github ComplianceAsCode/content v0.1.78
Content 0.1.78
on GitHub

10 hours ago

Important Highlights

  • Enable SCE content for problematic rules that can traverse the whole filesystem (#13758)
  • Remove unnecessary Jinja2 macros in control files (#13592)
  • Update RHEL 8 STIG to V2R4 (#13774)
  • Update RHEL 9 STIG to V2R5 (#13795)
  • Add CIS benchmark support for debian (#13712)
  • Add Debian 13 profile for ANSSI BP 28 (enhanced) (#13571)
  • Create SLE Micro 5 General profile (#13490)
  • Update the way in which the stable branch is maintained (#13769)

New Rules and Profiles

  • add anssi BP28 high profile to debian13 product (#13603)
  • Debian13 ANSSI BP28 (minimal) (#13540)
  • Debian13: add BP28 intermediary profile (#13556)
  • Implement rpm_verify_crypto_policies (#13469)
  • Update RHEL 8 STIG to V2R4 (#13774)
    • Create slmicro6 product (#13570)

Updated Rules and Profiles

  • RHEL 9 STIG: align login timeout with the STIG policy (#13826)
  • [Ubuntu 24.04]: Add vlock_installed pkg override (#13582)
  • [Ubuntu] Define firewall varriable for Ubuntu 2404 STIG (#13689)
  • Add CCE for rsyncd disabled rule to slmicro5 (#13523)
  • Add distributed config support (#13653)
  • Adjust description of file_permissions_sudo (#13685)
  • Fix GRUB 2 UEFI selections in RHEL 9 ANSSI profiles (#13598)
  • Fix(accounts_tmout): OVAL check incorrectly passes for TMOUT=0 (#13564)
  • Move RHEL 8 STIG to Control file (#13481)
  • Move RHEL 9 ISM O Profile to Control File (#13511)
  • Remove rule from OL09-00-001085 (#13673)
  • RHEL 9 CIS: add ensure_gpgcheck_never_disabled (#13706)
  • RHEL 9 CIS: complete 6.3.3.5 (#13707)
  • Set var_screensaver_lock_delay for OL9 (#13672)
  • Slmicro5 disable ipv6 rules (#13524)
  • Fix bsi conflicts (#13847)
  • stop using fixfiles relabel in remediations (#13738)
  • Support drop-in files in coredump rules (#13665)
  • Update OL10 profiles (#13569)
  • Update var_password_pam_unix_rounds for OL9 stig control (#13516)
  • Use default order in configure_gnutls_tls_crypto_policy (#13692)

Removed Products

  • Remove leftover from ubuntu2004 (#13604)
  • Remove Ubuntu 16.04, 18.04 and 20.04 products (#13483)

Changes in Remediations

  • RHEL 9 Ansible replace systemd_service module with systemd (#13829)
  • Add OL9 to platform in ssh ciphers rule's bash (#13506)
  • Enable audit configure rules for slmicro5 (#13525)
  • Ensure tmout.sh and ssh_confirm.sh have correct permissions on creation (#13711)
  • Exclude remote mounted filesystems from local partition nodev tasks (#13530)
  • Fix architecture dependent path (#13714)
  • Implement mount_option_tmp_noexec for slmicro5 platform (#13509)
  • Implement oval and remediation files to tftp_uses_secure_mode_systemd (#13694)
  • Prevent fails in check mode (#13703)
  • Prevent problems with single quotes (#13742)
  • Reduce gathering facts in profile Ansible Playbooks (#13739)
  • Remove file_owner_var_log_messages bash remediation (#13488)
  • SLE fixes for gid-related rules (#13779)
  • SLE improve require_singleuser_auth oval check and remediations (#13746)
  • stop using fixfiles relabel in remediations (#13738)
  • Support banner with single quote (#13713)
  • Update ansible for auditd_data_retention_action_mail_acct (#13650)
  • Update ansible in require_singleuser_auth for OL (#13651)
  • Update disable_users_coredumps rule to support drop-in and string values (#13749)
  • Update jinja in require_emergency_target_auth for OL (#13652)
  • Use fully qualified collection name in Ansible tasks (#13794)
  • Workaround OpenSCAP issue for Image Mode (#13645)

Changes in Checks

  • [Ubuntu] Fix rule encrypt_partitions (#13596)
  • Add OL9 in oval to directory_permissions_var_log_audit rule (#13745)
  • Add oval check for prevent_direct_root_logins (#13615)
  • Add OVAL for encrypt_partitions rule (#13539)
  • Allow spaces around equal sign (#13691)
  • Create slmicro6 product (#13570)
  • Disable value of zero in dconf_gnome_screensaver_idle_delay (#13671)
  • Enable multi_platform_sle platforms for encrypt_partition oval check (#13775)
  • Exclude remote mounted filesystems from local partition nodev tasks (#13530)
  • Fix(accounts_tmout): OVAL check incorrectly passes for TMOUT=0 (#13564)
  • Fix(OVAL): Correct variable reference in account_disable_inactivity_* (#13591)
  • Implement mount_option_tmp_noexec for slmicro5 platform (#13509)
  • Implement oval and remediation files to tftp_uses_secure_mode_systemd (#13694)
  • Improve OVAL checks for nss-altfiles (#13759)
  • Make sure oval service disable macro covers also not found definition (#13725)
  • SLE fixes for gid-related rules (#13779)
  • SLE improve require_singleuser_auth oval check and remediations (#13746)
  • SLE kernel package may be called kernel-default-base (#13748)
  • Sshd rekey limit update OVAL (#13687)
  • Update disable_users_coredumps rule to support drop-in and string values (#13749)
  • Update path for OL9 in sysctl_kernel_exec_shield oval file (#13538)
  • Update sshd_set_idle_timeout oval file & sshd_lineinfile template for OL (#13695)

Changes in the Infrastructure

  • [workflow] Fix ansible for Ubuntu workflow (#13480)
  • Add the ability built more than one product with SRG XLSX Option (#13693)
  • Fix Debian 13 in CI (#13557)
  • Fix level inheritance when processing profiles (#13666)
  • Fix SCAP Delta Tailoring (#13542)
  • Format rhel8 related yaml files (#13621)
  • Improve reproducibility and stability (#13531)
  • Move RHEL 9 E8 profile to use the e8 control file (#13482)
  • Pre-load Jinja macros (#13502)
  • Remove 2 functions (#13659)
  • Remove Ubuntu 16.04, 18.04 and 20.04 products (#13483)
  • Update Export SRG Script (#13474)

Changes in the Test Suite

  • [Ubuntu] Fix test of package_bind_removed (#13560)
  • Add missing profile stability data (#13600)
  • Add OL9 to disable_ctrlaltdel_reboot tests (#13609)
  • Add tags to test scenarios in accounts_root_path_dirs_no_write (#13536)
  • Change TS in networkmanager_dns_mode from fail to pass (#13724)
  • CI: fedora gating - collapse the multiline command (#13735)
  • file_groupownership_system_commands_dirs fix test scenario (#13675)
  • Fix platform tag in test scenarios (#13534)
  • Fix tests for rule grub2_pti_argument (#13733)
  • Update profile to variable in banner_etc_issue_disa_dod_short test (#13667)

Documentation

  • Remove outdated Code Climate badage (#13744)
  • Update Contributors for 0.1.78 (#13807)

Fixed Bugs

  • RHEL 9 STIG: align login timeout with the STIG policy (#13826)
  • [stabilization]: auditd_lineinfile: allow specifying data type of XCCDF variable (#13841)
  • RHEL 9 Ansible replace systemd_service module with systemd (#13829)
  • [Ubuntu] Remove non-ascii character (#13607)
  • Add var_sudo_timestamp_timeout=always_prompt to RHEL 9 and RHEL 10 STIG (#13517)
  • Adjust description of file_permissions_sudo (#13685)
  • Allow spaces around equal sign (#13691)
  • file_groupownership_system_commands_dirs fix test scenario (#13675)
  • Fix rule auditd_freq (#13718)
  • grub2_*_admin_username: make regex less strict (#13740)
  • Install package polkit-pkla-compat (#13729)
  • make service_rngd_enabled applicable in case FIPS mode is not enabled (#13705)
  • Remove remaining dependencies on installed_OS_is_FIPS_certified (#13757)
  • replace instances of grub-mkconfig with correct grub2-mkconfig (#13640)
  • sshd_limit_user_access is missing the opening tag (#13616)
  • stop using fixfiles relabel in remediations (#13738)
  • Support drop-in files in coredump rules (#13665)
  • Update links which pointed to outdated documentation (#13508)
  • Update the suffix for rules used when generating components gh pages (#13597)
  • Use default order in configure_gnutls_tls_crypto_policy (#13692)
  • Use template in grub2_nousb_argument (#13726)
Check out latest releases or
releases around ComplianceAsCode/content v0.1.78

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications