Important Highlights
- Add support for Debian 11 (#7715)
- Add NERC CIP profiles for OCP4 and RHCOS (#7757)
- Ground work for implementation of CPE applicability language (#7613)
- Add HIPAA profile to SLE15 platform (#7776)
- Add Delta Tailoring Files to the Build System (#7851)
New Rules and Profiles
- Add rule only_allow_dod_certs (#7658)
- Add new rule "service_ypserv_disabled" (#7679)
- Add rule "Ensure All Groups on the System Have Unique Group Name" (#7676)
- Add SSH LoginGraceTime rule (#7678)
- Add rule accounts_root_gid_zero (#7685)
- Add new rules for CIS Journald Config (#7682)
- Add rule service_slapd_disabled (#7694)
- Add rule group_unique_id (#7683)
- Add "Ensure cron is restricted to authorized users" to RHEL8 and RHEL7 (#7691)
- Add NERC CIP profiles for OCP4 and RHCOS (#7757)
- Add HIPAA profile to SLE15 platform (#7776)
Updated Rules and Profiles
- locking_out_password_attempts/accounts_password_pam_unix_remember/oval/shared.xml: sles15 fix (#7389)
- remove rule disable_prelink from rhel7 cis (#7621)
- Make package_mcafeetp_installed work on Ubuntu (#7656)
- Add rule to stig.profiles (#7664)
- SLE bash remediation accounts_passwords_pam_faildelay_delay (#7661)
- Add rule for RHEL8 CIS 5.2.16 (#7677)
- remove old rule from rhel7 stig (#7710)
- More flexibility for login banners (#7690)
- Align rsyslog_remote_loghost to benchmarks (#7692)
- Rework bash remediation for accounts_password_pam_unix_remember (#7660)
- Return rule package_rsyslog-gnutls_installed to RHEL7 (#7731)
- Add "Ensure cron is restricted to authorized users" to RHEL8 and RHEL7 (#7691)
- Add var_sshd_set_keepalive to Ubuntu 20.04 STIG profile (#7771)
- SLE15 Add rsh and talk server remove rules to HIPAA profile (#7813)
- Change
sshd_set_idle_timeout
to requiresshd_set_keepalive_0
(#7751) - SLE15 add service related rules to HIPAA profile (#7852)
Changes in Remediations
- Add remaining Blueprint templates (#7609)
- Make sure files have newline during bash lineinfile remediation (#7787)
- accounts_no_uid_except_zero: Don't run
passwd
ifawk
returns nothing (#7779) - Make FIPS mode check idempotent (#7318)
Changes in the Infrastructure
- Automated STIG Control File Creation (#7324)
- Added Build, Test on OpenSUSE Leap 15 on pull requests (#7666)
- Handle references with commas in
utils/build_stig_control.py
(#7697) - Add
utils/create_scap_delta_tailoring.py
(#7717) - Multi-file templates: file_permissions/file_groupowner/file_owner (#7405)
- Ground work for implementation of CPE applicability language (#7613)
- Fix
utils/fix_rules.py
exit codes (#7821) - Add Delta Tailoring Files to the Build System (#7851)
- Add CentOS 7 build to CI (#7879)
Changes in the Test Suite
- Test scenarios updates for gpgcheck rules (#7638)
- service_enabled test scenarios templates (#7632)
- Create test scenarios for rule gid_passwd_group_same (#7637)
- ntp/chrony remove server remediations and test scenarios (#7631)
- Add a fail test for accounts_password_all_shadowed (#7642)
- Add test scenarios specific for CIS (#7634)
- Implementing test ssh_set_max_sessions for rhel7 profiles (#7641)
- Created pass/fail scripts for rule sshd_use_approved_macs (#7650)
- Update SSGTS so it can use mount in containers (#7680)
- Added ability to slice SSGTS rule checking runs (#7667)
- Update tests for package_crypto-policies_installed (#7858)
Documentation
- Add Styleguide (#7515)
- improve documentation (#7063)
- Add sphinx missing dependency in the developer guide (#7645)
- Update CONTRIBUTING.md (#7722)
- Add type hints to style guide (#7773)
- Fix directories count in docs/manual/developer/03_creating_content.md (#7805)
- Improve jinja docs (#7785)
- Introduced graphs in the documentation (#7825)
- Add rule schema (#7796)