Releases: ansible-lockdown/RHEL9-STIG
STIG v2r2 - Release
RuleID updates
NIST ID updates
tmux no longer required removed controls:
RHEL-09-412010
RHEL-09-412015
RHEL-09-412020
RHEL-09-412025
RHEL-09-412030
RHEL-09-611085 - enhance with sudoers nopasswd exclude list
RHEL-09-412035 - Changed tmout to be consistent across STIGS.
lint files updated
new lint layout
file mode changed to symbolic for greater idempotency
Aide logic rewritten
nested variables removed and renamed
aide
auditd
Issue Fixes:
#89
#94
#96
#97
#99
#100
#102
#103
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #89
- Sshd by @PrymalInstynct in #94
- updated is_container.yml and some prelim tasks by @PrymalInstynct in #96
- Adjust audit_bins and created variable for the syslog binary by @PrymalInstynct in #97
- Verify rhel9stig_system_uses_ipv6 & standardize ansible.posix.sysctl usage by @PrymalInstynct in #99
- Added rhel9stig_sysctl_max_user_namespaces for systems that will run containers by @PrymalInstynct in #100
- Use rhel9stig_gui_approved variable with tasks that make sense by @PrymalInstynct in #102
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #104
- Issue 103 by @uk-bolly in #105
- Stigv2r2 by @uk-bolly in #87
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #108
- Rename audit_bins var rhel9stig_audit_bins by @addiedx44 in #109
- Updated release date by @uk-bolly in #112
- Update when logic on cat3-09-653030 by @frederickw082922 in #113
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #111
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #114
- Addresses fix for RHEL-09-232200 on issue #115 by @frederickw082922 in #117
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #118
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #120
- Update to audit alignment and functionality by @uk-bolly in #122
- v2.2 devel to main by @uk-bolly in #121
New Contributors
- @addiedx44 made their first contribution in #109
- @frederickw082922 made their first contribution in #113
Full Changelog: 2.1.0...2.2.0
Contributors
Assets 2
STIG V2r1 - July 24 2024
Based on RHEL 9 DISA STIG: Version 2, Rel 1 released on July 24, 2024
Full rewrite of STIG
Every control has new numbers do to change at STIG
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #85
- Stigv2r1 - release to devel by @uk-bolly in #79
- Stig v2r1 to main by @uk-bolly in #86
Full Changelog: 1.3.1...2.1.0
Contributors
Assets 2
STIG v1R3 final release
Based on RHEL 9 DISA STIG: Version 1, Rel 3 released on Apr 24, 2024
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #80
- Feb25_final issues by @uk-bolly in #83
- Update to main by @uk-bolly in #84
Full Changelog: 1.3.0...1.3.1
Contributors
Assets 2
V1R3 Release
Based on RHEL 9 DISA STIG: Version 1, Rel 3 released on Apr 24, 2024
Remediate
Audit updates
Pipeline Updates
pre-commit updates
Various improvements and enhancements
company naming updated
Lint standards updates
Greater consistency in controls
ruleID updates for version
What's Changed
- Ansible version 2.12.1 minimum set by @uk-bolly in #23
- fix(rhel_09_252035): fix templating and resolv.conf template syntax by @jhomen368 in #27
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #28
- Dynamically set rhel9stig_gui variable by @PrymalInstynct in #29
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #32
- Sept updates - task improvements by @uk-bolly in #30
- Address #34 by making prelim task conditions "or" by @Coconutcoo in #35
- Changed title for RHEL-09-291025 by @layluke in #37
- Added conditional for RHEL-09-215025 by @layluke in #39
- Added loop control for RHEL-09-232190 by @layluke in #43
- Added selectattr value to select only nfs mounts by @layluke in #41
- Sept30 24 by @uk-bolly in #45
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #46
- V1r2 updates by @uk-bolly in #53
- excluding autofs filessytems, adding line to 231060 by @layluke in #50
- removed check for aide being already installed by @layluke in #52
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #54
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #55
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #56
- Stig v1r3 release to devel by @uk-bolly in #57
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #64
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #68
- Name and alignment by @uk-bolly in #69
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #70
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #71
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #73
- Jan25 updates by @uk-bolly in #74
- Merge outstanding branch by @uk-bolly in #75
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #76
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #78
- v1r3 release to main by @uk-bolly in #77
New Contributors
- @jhomen368 made their first contribution in #27
- @PrymalInstynct made their first contribution in #29
- @Coconutcoo made their first contribution in #35
- @layluke made their first contribution in #37
Full Changelog: 1.2.0...1.3.0
Contributors
Assets 2
STIG V1R2
STIG Benchmark Version: v1r2
STIG Benchmark Version Release Date: 24 Jan 2024
Remediate
- V1r2 updates control IDs and new controls
- Issues closed and PRs merged - What's changed
- Pre-commit updates
- New workflow
- jmespath dependency removed
Audit
Updated audit
What's Changed
- Stig v1r2 merge to devel by @uk-bolly in #9
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #11
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #14
- addressed issue #12 thanks to @layluke by @uk-bolly in #15
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #18
- Issues and workflow updates by @uk-bolly in #19
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #20
- v1r2 release - workflow and audit updates by @uk-bolly in #21
Full Changelog: 1.1.0...1.1.1
Contributors
Assets 2
STIG V1R1 - Final
STIG Benchmark Version: v1r1
STIG Benchmark Version Release Date: 22 Sep 2023
Remediate
- Issues closed and PRs merged - What's changed
- Pre-commit updates
- Many improvements to different controls
Audit
Update to copy/unarchive and get_url ability
What's Changed
- added kexec pkg check to 213115 by @uk-bolly in #7
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #8
- V1R1 release - April24 by @uk-bolly in #10
New Contributors
- @pre-commit-ci made their first contribution in #8
Full Changelog: 1.0.0...1.1.0
Contributors
Assets 2
Initial STIG 1.1.0
STIG Benchmark Version: v1r1
STIG Benchmark Version Release Date: 22 Sep 2023
Initial Ansible-lockdown release of RHEL9-STIG
Includes ability for audit_only to run audit only, utilising the variables set in Ansible.