Highlights
- CIS profile for RHEL 7 is updated
- initial CIS profiles for Ubuntu 20.04
- Major improvement of RHEL 9 content
- new release process implemented using Github actions
New Rules and Profiles
- Add rule sudo_add_passwd_timeout (#6984)
- SLES-12-010420 and SLES-15-010510 rules (#7028)
- SLES-15-010355 rule (#6947)
- New rsyslog rule per RHEL-08-010070 STIG (#7114)
- Add initial Ubuntu 20.04 CIS Profiles (#7181)
Updated Rules and Profiles
- Update ANSSI policy metadata and undraft High Level (#6997)
- Update cis sle15 profile to better represent the release version 1.0.0 (#7056)
- Start splitting of rhel7 CIS (#7108)
- Splitting rhel7 cis profile - section 2 (#7112)
- Splitting rhel7 cis profile - section 3 (#7111)
- splitting CIS rhel7 profile - section 4 (#7134)
- Split RHEL 7 CIS profile - section 5 (#7193)
- split CIS for rhel7 - section 6 (#7219)
Changes in Remediations
- Add bash package installated macro (#7032)
- Ansible playbook to role updates (#7042)
- Add option to enable installation of individual ansible playbooks per rule (#7039)
- Only enable ansible/yaml lint tests when playbooks are built (#7099)
- ensure_pam_module_options now fix empty option value (#7116)
- Fix bash remediation of sudo_defaults_option (#7146)
- Fix regex in dconf ansible remediation (#7150)
Changes in Checks
- Fix disable_users_coredumps's limits.d exists (#7030)
- Fix oval check in uefi_no_removeable_media (#7067)
- Add option_regex_suffix to sudo_defaults_option template (#7082)
Changes in the Infrastructure
- Fix bugs in rule_dir_json.py (#6911)
- Fix utilities after product move (#7113)
- Fix kernel module disable template (#7086)
- SSGTS: Jinja enablement for test cases (#7210)