github ComplianceAsCode/content v0.1.36
SCAP Security Guide 0.1.36 Release Notes
on GitHub

latest releases: v0.1.72, v0.1.71, v0.1.70...
6 years ago

Highlights

  • Introduction of SCAP Security Guide Test Suite
  • Better alignment of RHEL6 and RHEL7 with DISA STIG
  • Remove JBoss EAP5 content due to being End-of-Life
  • New STIG Profile for JBOSS EAP 6
  • Updates in C2S Profile for RHEL 7
  • Variables can be directly tailored in Ansible roles
  • Content presents less false positives in containers
  • Major changes in directory layout
    • oval_5.11 directory removed
    • oval definitions moved to checks/oval
    • static checks are not in templates/static anymore

Profile

  • [Bugfix][Enhancement] Add remaining STIG XCCDF content for RHEL6 and RHEL7
  • [Bugfix] Remove rules no longer in rhel6 STIG profile
  • [Bugfix] Remove RHEL6 tests directory
  • [Enhancement] Add initial OCP3 structure, C2S Profiles, and CPE content
  • [Bugfix][Enhancement] SSG RHEL6 STIG alignment
  • [Bugfix] Add more rules to the C2S profile
  • [Bugfix] Fix XML in rhel7/profiles/C2S.xml
  • [Bugfix] C2S profile updates
  • [Bugfix] Align RHEL6 STIG profiles
  • [Bugfix] Update RHEL6 STIG References to the latest release
  • CJIS profile updates
  • [Enhancement] Add JBoss EAP 6 Rough Draft
  • [Enhancement] Updating C2S profile and CIS reference numbers with existing checks.

XCCDF

  • [Bugfix] Fixing CIS reference number for noexec on /tmp partition
  • [Bugfix] Remove old/automated references
  • [Bugfix] Mcafee related rules as machine only
  • [Bugfix] Add rpm_verify_ownership to rhel7 XCCDF
  • [Bugfix] Add XCCDF Value sshd_required to other products
  • [Bugfix] Add EFI specific permissions content
  • [Bugfix] Fix lock-delay variable description
  • [Enhancement] Adding /home nodev check for CIS rule 1.1.14
  • [Bugfix][Enhancement] Add JBoss Configuration Profile Variable
  • [Bugfix] Remove STIG idents
  • [Enhancement] Remove APPSRG in JBoss XCCDF
  • [Enhancement] Services are machine only
  • [Bugfix][Enhancement] Update RHEL6 references
  • [Bugfix] Assign CCEs to EAP6 content
  • [Bugfix] Add JBoss EAP 6 Titles
  • [Bugfix] Add missing RHEL6 STIGIDs
  • [Bugfix] Fix typo in SSH checklist
  • [Bugfix] Fix ntp/chrony maxpoll value description

OVAL

  • [Bugfix] OVAL service templates should check if service is running/not running
  • [Bugfix] Add disable_ctrlaltdel_burstaction OVAL
  • [Bugfix] Fix OVAL for chronyd_or_ntpd_set_maxpoll and add remediation
  • [Bugfix] Check both .socket and .service unit files in service templates
  • [Bugfix] OpenSSH 7.4 allows only Protocol 2
  • Check if sshd is expected by Profiles
  • [Bugfix] Allow time_clock_settime key to be set to any string
  • [Enhancement] Implemented a check for JBoss EAP6 file permissions
  • [Enhancement] Implemented logging directory permission checks for JBoss EAP6
  • [Enhancement] Added check to verify vault is present in config file
  • [Bugfix][Enhancement] Check for standalone-openshift.xml
  • [Bugfix][Enhancement] Eap64 jmx check
  • [Enhancement] Implemented more EAP 6 checks
  • [Enhancement] Implemented check to ensure that the JBoss EAP6 ROOT logger is at a valid Level
  • [Enhancement] implemented checks for JBoss EAP6 for silent authentication
  • [Bugfix] Update JBoss install OVAL check
  • [Enhancement] Implemented security manager check fixed other checks
  • [Bugfix] Implementation of configuration check for JBoss EAP6 Audit Log Configuration
  • [Enhancement] Add JBoss Vendor Supported OVAL File
  • [Bugfix] Update JBoss EAP CPEs and installed JBoss version OVAL check
  • [Infrastructure] [WIP] Remove .service from service OVAL template files

Remediation

  • [Bugfix] Enable chronyd_or_ntpd_set_maxpoll remediation to fix incorrect values of maxpoll
  • [Bugfix] gpgcheck_globally and gpgcheck_local fail on CentOS
  • [Bugfix] Ansible variable rework
  • [Bugfix] Add remote_src option to aide build db remediation - ansible
  • [Bugfix] Removed extra quotes in ansible audit_rules templates
  • [Bugfix] Login banners regex
  • [Ansible] Aide cron check
  • [Bugfix] Drop firewalld default zone and sshd port fixes
  • [Ansible] PR 2283 from Shawn
  • [Bugfix] Firewalld open sshd port
  • Add task to disable prelinking
  • PR 2245 from Shawn
  • [Ansible][Enhancement] ansible: ensure_gpgcheck_local_packages

Infrastructure

  • [Enhancement][Infrastructure] Remove oval_5.11 dir checks usage
  • [Enhancement] Add OVAL version to oval files
  • [Bugfix][Infrastructure] Add OpenSCAP XSL CMake Variable
  • [Bugfix] Remediations fixes refactoring
  • [Enhancement][Infrastructure] Include roles zipfile
  • [Bugfix][Infrastructure] Update create-stig-overlay.py
  • [Bugfix][Infrastructure] Update docs for new directory structure
  • [Bugfix][Infrastructure] Remove local utils directory
  • [Enhancement][Infrastructure] Move deprecated content list to User Guide
  • [Bugfix] Fix Application SRG web url to be more fine-grained
  • [Enhancement][Infrastructure] Flatten out product name directories
  • [Enhancement][Infrastructure] Move oval directory under the checks directory
  • [Bugfix][Infrastructure] Rename remediations directory to fixes
  • [Infrastructure] Rename and move platform/ directory
  • [Bugfix][Infrastructure] Rename auxiliary directory to overlays
  • [Enhancement][Infrastructure] Add Pull Request Template
  • [Bugfix][Infrastructure] Remove usage of templates/static/ directory
  • [Enhancement] Create issue template for future issues
  • [Enhancement] Increments developer-guide.adoc with information on how to contribute to SSG
  • [Bugfix] RHEL6 build fixes
  • [Bugfix][Infrastructure] Clean up OVAL versioning in combine-ovals.py
  • [Bugfix] Update JBoss STIG Overlay
  • [Enhancement][Infrastructure] Add creation of ${ZIPNAME}-nist.zip to new nist-zipfile target
  • [Bugfix] Improved document formatting
  • [Bugfix] Add realpath to testoval.py
  • [Bugfix] Updated regex to ignore some other filetypes
  • [Bugfix][Infrastructure] Update references transforms
  • [Bugfix][Infrastructure] Replace OSSRG with SRG
  • [Enhancement] Add JBoss stig_overlay.xml
  • [Enhancement] Update JBoss EAP CMakeLists.txt
  • [Enhancement][Infrastructure] Handle different SRG reference types in CMake
  • [Enhancement] HTML guide switcher fix for narrow screens
  • [Enhancement] Add JBoss STIG reference
  • [Bugfix][Infrastructure] Fix expansion of multiple bash populate instances
  • [Bugfix] template_BASH_sebool_var: Fix template missing remediation functions
  • start with a template for centos ci
  • PR 2286 from Shawn
  • [Enhancement] Rule title and other subs
  • SSG Test Suite

Full list of issues and pull requests closed in this release

Check out latest releases or
releases around ComplianceAsCode/content v0.1.36

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications