STIG Version3 Release 12 release - July 23

Remediate

Issues closed and PRs merged - What's changed Pre-commit updates Many improvements to different controls ansible version to 2.10.1 Update to allow Galaxy Releases for new galaxy_ng

What's Changed

• Stig v3r12 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/432
• Workflow lint readme and prereq tags by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/433
• V3R12 update by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/434
• updated assert for workflow run by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/435
• workflow update by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/436
• Task validation fixes and rewrites (by Steampunk Spotter) by @anzoman in https://github.com/ansible-lockdown/RHEL7-STIG/pull/437
• Discord updates, lint and tidy by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/438
• Collections lint by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/439
• Adding additional condition for rhel7stig_grub2_user_cfg for task by @layluke in https://github.com/ansible-lockdown/RHEL7-STIG/pull/441
• updated the workflow version and galaxy setup by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/442
• Tidyup by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/444
• rhel7stig_boot_part variable now discovered by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/445
• removed doc dir by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/449
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/ansible-lockdown/RHEL7-STIG/pull/447
• Jan 24 updates by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/450
• devel to main update for release by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/443
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/ansible-lockdown/RHEL7-STIG/pull/451
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/ansible-lockdown/RHEL7-STIG/pull/454
• Feb 24 updates by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/455

New Contributors

• @whitehat237 made their first contribution in https://github.com/ansible-lockdown/RHEL7-STIG/pull/430
• @anzoman made their first contribution in https://github.com/ansible-lockdown/RHEL7-STIG/pull/437
• @layluke made their first contribution in https://github.com/ansible-lockdown/RHEL7-STIG/pull/441
• @pre-commit-ci made their first contribution in https://github.com/ansible-lockdown/RHEL7-STIG/pull/447

Full Changelog: https://github.com/ansible-lockdown/RHEL7-STIG/compare/1.7.0...1.8.2

What's Changed

• Devel to Main for release 1.0 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/342
• Version 1.0.1 - Minor Updates by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/350
• Issue Fixes and Enhancements by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/364
• Devel to main for release by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/367
• Benchmark 3.3 updates and other fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/374
• Added Issue/PR Templates and Issue Fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/378
• Devel to Main release Stig V3R4 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/384
• release 1.3.2 - issue fixes by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/389
• Release 1.4.0 by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/395
• Benchmark Version 3 Release 6 Updates by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/402
• Stig v3r10 to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/420
• Stig V3R11 release by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/427
• Improve sudo user password check by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/429
• Update fix-cat2.yml by @whitehat237 in https://github.com/ansible-lockdown/RHEL7-STIG/pull/430
• Stig v3r12 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/432
• Workflow lint readme and prereq tags by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/433
• V3R12 update by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/434
• updated assert for workflow run by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/435
• workflow update by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/436

New Contributors

• @whitehat237 made their first contribution in https://github.com/ansible-lockdown/RHEL7-STIG/pull/430

Full Changelog: https://github.com/ansible-lockdown/RHEL7-STIG/compare/1.7.0...1.8.0

What's Changed

• devel to main update for release by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/443

Full Changelog: https://github.com/ansible-lockdown/RHEL7-STIG/compare/1.8.0...1.8.1

What's Changed

• Devel to Main for release 1.0 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/342
• Version 1.0.1 - Minor Updates by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/350
• Issue Fixes and Enhancements by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/364
• Devel to main for release by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/367
• Benchmark 3.3 updates and other fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/374
• Added Issue/PR Templates and Issue Fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/378
• Devel to Main release Stig V3R4 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/384
• release 1.3.2 - issue fixes by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/389
• Release 1.4.0 by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/395
• Benchmark Version 3 Release 6 Updates by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/402
• Stig v3r10 to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/420
• Stig V3R11 release by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/427
• Improve sudo user password check by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/429
• Update fix-cat2.yml by @whitehat237 in https://github.com/ansible-lockdown/RHEL7-STIG/pull/430
• Stig v3r12 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/432
• Workflow lint readme and prereq tags by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/433
• V3R12 update by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/434
• updated assert for workflow run by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/435
• workflow update by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/436

New Contributors

• @whitehat237 made their first contribution in https://github.com/ansible-lockdown/RHEL7-STIG/pull/430

Full Changelog: https://github.com/ansible-lockdown/RHEL7-STIG/compare/1.7.0...1.8.0

Stig V3r11 27th April 2023

Consistent on ansible version Improvement in checking ansible user has password 010340 tidy of boootloader discovery and paths

• New controls

  • RHEL-07-010019
  • RHEL-07-010063
  • RHEL-07-020028

• rule id updates and changes

  • RHEL-07-010119
  • RHEL-07-010199
  • RHEL-07-010271
  • RHEL-07-020028
  • RHEL-07-020030

Lint updates workflow updates goss url and version FQCN added alignment to audit benchmark version

• Thanks to @Joseph Hoffman

  • #405

• Thanks to @Bordenit

  • #412
  • #415

• Update to V3R10 - Jan 2023 All controls have rules updated

  • cat_1

    • 010010
    • 010290

  • cat 2

    • 010060
    • 010062
    • 010070
    • 010081
    • 010082
    • 010090 Added back in for screen pkgs to be installed
    • 010100
    • 010101
    • 010110
    • 010199 - new control
    • 010200
    • 010270
    • 010320
    • 010330
    • 010342 - updated grep command to grep -E
    • 020029 - added notify and updated rule
    • 020030 - updated mail path in cron job
    • 020040
    • 020650
    • 021620
    • 040201
    • 040420
    • 040470 - conditional added only pre 7.4
    • 040610
    • 040611
    • 040612
    • 040620
    • 040630
    • 040640
    • 040641
    • 040650
    • 040660
    • 040712 - new control ssh KEX
    • 040740
    • 040830

• cat 3

  • 010375 - new control
  • 021600
  • 021610

• RHEL-07-010271 - New Control Added

• Update to STIG V3R9 Oct 27th 2022 - Changes Listed Below

  • RHEL-07-010342, RHEL-07-010343, RHEL- 07-020023, RHEL-07-030201 - Updated fix text.
  • RHEL-07-021040, RHEL-07-021700 - Updated check text command to eliminate false positives.
  • RHEL-07-030840 - Updated check and fix text.
  • RHEL-07-040160 - Updated check text.
  • RHEL-07-040310 - Corrected typo in the Vulnerability Discussion.
  • RHEL-07-040360, RHEL-07-040530 - Updated CCI.

• Update to README and requirements

• RHEL-07-010010, RHEL-07-010020, RHEL-07-010291, RHEL-07-021030,RHEL-07-021040 - Updated Tag Information

What's Changed

• Audit vars by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/409
• Update main.yml by @dirtyharrycallahan in https://github.com/ansible-lockdown/RHEL7-STIG/pull/406
• Update fix-cat2.yml by @dirtyharrycallahan in https://github.com/ansible-lockdown/RHEL7-STIG/pull/407
• Update fix-cat2.yml by @dirtyharrycallahan in https://github.com/ansible-lockdown/RHEL7-STIG/pull/408
• updates for v3r7 changes by @georgenalen in https://github.com/ansible-lockdown/RHEL7-STIG/pull/415
• Idempotency by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/416
• Steve stig v3r9 v2 by @MrSteve81 in https://github.com/ansible-lockdown/RHEL7-STIG/pull/417
• Audit align v3r9 by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/418
• updated title of audit summary steps by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/419
• STIG v3r10 release by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/421
• lint updated inline with galaxy by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/423
• Stig v3r10 to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL7-STIG/pull/420

New Contributors

• @MrSteve81 made their first contribution in https://github.com/ansible-lockdown/RHEL7-STIG/pull/417

Full Changelog: https://github.com/ansible-lockdown/RHEL7-STIG/compare/1.5.0...v1.6.0

STIG Benchmark Version: 3.6 STIG Benchmark Release Date: Jan 27, 2022

Issue Fixes:

• #397 - SCAP scan fails for RHEL-07-040160 (TMOUT)
• #398 - RHEL-07-010119 is potentially not idempotent
• #400 - RHEL-07-010110 setting incorrect lock-delay value

Enhancements:

• STIG Benchmark 3.6 updates
• New automated testing pipeline for PR's
• New GitHub Action for first time contributors
• General tidy up of README layout
• Mention of Discord server in READE, along with the creation of the Discord server

STIG Benchmark Version: 3.5 STIG Benchmark Release Date: Oct 27, 2021

Issue Fixes:

• #391
• #392

Enhancements:

• Updates for benchmarks 3.5
• Updates for using audit tool's wrapper script
• Added attributes file

• STIG Version: Ver 3 Rel 2
• Capabilities to use Goss audit tool
• General updates to entire role for better performance

• STIG Version: Ver 3 Rel 2
• Addressed goss name error
• Updated ansible.cfg

STIG Version: Version 3 Rel 4

Issues Fixes:

• #385 - thanks to danbarr
• #386 - thanks to yeroc

Enhancements:

• N/A