github ComplianceAsCode/content v0.1.80
Content 0.1.80
on GitHub

16 hours ago

Important Highlights

  • [Ubuntu] Enable rules for sshd dropin files for cis (#14326)
  • Align OL8 to STIG V2R6 (#14234)
  • CMP-3978: Incorporate SSH version into obsolete parameter rules (#14189)
  • Enable dropin files in sysctl template for OL (#14277)
  • Move RHEL Control files to product files (#14257)
  • New Profile for RHEL10: BSI (#14197)
  • Remove rule configure_ssh_crypto_policy from RHEL 9 and 10 (#14263)
  • Remove XSLT templates (#14267)
  • RHEL: use dropin files when remediating sysctl rules (#14353)
  • SLE16 create hipaa profile (#14278)
  • SLE16 create PCI DSS 4 profile (#14338)
  • Update Fedora CIS profile (#14268)
  • Update hipaa profile for OL8 (#14125)
  • Update OL9 e8 profile to use control file (#14327)
  • Update OL9 STIG profile (#14334)
  • Update OL9 STIG V1R3 (#14233)
  • Update RHEL 8 CIS profile (#14269)
  • Update RHEL 8 STIG control file to align with DISA STIG v2r6 (#14375)
  • Update RHEL 9 CCN profile (#14321)
  • Update RHEL 9 STIG content to align with DISA STIG v2r7 (#14382)
  • Use Sequoia in RHEL 10 instead of GPG (#14193)

New Rules and Profiles

  • Add audit monitoring for SELinux policy changes in /var/lib/selinux (#14367)
  • Add new package rules for RHEL 8 CIS (#14284)
  • Add new rule accounts_passwords_pam_faillock_unlock_time_with_zero (#14188)
  • Add new rule disable_weak_deps (#14173)
  • Add new rule xwayland_disabled (#14183)
  • Add new rules for /etc/sysconfig/sshd (#14283)
  • Add rule accounts_user_interactive_home_directory_on_separate_partition (#14370)
  • Add rules for access to all files under /boot/grub2 (#14199)
  • New rule accounts_password_pam_modules_in_authselect_profile (#14279)
  • RHEL 10 CIS: Implement 6.2.1.4 (#14242)
  • SLE16 create hipaa profile (#14278)
  • SLE16 create PCI DSS 4 profile (#14338)
  • Use Sequoia in RHEL 10 instead of GPG (#14193)

Updated Rules and Profiles

  • [stab]: sysctl_kernel_core_pattern_empty_string: align with template (#14451)
  • accounts_password_pam_unix_no_remember: fix test scenarios and remediations (#14215)
  • Add available CCEs for SLE16 (#14167)
  • Add firewalld-backend to RHEL 10 CIS profile (#14205)
  • Add rule accounts_password_pam_pwhistory_enforce_for_root (#14264)
  • Add rule no_invalid_shell_accounts_unlocked to RHEL CIS (#14236)
  • CIS: implement controls so that "remember" is not used together with pam_unix (#14202)
  • drop controls no longer present in the latest RHEL 9 STIG (#14356)
  • expand chronyd_specify_remote_server to be aligned with CIS (#14241)
  • fix copy-paste errors in description (#14175)
  • Fixes for auditing rules in sle15 and sle16 previously disabled (#14132)
  • mount_option_nodev_nonroot_local_partitions: ignore vfat partitions (#14379)
  • Remove rule configure_ssh_crypto_policy from RHEL 9 and 10 (#14263)
  • Remove rule sshd_use_strong_kex from CIS profiles (#14262)
  • RHEL 10 CIS: align variable with control 5.4.1.5 (#14184)
  • RHEL 10 CIS: improve controls related to pwd hashing algos (#14247)
  • SLE 15/16 directory access var log audit (#14186)
  • SLE15 and SLE16 dconf related patches (#14153)
  • SLE16 fix for grub2_uefi_pass (#14330)
  • Sle16 libreswan approved tunnels (#14320)
  • Support journald drop-in config on Ubuntu (#14255)
  • Update hipaa profile for OL8 (#14125)
  • Update OL profiles for not applicable rules (#14126)
  • Update RHEL 8 CIS profile (#14269)
  • Update RHEL 8 STIG control file to align with DISA STIG v2r6 (#14375)
  • Update RHEL 9 CCN profile (#14321)
  • Update RHEL 9 STIG content to align with DISA STIG v2r7 (#14382)
  • Update RHEL8 STIG to V2R5 (#14198)
  • Use Sequoia in RHEL 10 instead of GPG (#14193)

Changes in Remediations

  • [stab]: sysctl_kernel_core_pattern_empty_string: align with template (#14451)
  • [Stabilization] Fix drop in template to ignore commented out lines (#14441)
  • accounts_password_pam_unix_no_remember: fix test scenarios and remediations (#14215)
  • Add python script to refresh the ansible galaxy roles on RedHatOfficial (#14190)
  • Drop unneeded sudo in bash remediation (#14396)
  • Fix ansible roles dependencies (#14303)
  • Fix Ansible sysctl template (#14161)
  • Fix conditional in no_shelllogin_for_systemaccounts remediation (#14206)
  • Fix Jinja filter in Ansible task in mount_option template (#14345)
  • Fix SELinux ansible variable name conflict (#14346)
  • Fixes for auditing rules in sle15 and sle16 previously disabled (#14132)
  • mount_option_nodev_nonroot_local_partitions: ignore vfat partitions (#14379)
  • pwquality and pwhistory fixes (#14095)
  • rhel kickstarts: decrease some partition sizes (#14381)
  • RHEL: increase /boot partition size in kickstarts (#14351)
  • Skip nodev mount option for polyinstantiated dirs (#14374)
  • SLE 15/16 directory access var log audit (#14186)
  • SLE related fixes for pam_faillock configuration file (#14131)
  • SLE15 and SLE16 dconf related patches (#14153)
  • Sle15 logind session timeout rule fixes (#14271)
  • SLE16 fix sysctl related ansible remediations (#14329)
  • stabilization: fix ansible of ensure_redhat_gpgkey_installed (#14518)
  • Update list of profiles in the ansible roles generation (#14191)

Changes in Checks

  • [stab]: sysctl_kernel_core_pattern_empty_string: align with template (#14451)
  • mount_option_nodev_nonroot_local_partitions: ignore vfat partitions (#14379)
  • pwquality and pwhistory fixes (#14095)
  • Sle15 logind session timeout rule fixes (#14271)
  • SLE16 fix for grub2_uefi_pass (#14330)

Changes in the Infrastructure

  • Fix controleval_metrics.py for having per product controls (#14166)
  • Remove pkg resources (#14142)
  • Remove trailing slash for Fedora gating (#14216)
  • Remove XSLT templates (#14267)
  • Use ATEX from PyPI + compress uploaded files (#14276)

Changes in the Test Suite

  • accounts_password_pam_unix_no_remember: fix test scenarios and remediations (#14215)
  • Add ATEX testing to the upstream CI workflows (#14203)
  • SLE15 and SLE16 dconf related patches (#14153)

Fixed Bugs

  • [stab]: sysctl_kernel_core_pattern_empty_string: align with template (#14451)
  • accounts_password_pam_unix_no_remember: fix test scenarios and remediations (#14215)
  • Add rule accounts_password_pam_pwhistory_enforce_for_root (#14264)
  • Adjust variables for banner_etc_issue (#14343)
  • build: wrap nested conditionals in braces if they contain logical operators (#14280)
  • Fix sshd param_conflict_directory.fail.sh tests (#14349)
  • mount_option_nodev_nonroot_local_partitions: ignore vfat partitions (#14379)
  • Move back to dhcp on RHEL 8 CIS (#14291)
  • Remove rule configure_ssh_crypto_policy from RHEL 9 and 10 (#14263)
  • Remove rule sshd_use_strong_kex from CIS profiles (#14262)
  • RHEL: increase /boot partition size in kickstarts (#14351)
  • Shadow test scenario - service_systemd-journal-upload_enabled (#14265)
  • stabilization: fix ansible of ensure_redhat_gpgkey_installed (#14518)
  • Update rules related to /var/log/audit (#14286)
  • Use architecture filter in audit_rules_privileged_commands (#14336)
Check out latest releases or
releases around ComplianceAsCode/content v0.1.80

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications