Content 0.1.59

Important Highlights

• Add support for Debian 11 (#7715)
• Add NERC CIP profiles for OCP4 and RHCOS (#7757)
• Ground work for implementation of CPE applicability language (#7613)
• Add HIPAA profile to SLE15 platform (#7776)
• Add Delta Tailoring Files to the Build System (#7851)

New Rules and Profiles

• Add rule only_allow_dod_certs (#7658)
• Add new rule "service_ypserv_disabled" (#7679)
• Add rule "Ensure All Groups on the System Have Unique Group Name" (#7676)
• Add SSH LoginGraceTime rule (#7678)
• Add rule accounts_root_gid_zero (#7685)
• Add new rules for CIS Journald Config (#7682)
• Add rule service_slapd_disabled (#7694)
• Add rule group_unique_id (#7683)
• Add "Ensure cron is restricted to authorized users" to RHEL8 and RHEL7 (#7691)
• Add NERC CIP profiles for OCP4 and RHCOS (#7757)
• Add HIPAA profile to SLE15 platform (#7776)

Updated Rules and Profiles

• locking_out_password_attempts/accounts_password_pam_unix_remember/oval/shared.xml: sles15 fix (#7389)
• remove rule disable_prelink from rhel7 cis (#7621)
• Make package_mcafeetp_installed work on Ubuntu (#7656)
• Add rule to stig.profiles (#7664)
• SLE bash remediation accounts_passwords_pam_faildelay_delay (#7661)
• Add rule for RHEL8 CIS 5.2.16 (#7677)
• remove old rule from rhel7 stig (#7710)
• More flexibility for login banners (#7690)
• Align rsyslog_remote_loghost to benchmarks (#7692)
• Rework bash remediation for accounts_password_pam_unix_remember (#7660)
• Return rule package_rsyslog-gnutls_installed to RHEL7 (#7731)
• Add "Ensure cron is restricted to authorized users" to RHEL8 and RHEL7 (#7691)
• Add var_sshd_set_keepalive to Ubuntu 20.04 STIG profile (#7771)
• SLE15 Add rsh and talk server remove rules to HIPAA profile (#7813)
• Change sshd_set_idle_timeout to require sshd_set_keepalive_0 (#7751)
• SLE15 add service related rules to HIPAA profile (#7852)

Changes in Remediations

• Add remaining Blueprint templates (#7609)
• Make sure files have newline during bash lineinfile remediation (#7787)
• accounts_no_uid_except_zero: Don't run passwd if awk returns nothing (#7779)
• Make FIPS mode check idempotent (#7318)

Changes in the Infrastructure

• Automated STIG Control File Creation (#7324)
• Added Build, Test on OpenSUSE Leap 15 on pull requests (#7666)
• Handle references with commas in utils/build_stig_control.py (#7697)
• Add utils/create_scap_delta_tailoring.py (#7717)
• Multi-file templates: file_permissions/file_groupowner/file_owner (#7405)
• Ground work for implementation of CPE applicability language (#7613)
• Fix utils/fix_rules.py exit codes (#7821)
• Add Delta Tailoring Files to the Build System (#7851)
• Add CentOS 7 build to CI (#7879)

Changes in the Test Suite

• Test scenarios updates for gpgcheck rules (#7638)
• service_enabled test scenarios templates (#7632)
• Create test scenarios for rule gid_passwd_group_same (#7637)
• ntp/chrony remove server remediations and test scenarios (#7631)
• Add a fail test for accounts_password_all_shadowed (#7642)
• Add test scenarios specific for CIS (#7634)
• Implementing test ssh_set_max_sessions for rhel7 profiles (#7641)
• Created pass/fail scripts for rule sshd_use_approved_macs (#7650)
• Update SSGTS so it can use mount in containers (#7680)
• Added ability to slice SSGTS rule checking runs (#7667)
• Update tests for package_crypto-policies_installed (#7858)

Documentation

• Add Styleguide (#7515)
• improve documentation (#7063)
• Add sphinx missing dependency in the developer guide (#7645)
• Update CONTRIBUTING.md (#7722)
• Add type hints to style guide (#7773)
• Fix directories count in docs/manual/developer/03_creating_content.md (#7805)
• Improve jinja docs (#7785)
• Introduced graphs in the documentation (#7825)
• Add rule schema (#7796)