Skip to content

Content 0.1.71

Compare
Choose a tag to compare
@github-actions github-actions released this 08 Dec 14:17
· 4202 commits to master since this release
459f0ab

Important Highlights

  • Add RHEL 9 STIG (#11193)
  • Add support for Debian 12 (#11228)
  • Update PCI-DSS profile for RHEL (#11267)

New Rules and Profiles

  • New Rule: networkmanager_dns_mode (#11160)

Updated Rules and Profiles

  • Add remediation and OVAL for UBTU-20-010297 (#11098)
  • Add SRG id to file_owner_grub2_cfg for RHEL 9 STIG (#11261)
  • Add var_networkmanager_dns_mode to RHEL 9 STIG (#11242)
  • Added missing variables to ubuntu profiles (#11227)
  • Bump OL7 & OL8 STIG versions to V2R13 & V1R8 respectively (#11280)
  • Corrections in bash/ansible remedition of the rule audit_rules_privil… (#11196)
  • Daily prod fix: add enable_authselect rule to pci-dss control file (#11295)
  • daily prod fix: add rhel8 and rhel9 prodtypes to some rules (#11296)
  • Daily prod fix: return rhel7 prodtypes to some rules (#11303)
  • Enable ansible remediation for MACs SSH UBTU-20-010043 (#11088)
  • Fix audit_rules_privileged_commands_kmod (#11277)
  • Fix multiple STIG IDs for RHEL8 (#11250)
  • Fix path for aide to /etc/aide/aide.conf for UBTU-20-010205 (#11066)
  • fix ssh-keysign path for UBTU-20-010141 (#11082)
  • Fix ssh-keysign path for Ubuntu 22.04 (#11297)
  • Fixes for kernel_config_security rules (#11259)
  • Include rhel9 in prodtype for directory_access_var_log_audit (#11270)
  • Make selinux context elevation for sudo more flexible (#11224)
  • Minor fix for pam_faillock regex on Ubuntu (5.4.2) (#11205)
  • Modified 'ensure_rsyslog_log_file_conf' OVAL to allow user/groupnames (#11226)
  • remove sle15 from package_samba_common_installed (#11231)
  • Review and Update pcidss_4 control file (#11214)
  • Update PCI-DSS profile for RHEL (#11267)
  • Update RHEL 7 STIG V3R13 (#11223)
  • Update RHEL 8 STIG to V1R12 (#11219)

Changes in Remediations

  • Add ansible remediation for root group owner of audit for UBTU-20-010124 (#11092)
  • Fix and modify UBTU-20-010463 (no_empty_passwords) (#11282)
  • Fix for rsyslog_logfiles_attributes_modify remediation for Ubuntu (#11225)
  • Fix path for aide to /etc/aide/aide.conf for UBTU-20-010205 (#11066)
  • Fix sudo_require_reauthentication remediations edge case (#11279)
  • Improve stability of timesyncd based remediation (#11247)
  • Include remediation for fapolicy_default_deny rule (#11211)
  • Refactor ensure_pam_wheel_group_empty rule (#11192)
  • remove duplicated multi_platform_sle in bash.template (#11244)
  • Remove groupmems command from ensure_pam_wheel_group_empty rule (#11210)
  • SLE15 prefer systemd unit handling of AIDE checks and notifications (#11178)
  • Small changes in bash and ansible fixes of the rule aide_build_database (#11158)
  • Update ansible in sshd_use_approved_kex_ordered_stig (#11148)
  • Update sshd lineinfile (#11151)

Changes in Checks

  • Fix kernel_module_disabled template for Ubuntu (#11294)
  • Include dracut filter to audit_rules_privileged_commands (#11246)
  • Integration of the OVAL object model into the combine_ovals.py script (#11236)
  • Modification of the OVAL linker to use the OVAL object model (#11290)
  • Prepare OVAL object model for integration (#11206)
  • Refactor ensure_pam_wheel_group_empty rule (#11192)
  • Reference validation in OVAL document object (#11235)
  • SLE15 prefer systemd unit handling of AIDE checks and notifications (#11178)

Changes in the Infrastructure

  • Access to enable the logging of the combine_oval.py script (#11260)
  • Add .github to EOF checker (#11287)
  • Add a better Error Message For Undefined Identifier Types (#11213)
  • Add alternatives to mandatory keys (#11268)
  • Add Better a Error Message For Undefined Reference Types (#11159)
  • Avoid duplicate loading of component files (#11195)
  • controleval.py: Return empty list when parameter is not found (#11300)
  • Fix CI job after Fedora 39 release (#11256)
  • Integration of the OVAL object model into the combine_ovals.py script (#11236)
  • Make prodtype Required in JSON Schema (#11281)
  • Modification of the OVAL linker to use the OVAL object model (#11290)
  • Move jqfilter parameter to common parser (#11232)
  • Reference validation in OVAL document object (#11235)
  • remove some unnecessary imports (#11175)
  • remove unused code (#11187)
  • Update Ansible Lint Config (#11283)
  • Use up to date build_ds_container script in add_platform_rule.py (#11042)

Changes in the Test Suite

  • Add package requirement for auditctl tests (#11181)
  • Add ubuntu 20.04 to audit_rules_kernel_module_loading_delete tests (#11274)
  • Add Ubuntu to audit_rules_kernel_module_loading tests (#11298)
  • Enable PCI-DSS in test-farm tests (#11257)
  • Fix rpm python package SLE15 Automatus docker file (#11212)
  • Fix SLE15 tests (#11172)
  • Include dracut filter to audit_rules_privileged_commands (#11246)
  • Include remediation for fapolicy_default_deny rule (#11211)
  • New Rules Must Have a prodtype (#11252)
  • Remove broken test for Ubuntu in template kernel_module_disabled (#11288)
  • Require SRG Reference for Rules with STIG Reference (#11265)

Documentation

  • Add stabilization phase description to developers guide (#11234)
  • Bump version for 0.1.71 (#11168)
  • Documentation for tool tox (#11165)
  • Fix docs for utils.add_kubernetes_rule (#11238)
  • update list of contributors before 0.1.71 release (#11307)
  • Update Style Guide to Ensure that PR Titles are Useful (#11284)