Highlights
- New Profile DISA STIG for Apache HTTP for RHEL7 (#2474)
- Support for Ansible remediations in SSG Test Suite (#2468)
- Better content support for DISA STIG Viewer (#2418)
Profile
- [Bugfix] Disable pt_chown rule
- [Bugfix] Fix title of DISA STIG profile in RHEL6 DS.
- [Enhancement] Add HTTP STIG and new RHT Product STIGs
- Add GDM login banner checks to C2S profile.
XCCDF
- [Bugfix] Deprecate RhostsRSAAuthentication as it have been deprecated in 7.4
- [Bugfix] Fix two stigid mappings
- [Bugfix] Remove references to pam_ldap.conf
OVAL
- Add OVAL check and fix for RHEL-07-041001 rule.
- [Bugfix] Fix gpgcheck OVAL to validate Scientific Linux gpg keys
- [Bugfix] Check state of openssh-server package when sshd_required is unset
- [Bugfix] Do not check library ownership in libexec
- [Bugfix] RHBZ #1520493: Fix umask_for_daemons
- [Bugfix] Fix StrictModes and KerberosAuthentication checks
- [Bugfix] Fix typo in auditd OVAL files
Remediation
- [Bugfix] Ansible: don't use spaces in custom.conf
- [Bugfix] Added --follow-symlinks to sed commands in display_login_attempts.sh
- [Bugfix] Updated aide_scan_notification remediation to run cron job as root
- [Ansible][Enhancement] Add ansible content for accounts_password_pam_retry and accounts_password_pam_unix_remember
- [Bugfix] Fix accounts_umask_etc_login_defs remediation
- [Bugfix] Fix typos "local/d" -> "local.d"
- [Bugfix] Fixed few remediation errors caused by missing include.
- Fixes ansible remediations
- Fix rhel7 ansible role
Infrastructure
- Support for Ansible remediations in SSG Test Suite
- Move build examples to rhel7
- [Bugfix] Remove OVAL conf file usage and use ArgParse instead of sys.argv
- Added pull request creation and workflow suggestions.
- [Enhancement] Add STIG Rule ID to rules
- [Bugfix][Infrastructure] Update CMake and python scripts to use OVAL versioning
- [Bugfix][Infrastructure] Remove CCI formatting from shared table-srgmap XSLT
- [Enhancement] Add test scenarios for whole permissions_important_account_files group.