Important Highlights
- OL8 draft stig profile v1r1 (#7932)
- Add Amazon EKS platform and initial profiles for the CIS benchmark (#7579)
- Add CentOS Stream 9 derivative product from RHEL9 (#7878)
New Rules and Profiles
- Rename/remove rule for package abrt-addon-python (#7899)
- OL8 draft stig profile v1r1 (#7932)
- Add stig_gui profile for ol7 (#7939)
Updated Rules and Profiles
- update description of grub2_uefi_password (#7859)
- remove ABRT related rules from RHEL9 (#7906)
- grub2_kernel_trust_cpu_rng was checking for wrong option (#7918)
- add hint about audit backlog configuration (#7909)
- Update
chronyd_or_ntpd_set_maxpoll
to add maxpoll option to chrony pool directives (#7910) - Clarify behaviour of SSHD rules (#7919)
- OL8 stig prodtype and platform (#7933)
- fix enable_fips_mode remediations (#7936)
- Removed OSPP MLS from RHEL9 (#8037)
- mark rhel9 ospp and cui as draft (#8042)
- fix problems with trailing blank lines in audit rules (#8047)
- fix wrong Jinja macro for audit_rules_execution_restorecon (#8073)
- Make rule network_nmcli_permissions applicable only when polkit is installed (#8110)
- remove configure_gnutls_tls_crypto_policy from rhel9 (#8116)
Changes in Remediations
- Use authselect to edit pam files if it is present (#8026)
- Use authselect and custom profile for pam_pwhistory (#8030)
- Fix Ansible and tests for ensure_gpgcheck_globally_activated (#8101)
- Use correct config file in ensure_gpgcheck_local_packages (#8105)
- sshd_lineinfile ansible macro dir support and directory check fix (#8109)
Changes in Checks
- grub2_kernel_trust_cpu_rng was checking for wrong option (#7918)
Changes in the Infrastructure
- Add the ability to load controls from folder (#7876)
- Add
utils/compare_results.py
(#7894) - Introduce handling of versioned Boolean algebra expressions (#7873)
- Add a split option to
utils/build_stig_control.py
(#7904) - Upgrade to F34 in Gating (#7826)
- Control to csv (#7775)
- Fix issues with dividing a str by str in
utils/render-policy.py
(#7960) - Improve
create_srg_export.py
(#7959) - Add rationale to controls (#7975)
- Clarify controleval.py help text (#8034)
- Add better error messages to utils/controleval.py and add does not meet to stats output (#8038)
- Improvements to controls and STIG export (#8039)
- Generate release artifacts' checksums (#8087)
Changes in the Test Suite
- grub2_kernel_trust_cpu_rng was checking for wrong option (#7918)
- fix problems with trailing blank lines in audit rules (#8047)
- override two more tests for grub2_kernel_trust_cpu_rng (#8067)
- Fix Ansible and tests for ensure_gpgcheck_globally_activated (#8101)