github ComplianceAsCode/content v0.1.81
Content 0.1.81
on GitHub

4 hours ago

Important Highlights

  • Add Claude Code skills for content development workflows (#14529)
  • Add Hummingbird product support (#14605)
  • Align OL8 STIG profile with OL8 DISA STIG V2R7 (#14421)
  • Align OL9 STIG profile with OL9 DISA STIG V1R4 (#14423)
  • CMP-4110: Implement CIS OpenShift version 1.9.0 (#14431)
  • Create Claude Skill for creating new products (#14670)
  • DISA STIG: Update RHEL8 V2R6 → V2R7 (#14637)
  • SLE12 Update STIG version to V3R4 (#14419)
  • SLE12 update STIG version to V3R5 (#14707)
  • SLE15 Update STIG version to V2R6 (#14417)
  • SLE15 Update STIG version to V2R7 (#14682)
  • SLEM5 Update STIG version to V1R3 (#14420)
  • Update OL9 STIG profile to DISA STIG V1R5 (#14695)
  • Update RHEL 9 STIG to v2r8 (#14653)

New Rules and Profiles

  • Add Hummingbird product support (#14605)
  • Allow both even_deny_root and root_unlock_time (#14678)
  • CMP-4110: Implement CIS OpenShift version 1.9.0 (#14431)
  • Implemented UBTU-24-300019/20/21 (#14553)
  • SLE16 create ANSSI profiles (#14412)

Updated Rules and Profiles

  • [Ubuntu 22.04] Bump STIG profile metadata from V2R3 to V2R7 (#14459)
  • add hipaa reference to rule package_postfix_installed (#14667)
  • Add more rules for SLE16 ANSSI profiles (#14514)
  • Add package rsync name definition for rsync package for sle16 (#14440)
  • Add service_kdump_disabled to RHEL 9 CCN profiles (#14697)
  • Add tftp package definition for sle platforms (#14444)
  • Align OL8 STIG profile with OL8 DISA STIG V2R7 (#14421)
  • Align OL9 STIG profile with OL9 DISA STIG V1R4 (#14423)
  • CMP-4110: Implement CIS OpenShift version 1.9.0 (#14431)
  • DISA STIG: Update RHEL8 V2R6 → V2R7 (#14637)
  • Ensure dot files permissions are 0740 or less (remove only offending bits) (#14609)
  • SLE12 Update STIG version to V3R4 (#14419)
  • SLE12 update STIG version to V3R5 (#14707)
  • SLE15 Update STIG version to V2R6 (#14417)
  • SLE15 Update STIG version to V2R7 (#14682)
  • SLE16 Make sure for permissions_local_var_log file_permissions template (#14398)
  • Sle16 pci dss password rules patches (#14607)
  • SLE16 set filemode parameter for file_permissions rules (#14399)
  • SLEM5 Update STIG version to V1R3 (#14420)
  • Stabilization update sle15 stig version to v2 r6 (#14435)
  • Stabilization: Fix rsyslog rainerscript oval (#14731)
  • Stabilization: Remove draft status from RHEL 10 OSPP (#14739)
  • Update OL9 STIG profile to DISA STIG V1R5 (#14695)
  • Update RHEL 9 STIG to v2r8 (#14653)

Changes in Remediations

  • Add more rules for SLE16 ANSSI profiles (#14514)
  • Enable sle16 remeditaions in grub2_enable_selinux (#14400)
  • ensure_redhat_gpgkey_installed: use command module instead of rpm_key in Ansible remediation (#14517)
  • Fix Ansible remediation for sshd rules (#14655)
  • Fix appending of ntp rule (#14478)
  • Fix authselect remediation with multiple features (#14659)
  • Fix chronyd_or_ntpd_set_maxpoll bash remediation when /etc/chrony.d is missing (#14638)
  • Fix drop in template to ignore commented out lines (#14442)
  • Guard SQ inspect command for RHEL>=10.1 only (#14596)
  • Make sure not to run ansible procedure in check mode (#14395)
  • Make sure the sequoia package is installed across CIS profiles (#14632)
  • Patch ansible remediation for postfix_network_listening_disabled rule (#14394)
  • Prevent Ansible Playbook termination in check mode (#14677)
  • Sle16 dconf gnome patch (#14366)
  • SLE16 related fixes to accounts password template (#14717)
  • Sle16 sshd lineinfile related fixes (#14458)
  • Sle16 use /etc/security/faillock.conf for pam faillock configuration (#14624)
  • Use drop-ins file in /etc/login.defs.d/ (#14438)
  • Use separate ansible variables for sq and gpg (#14604)

Changes in Checks

  • Add more rules for SLE16 ANSSI profiles (#14514)
  • Fix file_owner OVAL to check exact username (#14479)
  • Fix oval failure in case of locked users (#14397)
  • Optimize file search in ARPC (#14706)
  • Optimize OVALs in multiple rules to avoid errors caused by non-UTF file names (#14712)
  • Refactor OCIL macros for installed/removed packages + rules (#14595)
  • SLE16 adapt sudoers rules to work both with /etc and distro_default (#14691)
  • Sle16 dconf gnome patch (#14366)
  • Sle16 sshd lineinfile related fixes (#14458)
  • Stabilization: Fix rsyslog rainerscript oval (#14731)
  • Use drop-ins file in /etc/login.defs.d/ (#14438)

Changes in the Infrastructure

  • Fixes ssg/utils.py to parse version numbers (#14588)

Changes in the Test Suite

  • account_password_pam_faillock_password_auth: strip test metadata (#14672)
  • Enable more Packit-based Contest testing (#14675)
  • Remove unreliable test scenarios (#14703)
  • yamllint: prevent the script from being killed before we get output (#14647)

Documentation

  • GH-14516: Make compare_ds.py generate diffs for removed rules in DISA (#14578)

Fixed Bugs

  • Add service_kdump_disabled to e8 and ism_o (#14573)
  • Add var_system_crypto_policy to RHEL9 STIG profiles (#14689)
  • ensure_redhat_gpgkey_installed: use command module instead of rpm_key in Ansible remediation (#14517)
  • Fix NIST 800-53 CIS control references sync indentation and update NIST-800-53 control files (#14705)
  • Fix pam_faillock_conf_path for sle16 (#14694)
  • GH-14516: Make compare_ds.py generate diffs for removed rules in DISA (#14578)
  • profiles/rhel9/hipaa: exclude auditd_audispd_syslog_plugin_activated (#14687)
  • profiles/rhel9+rhel10/hipaa: add grub2_audit_backlog_limit_argument (#14688)
  • Stabilization: Fix rsyslog rainerscript oval (#14731)
  • Store plain login banner text in XCCDF Value (#14371)
Check out latest releases or
releases around ComplianceAsCode/content v0.1.81

Don't miss a new content release

NewReleases is sending notifications on new releases.

Get notifications