquality_installed: add custom test scenarios (#13326)
  • package_sudo_installed: limit test scenarios (#13380)
  • postfix_client_configure_mail_alias: adjust test scenario (#13334)
  • remove scapval test from gating (#13250)
  • Remove superfluous TSs from grub2_audit_backlog_limit_argument (#13452)
  • sebool_deny_execmem: add custom test scenario (#13301)
  • selinux_all_devicefiles_labeled: modify test scenarios (#13339)
  • sssd_enable_certmap: notify test scenario that there is no remediation (#13317)
  • sudo_restrict_privilege_elevation_to_authorized: test scenario update (#13325)
  • sysctl template: add new option no_remediation (#13302)
  • systemd_mount_enabled template: enable mount in passing test scenario (#13340)
  • Ubuntu: Make stig not applicable for Ubuntu2404 (#13046)

Documentation

  • Add ADR to docs and platform clean up (#13221)
  • Fix Docs Build (#13260)
  • Introduce Architecture Decisions Records (#13019)
  • Move governance to its own section (#13195)
  • Move stablization to the third Monday of the second month (#13119)
  • Remove Napoleon as is no longer needed (#13247)
  • Update scripts in the creating content doc (#13031)
  • Various Small Fixes in the Style Guide (#13387)

Fixed Bugs

  • [Stabilization]: update outdated links to documentation (#13503)
  • Add audit_rules_mac_modification_etc_selinux to the PCI DSS 4 control file (#13281)
  • Add missing RHEL8 stig id to rootfiles_configured (#13161)
  • Change the way in which applicability of selinux platform is determined (#13173)
  • Fix ansible platform in network_nmcli_permissions for RHEL 9 (#13145)
  • Fix Automatus Issues for RHEL - OPENSCAP-5515 (#13284)
  • Fix permissions for shadow files on Ubuntu 24.04 (#13092)
  • Fix set_password_hashing_min_rounds_logindefs (#13004)
  • Fixes related to STIG and SSH cryptopolicy (#13042)
  • OPENSCAP-5464: Use more fine granular audit rules for E8 and ISM profiles in RHEL (#13149)
  • OPENSCAP-5471 Enhance systemd_dropin_configuration template (#13208)
  • Remove the second enable_dracut_fips_module in enable_fips_mode (#12983)
  • Revert #13049 (#13375)
  • rsyslog_remote_loghost: support Rainer Script in OVAL (#13274)
Assets 8
Loading
0