-
Notifications
You must be signed in to change notification settings - Fork 5
/
ChangeLog
97 lines (80 loc) · 4.86 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
2021-09-24
-- Scenario: Enable Nested VT-x in cape-vm scenario (VirtualBox).
-- Scenario: Expose TCP port 9090 in cape-vm scenario to allow access to cockpit.
-- Scenario: Experiment replacing VirtualBox with KVM/QEMU/Libvirt for cape-vm development scenario.
-- Role dependencies: Install latest kernel (linux-generic-hwe-20.04) to ensure BPF support.
-- Role dependencies: Install updated apparmor parser to support libvirt apparmor profile BPF and PERFMON capabilities parsing.
-- Role KVM: Complete libvirt setup tasks.
-- Role KVM: Complete libguestfs setup tasks.
-- Role KVM: Randomize more values in QEMU Anti-VM.
-- Role KVM: Add tasks for setting up virt-manager.
-- Role KVM: Add tasks for setting up cockpit.
-- Role KVM: Upgrade to QEMU 6.1.0 and Libvirt 7.7.0
-- Role CIS: Add tasks for Section 4 of the CIS for Ubuntu Benchmarks.
-- Role CAPA: Update role to better support CAPA versions 2 and 3 (in progress).
-- Docs: Update Security_Automation_Tracker.
-- Docs: Update development documentation to illustrate using KVM/QEMU/Libvirt for cape-vm development scenario.
2021-08-13
-- Role: Update KVM role incorporating additional QEMU Anti-VM countermeasures (by @doomedraven).
-- Role: Update Suricata role to accommodate installation changes from upstream.
-- Role: Update Suricata role to enable file-store by default.
-- Role: Update dependencies role to pull requirements file from upstream repo. It is no longer separately maintained.
-- Role: Update dependencies role to add Ubuntu security main repo.
2021-07-17
-- Role: Significant updates to CIS for Ubuntu role adding 58 compliance tasks across various sections.
-- Role: Update ClamAV role to replace ClamAV apparmor definitions.
-- Role: Update dependencies role to automate fixing 'Error 1: distutils' when running cape-vm scenario.
-- Role: Update dependencies role with updated requirements file.
-- Docs: Update documentation.
2021-07-01
-- Role: Add Section 1, Section 2 and partial Section 4 tasks for CIS for Ubuntu.
-- Role: Update volatility role to set correct permissions on symbols.
-- Role: Add psutil to requirements.txt in depedencies role.
-- Docs: Update documentation.
2021-06-18
-- Role: Initial CIS for Ubuntu role and tasks.
-- Docs: Update Security Automation Tracker.
2021-06-04
-- Role: Complete suritcata setup role
-- Role: Complete logrotate setup role
-- Role: Complete multi-factor authentication (google-authenticator) setup role (optional).
-- Hardening: Add multi-factor authentication for SSH access.
-- Docs: Update README and Security Automation Tracker.
2021-06-02
-- Task: Complete SeaBios deployment tasks.
-- Task: Complete ModSecurity for NGINX tasks.
-- Task: Initial libvirt tasks.
-- Task: Add hypervisor packages pinning.
-- Task: Automate codename in 'maxmind' when it was hardcoded (doomedraven).
-- Hardening: Complete ModSecurity for NGINX setup automation.
-- Docs: General documentation updates.
2021-05-31
-- Role: Progress in KVM / Qemu / Seabios / anti-vm setup role.
-- Task: Include additional anti-vm not in kvm-qemu.sh.
-- Development: Redefine scenarios: default, cape-vm, cape-cr, cape-pod. See below.
-- Development: Add scenario (cape-pod) for development on RHEL 8 / CentOS Stream with Podman. See Known Issues doc.
-- Development: Add scenario (cape-cr) for multi-container (CAPE + Hypervisor).
-- Development: Brainstorm scenario (cape-ship); per-service multi-container setup (nginx, mongodb, postgresql, etc).
-- Docs: Add Known Issues documentation.
-- Docs: Add documentation for setting up dev environment on RHEL 8 / CentOS Stream with Podman.
-- Docs: Documentation updates.
2021-05-19
-- Role: Complete time syncronization.
-- Role: Consolidate dependencies setup role.
-- Role: Complete tuning role for CAPE (VMs/physical only, won't work on containers).
-- Role: Complete MongoDB setup role.
-- Role: Complete PostgresDB setup role.
-- Role: Complete Yara setup role (via pip or source code).
-- Role: Complete ClamAV setup role (including unofficial signatures).
-- Role: Complete CAPA setup role (via pip or source code).
-- Role: Complete Volatility setup role (including configuring symbols).
-- Role: Complete CAPE role preliminary setup.
-- Role: Complete NGINX setup role (from source code, reverse proxy, demo self-signed SSL). Pending ModSecurity WAF.
-- Role: Preliminary roles to setup MaxMindDB and Fail2ban.
-- Role: Start creating virtualization (KVM) setup role.
-- Hardening: Complete 25 NGINX CIS Benchmarks automation.
-- Hardening: Review of non-breaking Ubuntu CIS Benchmarks for automation.
-- Development: Completed docker-based development environment setup.
-- Development: Started VM-based development environment setup.
-- Integration: Started review for GitHub CI pipeline.
-- Docs: Documentation targeted for CAPE development is almost done.