Skip to content

Changelog

Ryan edited this page Jul 11, 2026 · 4 revisions

Changelog

This page mirrors the project's CHANGELOG.md. For the definitive version history, refer to the main repository file.


Current Version: 3.9 (Remediation Consistency + PCI-DSS Rename + Scoring Fix)

Release Date: June 13, 2026

This release introduces cross-framework remediation consistency: a canonical remediation registry (shared_components/canonical_remediations.py, 37 topics) unifies the guidance for the same underlying fix across all 16 frameworks while preserving each framework's control identifiers and intent, documented in docs/Remediation-Cross-Map.md. It also fixes a latent compliance-scoring bug (module discovery now reads each module's declared MODULE_NAME, so all 16 modules score correctly instead of 9 reporting a vacuous 100% on 0 matched checks), renames the PCI module to PCI-DSS (with PCIDSS/PCI/pci-dss selector aliases), fixes split-report compliance scoring, adds canonical shared physical assessments (shared_assessments.py: world-writable files, SUID/SGID, unowned files, firewall posture), rebuilds the attack-surface report to full interactive feature parity with deeper firewall/executable-PATH/shared-object checks, expands distribution profiles from 8 to 18, and converts all source and documentation to pure ASCII for cross-platform portability. It builds on v3.8 (attack-surface assessment, per-framework split reports), v3.7.1 (remediation consistency + latent OSInfo bug fixes), v3.7 (cross-module correlation, distribution profiles, rollup metrics), v3.6 (helper caching), and v3.5 (deeper expansion). For the complete, definitive history of all releases, see the main repository CHANGELOG.md.

Project total: 2,297 checks across 16 modules; all modules run end-to-end with 0 errors and 0 aborts.


Earlier: Version 3.5 (Honest Closure of v3.4 Gaps)

Release Date: April 26, 2026

This release explicitly addresses the gap audit raised after v3.4. Major work in five areas:

Documentation refresh

  • README.md - v3.4-v3.5 Capabilities section added (remediation library, pretty_name, mock tests, Mermaid diagrams, runtime fixes)
  • SECURITY.md - supported-versions table refreshed
  • CONTRIBUTING.md - Testing Guidelines rewritten with v3.4 mock test documentation; multi-distro testing matrix expanded

Remediation library - per-family parity

Library rebuilt with 49 tools (up from 30):

  • New entries: chkrootkit, gnupg, openssl, sudo, cron, rsyslog, logrotate, audisp-remote, sysstat, snort, zeek, wazuh-agent, grype, duplicity, iptables, bandit, pam-pwquality, pam-faillock, zypper-automatic
  • Per-family verify and post_install dicts populated for all relevant families (was: predominantly Debian-only)
  • Service-name routing: clamav-daemon vs clamd, chrony vs chronyd
  • 12 mock-based parity tests in tests/test_remediation_library.py

OS detection - multi-distro test coverage

tests/test_os_detection.py - 25 mock-based tests covering:

  • Debian family: Ubuntu 22.04, 24.04, 26.04, Debian 12, Mint, Pop!_OS, Kali, Parrot
  • Red Hat family: RHEL 9.4, CentOS Stream 9, Rocky 9.3, AlmaLinux 9.3, Fedora 40, Oracle Linux 9, Amazon Linux 2023
  • SUSE family: openSUSE Leap 15.5, Tumbleweed, SLES 15 SP5
  • Arch family: Arch, Manjaro, EndeavourOS
  • Independent: Alpine 3.19, Gentoo

Plus universal invariants: pretty_name always populated; family never Unknown.

Module expansion - honest gap acknowledgment

tasks/todo.md documents the ~1,286-check gap to internal targets across all 16 modules. v3.5 does NOT close this gap; it explicitly defers to v3.6+ with prioritized phasing.

Runtime error fixes carried forward from v3.4

  • DistBaseline int(mode, 8) corrected
  • NIST AU-9(2) audisp_set bool coercion

Version 3.3 (Phase 2 v3.3 Expansion Complete)

Release Date: April 26, 2026

Added

Phase 2 v3.3 expansion completed across all 16 framework modules. Project advanced from baseline 1,358 checks to ~1,994 checks (+636 across all v3.x).

Original 8 modules expanded:

  • Core (+~22): per-service systemd hardening, advanced kernel features, secure boot, SUSE/Arch specifics, container host, NTS, advanced filesystem
  • CIS (+40): SSH 5.2.13-22, faillock, pwquality depth, auditd 4.1.3.1-20, nftables, filesystem disabled modules, crypto policy
  • CISA (+35): CPG v1.0.1, ZTMM v2.0, BOD 22-01/23-01, Secure by Design
  • ENISA (+25 runtime, 122 confirmed): NIS2 Article 21.2, DORA, Threat Landscape, EU-CSA
  • ISO27001 (+19): Annex A.8.27-A.8.34, ISO 27017 cloud, 27018 PII, 27701 PIMS
  • NIST (+32): 800-207 ZTA Tenets 1-7, 800-161 SCRM, CSF 2.0 Govern, PE/PM, 800-171 advanced
  • NSA (+~28-58): SELinux booleans, FIPS 140-3 depth, kernel hardening, network protocols, NSA CSAs, CSfC
  • STIG (+31): RHEL 9 V-numbers, Ubuntu 22.04 V-numbers, GPOS SRG, Container Platform SRG

8 new modules added (Phase 3): ACSC, CMMC, DistBaseline, EDR, GDPR, HIPAA, PCI, SOC2 - 555 checks total.

Documentation

  • Wiki refreshed: Module_Documentation.md (3,049 lines), Framework_Reference.md (1,586 lines), Examples.md (953 lines)
  • All 16 modules + 16 frameworks fully documented
  • Sidebar, Footer, FAQ, Quick Start updated

Historical: Version 2.0

Release Date: March 2, 2026

Added

  • Performance Architecture (Phase 2):

    • Shared components library (shared_components/audit_common.py, 2,195 lines)
    • Intelligent caching with ~50% hit rate across modules
    • Parallel module execution (--parallel, --workers)
    • Direct /proc filesystem reads; dynamic module discovery from modules/
    • OS-aware functionality (Debian, Red Hat, SUSE, Arch families)
    • Performance profiling via --perf-profile
  • Structured Logging (Phase 3.1):

    • logs/ directory with hostname-stamped filenames
    • --log-level, --log-file, --json-log, --verbose, --quiet
    • Hybrid log_and_print() for simultaneous console/file output
  • Interactive HTML Report Rewrite (Phase 3.2):

    • SVG donut chart, compliance matrix, remediation priority ranking
    • Column resizing, in-column filtering, column visibility toggles
    • Global search (include/exclude), multi-format export (CSV/Excel/JSON/XML/TXT)
    • Row selection, print CSS, Table of Contents, dark/light theme, Garamond typography
  • Compliance Scoring (Phase 3.5):

    • ComplianceScore dataclass: simple, weighted, severity-adjusted methods
    • Configurable threshold (default 70%), per-module and overall scores
  • Dashboard Filtering (Enhancement 1):

    • Clickable donut segments, summary cards, severity cards filter all tables
  • IP Address Identification (Enhancement 2):

    • get_system_ip_addresses() with 4 detection methods
    • Displayed in HTML, console, JSON, XML

Changed

  • Project structure: flat -> modules/ + shared_components/ + logs/ + reports/
  • Python 3.6 -> 3.7 (dataclasses); check count validated at 1,207
  • HTML report: complete rewrite (18+ features); companion JSON auto-generated

See the full CHANGELOG.md for version 1.1 and 1.0 history.

Linux Security Audit

Version 3.9 - 16 modules - 2,297 checks


Getting Started


Reference


Architecture


Operations


Release Information


Quick Reference

Original modules (v2.0 baseline + v3.3 expansion)

Core - CIS - CISA - ENISA - ISO 27001 - NIST - NSA - STIG

New modules (v3.0+ Phase 3)

ACSC - CMMC - DistBaseline - EDR - GDPR - HIPAA - PCI-DSS - SOC2

Output Formats

HTML - JSON - CSV - XML - Console

Status Values

Pass - Fail - Warning - Info - Error

Severity Levels

Critical - High - Medium - Low - Informational


External Links

Clone this wiki locally