Skip to content

Updates and improvements
Compare
Choose a tag to compare
@uk-bolly uk-bolly released this 06 Jul 13:21
· 502 commits to main since this release
2.1.0
0220ed1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

CIS Version: 2.0.0
CIS Version Release Date: 2-23-2022

Issues Addressed:
@ccravens

  • #160 - Ansible 2.12 Does Not Manage /etc/crontab
  • #183 - should not/cannot edit /etc/crontab
  • #204 - Added CentOS keys (PR)

@flwitten

  • #180 - 1.4.1 Ensure bootloader password is set | always skipped
  • #181 - 1.8.5 | Ensure automatic mounting of removable media is disabled | Typo
  • #182 - /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-official
  • #185 - 4.2.1.x & 4.2.2.x

@ChandlerSwift

  • #187 - 5.6.2 'rhel8cis_passwd' is undefined
  • #192 - 5.6.2 locks out (almost) all non-system accounts, rather than system accounts
  • #195 - Fix path for /etc/group control 6.1.5 (PR)

@scottdoane

  • #203 - 4.2.1.5 conflicts with itself on cron, auth logs

@ztmr

  • #190 - Incorrect container detection fails certain tasks if executed in Podman

@Thulium-Drake

  • #196 - Some handlers conflict with RHEL7-CIS handlers
  • #198 - Fix #197 (PR)
  • #200 - Versioned grub2cfg handler because it works differently in comparison to RHEL7-CIS (PR for issue #196 )
  • #208 - Excluded nobody user from 6.2.10 (PR for issue #207)

@pavloos

  • #186 - Audit not working audit_out_dir is not /var/tmp

@MindPointGroup (@uk-bolly and @georgenalen)

Enhancements:

  • changed crypto to DEFAULT in defaults/main and updated as allowed option
  • 3.4.1.2 - removed enabled option as errors if masked and enable option
  • github workflow added branch option to issues.
  • Dynamic UID discovery
  • several title updates and alignments
  • logic and idempotence improvement
  • tag updates and fixes
  • removed config no longer used
  • dynamic container discovery
  • update container variables and usage
  • firewall services audit template output now works with goss correctly
  • firewall services included cockpit as default
  • 4.2.2.1.4 - changed to be socket service as per documentation
  • update to auditd template
  • uses facts and template new variable
  • update_audit_template (default false)
  • 3.4.1.5 discovery improvement
  • 5.6.1.4 discovery improvement
  • Added a warning comment managed by Ansible to all template files

Contributors

ccravens, ztmr, and 8 other contributors
Assets 2
Loading