Skip to content

Content 0.1.55
Compare
Choose a tag to compare
@vojtapolasek vojtapolasek released this 19 Mar 12:40
v0.1.55
9e83e2c

Highlights:

  • big update of rules used in SLES-12 STIG profile
  • Render policy to HTML (#6532)
  • Add variable support to yamlfile_value template (#6563)
  • Introduce new template for dconf configuration files (#6118)

Profiles changed in this release:

  • ocp4: cis-node, cis, e8, moderate
  • rhel7: cis, ospp, hipaa, anssi_nt28_enhanced, rht-ccp, C2S, anssi_nt28_high, anssi_nt28_intermediary, anssi_nt28_minimal, pci-dss, rhelh-stig, cjis, rhelh-vpp, stig
  • rhel8: cis, ospp, hipaa, anssi_bp28_enhanced, anssi_bp28_minimal, e8, pci-dss, anssi_bp28_high, rht-ccp, cjis, stig, anssi_bp28_intermediary
  • sle15: cis, standard
  • debian10: anssi_np_nt28_average, standard
  • debian9: anssi_np_nt28_average, standard
  • fedora: pci-dss, standard
  • ol7: pci-dss, stig, standard
  • ol8: ospp, hipaa, standard, pci-dss, cjis
  • rhcos4: e8, ospp, moderate
  • rhv4: rhvh-stig, rhvh-vpp
  • sle12: stig
  • ubuntu1604: anssi_np_nt28_average, standard
  • ubuntu1804: cis, anssi_np_nt28_average, standard
  • ubuntu2004: standard
  • wrlinux1019: draft_stig_wrlinux_disa

Profiles:

  • remove ensure_logrotate_configured from CIS profiles (#6693)
  • configure_crypto_policy update for CIS profile (#6673)
  • remove kernel_module_vfat_disabled from CIS profiles (#6613)
  • E8 ocp revisions (#6587)
  • Update ANSSI profile descriptions (#6592)
  • Bump RHEL7 STIG version to v3r2 (#6576)
  • OL7 DISA STIG v2r1 update (#6538)
  • Select RHEL8 STIG V1R1 existing content (#6579)
  • OL7 DISA STIG v2r2 update (#6607)
  • Update OL standard profiles (#6604)
  • Update OL pci-dss profiles (#6605)
  • Remove auditd_data_retention_space_left from RHEL8 STIG profile (#6615)
  • remove accounts_passwords_pam_faillock_enforce_local from rhel8 stig (#6528)

Rules:

  • Update selinux_confinement_of_daemons rule (#6695)
  • Adds classification-banner rule (#6652)
  • CIS 5.1 changes (#6678)
  • ocp4: Fix audit log forwarding rule (#6680)
  • CIS 5.1 and 5.2: More ocil updates (#6689)
  • Change instances of cis to cis@ocp4 for openshift (#6654)
  • Revert hardcoding of ClientAliveCountMax to 0 (#6434)
  • SLES-12 add checks and remediations (#6635)
  • Update ANSSI references (#6662)
  • Add missing CIS references (#6660)
  • move ssh_client_rekey_limit to correct group (#6612)
  • Fix STIG id reference for sshd_x11_use_localhost (#6628)
  • fix wrong description of sshd_limit_user_access (#6623)
  • mark some CIS rules as machine-only (#6611)
  • CIS Benchmark 4.2.13 (kubelet_configure_tls_cipher_suites) (#6435)
  • ocp4: Add link to documentation for etcd encryption (#6590)
  • Drop remediation for sysctl_kernel_modules_disabled (#6586)
  • OCP4/CIS 3.1.1: Write rule to ensure IdP has been configured (#6547)
  • CIS: Update api_server_request_timeout description and check (#6572)
  • add rhel7 stig specific rule for sshd approved macs (#6546)
  • Reassign a new unique CCE identifier to approved macs STIG rule (#6564)
  • add rhel7 stig specific rule for ssh ciphers (#6541)
  • sshd_set_keepalive PCI DSS requirement reference (#6531)
  • add rule sysctl_kernel_modules_disabled (#6533)
  • RHEL-07-040710 now configures X11Forwarding to disable (#6537)
  • add rule sshd_x11_use_localhost (#6534)
  • Added a rule for having commands with arguments in sudoers - ANSSI R63 (#6525)
  • fix remediations of ensure_logrotate_activated (#6710)
  • ocp4/e2e: fix classification_banner remediation (#6679)
  • ocp4: Add e2e for no_direct_root_logins (#6621)
  • rhcos4: Add remediations and rules to enable usbguard (#6452)
  • Require separate filesystem for /var/tmp (#6523)
  • Add /boot options to ANSSI kickstarts and remediation for mount_option_nodev_nonroot_local_partitions (#6606)

Tests:

  • fix test for smartcard_auth (#6694)
  • Fix test scenario of rpm_verify_permissions rule (#6671)
  • Supress Ansible lint error 503 (#6542)
  • Add test to check for duplicated STIG ids (#6135)
Assets 5
Loading