Important Highlights
- Add RHEL 9 STIG (#11193)
- Add support for Debian 12 (#11228)
- Update PCI-DSS profile for RHEL (#11267)
New Rules and Profiles
- New Rule: networkmanager_dns_mode (#11160)
Updated Rules and Profiles
- Add remediation and OVAL for UBTU-20-010297 (#11098)
- Add SRG id to
file_owner_grub2_cfg
for RHEL 9 STIG (#11261) - Add var_networkmanager_dns_mode to RHEL 9 STIG (#11242)
- Added missing variables to ubuntu profiles (#11227)
- Bump OL7 & OL8 STIG versions to V2R13 & V1R8 respectively (#11280)
- Corrections in bash/ansible remedition of the rule audit_rules_privil… (#11196)
- Daily prod fix: add enable_authselect rule to pci-dss control file (#11295)
- daily prod fix: add rhel8 and rhel9 prodtypes to some rules (#11296)
- Daily prod fix: return rhel7 prodtypes to some rules (#11303)
- Enable ansible remediation for MACs SSH UBTU-20-010043 (#11088)
- Fix
audit_rules_privileged_commands_kmod
(#11277) - Fix multiple STIG IDs for RHEL8 (#11250)
- Fix path for aide to /etc/aide/aide.conf for UBTU-20-010205 (#11066)
- fix ssh-keysign path for UBTU-20-010141 (#11082)
- Fix ssh-keysign path for Ubuntu 22.04 (#11297)
- Fixes for kernel_config_security rules (#11259)
- Include rhel9 in prodtype for directory_access_var_log_audit (#11270)
- Make selinux context elevation for sudo more flexible (#11224)
- Minor fix for pam_faillock regex on Ubuntu (5.4.2) (#11205)
- Modified 'ensure_rsyslog_log_file_conf' OVAL to allow user/groupnames (#11226)
- remove sle15 from package_samba_common_installed (#11231)
- Review and Update pcidss_4 control file (#11214)
- Update PCI-DSS profile for RHEL (#11267)
- Update RHEL 7 STIG V3R13 (#11223)
- Update RHEL 8 STIG to V1R12 (#11219)
Changes in Remediations
- Add ansible remediation for root group owner of audit for UBTU-20-010124 (#11092)
- Fix and modify UBTU-20-010463 (no_empty_passwords) (#11282)
- Fix for rsyslog_logfiles_attributes_modify remediation for Ubuntu (#11225)
- Fix path for aide to /etc/aide/aide.conf for UBTU-20-010205 (#11066)
- Fix sudo_require_reauthentication remediations edge case (#11279)
- Improve stability of timesyncd based remediation (#11247)
- Include remediation for fapolicy_default_deny rule (#11211)
- Refactor ensure_pam_wheel_group_empty rule (#11192)
- remove duplicated multi_platform_sle in bash.template (#11244)
- Remove groupmems command from ensure_pam_wheel_group_empty rule (#11210)
- SLE15 prefer systemd unit handling of AIDE checks and notifications (#11178)
- Small changes in bash and ansible fixes of the rule aide_build_database (#11158)
- Update ansible in sshd_use_approved_kex_ordered_stig (#11148)
- Update sshd lineinfile (#11151)
Changes in Checks
- Fix kernel_module_disabled template for Ubuntu (#11294)
- Include dracut filter to audit_rules_privileged_commands (#11246)
- Integration of the OVAL object model into the
combine_ovals.py
script (#11236) - Modification of the OVAL linker to use the OVAL object model (#11290)
- Prepare OVAL object model for integration (#11206)
- Refactor ensure_pam_wheel_group_empty rule (#11192)
- Reference validation in OVAL document object (#11235)
- SLE15 prefer systemd unit handling of AIDE checks and notifications (#11178)
Changes in the Infrastructure
- Access to enable the logging of the
combine_oval.py
script (#11260) - Add .github to EOF checker (#11287)
- Add a better Error Message For Undefined Identifier Types (#11213)
- Add alternatives to mandatory keys (#11268)
- Add Better a Error Message For Undefined Reference Types (#11159)
- Avoid duplicate loading of component files (#11195)
- controleval.py: Return empty list when parameter is not found (#11300)
- Fix CI job after Fedora 39 release (#11256)
- Integration of the OVAL object model into the
combine_ovals.py
script (#11236) - Make
prodtype
Required in JSON Schema (#11281) - Modification of the OVAL linker to use the OVAL object model (#11290)
- Move jqfilter parameter to common parser (#11232)
- Reference validation in OVAL document object (#11235)
- remove some unnecessary imports (#11175)
- remove unused code (#11187)
- Update Ansible Lint Config (#11283)
- Use up to date
build_ds_container
script inadd_platform_rule.py
(#11042)
Changes in the Test Suite
- Add package requirement for auditctl tests (#11181)
- Add ubuntu 20.04 to audit_rules_kernel_module_loading_delete tests (#11274)
- Add Ubuntu to audit_rules_kernel_module_loading tests (#11298)
- Enable PCI-DSS in test-farm tests (#11257)
- Fix rpm python package SLE15 Automatus docker file (#11212)
- Fix SLE15 tests (#11172)
- Include dracut filter to audit_rules_privileged_commands (#11246)
- Include remediation for fapolicy_default_deny rule (#11211)
- New Rules Must Have a
prodtype
(#11252) - Remove broken test for Ubuntu in template kernel_module_disabled (#11288)
- Require SRG Reference for Rules with STIG Reference (#11265)
Documentation
- Add stabilization phase description to developers guide (#11234)
- Bump version for 0.1.71 (#11168)
- Documentation for tool
tox
(#11165) - Fix docs for utils.add_kubernetes_rule (#11238)
- update list of contributors before 0.1.71 release (#11307)
- Update Style Guide to Ensure that PR Titles are Useful (#11284)