RHEL7 CIS Versions Save

Remediate

Issues closed and PRs merged - What's changed Pre-commit updates Update to allow Galaxy Releases for new galaxy_ng

Audit

update to later audit binary version ability to run audit in standalone with audit_only: true

What's Changed

• Task validation fixes (by Steampunk Spotter) by @anzoman in https://github.com/ansible-lockdown/RHEL7-CIS/pull/321
• Discord link, lint files and lint by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/323
• Update to collection and linting by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/324
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/ansible-lockdown/RHEL7-CIS/pull/325
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/ansible-lockdown/RHEL7-CIS/pull/327
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/ansible-lockdown/RHEL7-CIS/pull/331
• Audit only and lint by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/333

New Contributors

• @anzoman made their first contribution in https://github.com/ansible-lockdown/RHEL7-CIS/pull/321
• @pre-commit-ci made their first contribution in https://github.com/ansible-lockdown/RHEL7-CIS/pull/325

Full Changelog: https://github.com/ansible-lockdown/RHEL7-CIS/compare/1.2.3...1.3.0

New workflow adopted New readme layout

What's Changed

• Lint updates by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/311
• Yamllint Update, Yamllint Check, Ansible-lint Check, Module Names Update by @MrSteve81 in https://github.com/ansible-lockdown/RHEL7-CIS/pull/312
• Added 1.2.4 and 1.2.5. by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/314
• Sept23 updates by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/317
• Update main release and alignment by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/318
• Precommit by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/319
• Update main with devel fixes by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/320

Full Changelog: https://github.com/ansible-lockdown/RHEL7-CIS/compare/1.2.2...1.2.3

Summary

• linting
• workflows
• audit branch alignments

What's Changed

• Changes for Release v1.0.0 by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/191
• Version 1.0.1 Fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/197
• Version 1.0.2 updates - Minor fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/201
• Version 1.1.0 Release by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/211
• Devel to main for release by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/246
• Benchmark 3.1.1 Updates by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/257
• Issues Fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/277
• Truthy updates by @MrSteve81 in https://github.com/ansible-lockdown/RHEL7-CIS/pull/279
• Issue 275 and checkmode changes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/280
• updated readme for checkmode by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/281
• 4.2.4 logrotate update by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/283
• Outstanding issues and improvements by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/288
• Collections workflows by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/289
• Ablity to change audit environment by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/290
• updated tags section of readme by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/291
• fix for issue #292 by @georgenalen in https://github.com/ansible-lockdown/RHEL7-CIS/pull/293
• Updates by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/297
• Ssh and 4.1.1.3 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/300
• fixed copy paste error by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/304
• Oct issues by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/307
• Alignment updates by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/310
• New release to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-CIS/pull/299

New Contributors

• @MrSteve81 made their first contribution in https://github.com/ansible-lockdown/RHEL7-CIS/pull/279

Full Changelog: https://github.com/ansible-lockdown/RHEL7-CIS/compare/1.2.1...1.2.2

CIS Benchmark Version: 3.1.1 CIS Benchmark Release Date: May 21, 2021

Issue Fixes:

• #259 - Undefined Variables

Enhancements:

• PR #269
• PR #271
• PR #273
• Updated logic on 5.3.18
• Removed group in 4.2.3 since it is not required in the benchmark
• Linting updates
• Remove no longer needed libraries

• CIS Version: 3.0.1
• Capabilities to use goss audit tool
• General updates to make the role better

• CIS Version: 3.0.1
• Added audit output file permissions
• Fixed typos

• CIS Version: 3.0.1
• Renamed goss module
• Updated SELinux rules idempotence

• CIS Version: 3.1.1

Issue Fixes:

• PR #247 - Fix STIG to CIS copy paste failures
• PR #248 - Allow toggling OS check
• PR #250 - 5.3.2 only implemented partially

Enhancements:

• CIS Version 3.1.1 compliance
• Additional lint updates
• Added Issue Templates
• Added PR Template

• CIS Version: 3.0.1

Issue Fixes:

• #199 - Molecule has wrong file name
• #202 - Task for 4.1.1.3 is not fully idempotent
• #203 - Tags are not available in galaxy
• #204 - Task for CIS 6.1.12 seems broken
• #205 - cis_5.2.x.yml - 5.2.15 - Fatal error
• #208 - rhel7cis_legacy_boot variable not accepting boolean
• #209 - UEFI grub file incorrect location
• #213 - Undefined variable rule 5.5
• #215 - Support for CentOS rule 1.2.1 and 1.2.2
• #217 - 4.1.2.4 not idempotent if GRUB_CMDLINE_LINUX_DEFAULT is present
• #222 - Idempotent 5.4.1.4
• #225 - rule 6.2.4 with login banners
• #226 - Inconsistent tag on rule 6.2.5
• #240 - rule 6.1.9 /etc/gshadow- mode should be 0000
• #241 - rule 5.6
• #243 - Bug: typo in 6.2.5 task
• #245 - Incorrect configuration value in Rule 3.1.1

Enhancements:

• Linting for galaxy

• CIS Version: 3.0.1
• Renamed goss module
• Updated SELinux rules idempotence