STIG Version1 Release 12 release - October 23

Main Release for v1r12 RHEL8 STIG

Remediate

• Issues closed and PRs merged - What's changed
• Pre-commit updates
• Many improvements to different controls

Audit

• Audit_only ability now added to run standalone audit
  • audit_only: true
• Related Audit repo updated to improve tests audit binary(goss updated to latest version)

What's Changed

• Change master to main in actions by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/4
• RHEL8 STIG Version 1 Release 1 by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/7
• Minor Fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/11
• Devel to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/34
• Benchmark Version 1 Rev. 2 and other fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/44
• Added Issue and PR templates and an issue fix by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/49
• Benchmark 1.3 updates and issue fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/61
• Release 2.3.1 by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/71
• V1.5 update by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/102
• 2.5.0 Release by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/106
• Benchmark 1.7 and issue fixes by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/137
• Main updates to Benchmark v1r8 release by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/155
• Devel to main release stig v1r9 by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/188
• Release to main for bug fixes and improvements by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/200
• Stig V1R10 Release to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/203
• June devel to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/206
• v1r11 updates release to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/221
• devel - main - workflow and discord by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/225
• New release devel -> main by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/255
• Release of v1r12 by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/275

Full Changelog: https://github.com/ansible-lockdown/RHEL8-STIG/compare/3.1.0...3.2.0

STIG Version1 Release 11 release - July 23

Remediate

Issues closed and PRs merged - What's changed Pre-commit updates Many improvements to different controls Update to allow Galaxy Releases for new galaxy_ng

What's Changed

• Precommit workflow by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/223
• Issue #222 and tidy up by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/224
• Issue 226 and alignment by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/228
• Sysctl and collections by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/235
• updated the workflow version and galaxy setup by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/236
• Revert "fixed gnutls as per issue 196 thansk to @jmalpede" by @qwestduck in https://github.com/ansible-lockdown/RHEL8-STIG/pull/234
• Update main.yml by @BillSkiCO in https://github.com/ansible-lockdown/RHEL8-STIG/pull/237
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/ansible-lockdown/RHEL8-STIG/pull/238
• Oracle Linux rhel8stig_bootloader_path and RHEL-08-020030 fix by @BillSkiCO in https://github.com/ansible-lockdown/RHEL8-STIG/pull/253
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in https://github.com/ansible-lockdown/RHEL8-STIG/pull/247
• Adds when criteria for rhel_08_040321 in tasks/fix-cat2.yml, to skip … by @whitehat237 in https://github.com/ansible-lockdown/RHEL8-STIG/pull/250
• Update meta and readme due to galaxy_ng by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/258

New Contributors

• @qwestduck made their first contribution in https://github.com/ansible-lockdown/RHEL8-STIG/pull/234
• @BillSkiCO made their first contribution in https://github.com/ansible-lockdown/RHEL8-STIG/pull/237
• @pre-commit-ci made their first contribution in https://github.com/ansible-lockdown/RHEL8-STIG/pull/238

Full Changelog: https://github.com/ansible-lockdown/RHEL8-STIG/compare/3.0.0...3.1.0

What's Changed

• Fix typo in defaults/main by @fallenpixel in https://github.com/ansible-lockdown/RHEL8-STIG/pull/215
• improve password check by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/217
• Stig v1r11 release by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/218
• July23 by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/219
• Updated when on line 197 of prelim to use an or instead of and by @georgenalen in https://github.com/ansible-lockdown/RHEL8-STIG/pull/220

New Contributors

• @fallenpixel made their first contribution in https://github.com/ansible-lockdown/RHEL8-STIG/pull/215

#Issues:

• #207
• #208
• #209
• #210
• #211
• #212

Controls updated

• CAT2:
  • 010030 - ruleid
  • 010200 - ruleid
  • 010201 - ruleid
  • 010290 - ruleid and SSH MACS updated
  • 010291 - ruleid and SSH Ciphers updated
  • 010770 - ruleid
  • 020035 - new control idlesession timeout new var rhel_08_020035_idlesessiontimeout
  • 020041 - ruleid and tmux script update
  • 030690 - ruleid and protocol options added
  • 040159 - ruleid
  • 040160 - ruleid
  • 040342 - ruleid and SSH KEX algorithms updated

Full Changelog: https://github.com/ansible-lockdown/RHEL8-STIG/compare/2.9.1...3.0.0

What's Changed

• Container updates & issue 204 by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/205
• Boot part variable by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/214
• June devel to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/206

Full Changelog: https://github.com/ansible-lockdown/RHEL8-STIG/compare/2.9.0...2.9.1

What's Changed

• Stig v1r10 - release by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/201
• Fixed typo in user password assertion by @Phenix66 in https://github.com/ansible-lockdown/RHEL8-STIG/pull/202
• Stig V1R10 Release to main by @uk-bolly in https://github.com/ansible-lockdown/RHEL8-STIG/pull/203
• updates for containers on new version
• #204
• boot partition variable usage

New Contributors

• @Phenix66 made their first contribution in https://github.com/ansible-lockdown/RHEL8-STIG/pull/202

Full Changelog: https://github.com/ansible-lockdown/RHEL8-STIG/compare/2.8.1...2.9.0

Overall Review of Changes: Release of stig v1r9 to main along with many improvements

Issue Fixes: https://github.com/ansible-lockdown/RHEL8-STIG/issues/157 https://github.com/ansible-lockdown/RHEL8-STIG/issues/158 https://github.com/ansible-lockdown/RHEL8-STIG/pull/159 https://github.com/ansible-lockdown/RHEL8-STIG/pull/168 https://github.com/ansible-lockdown/RHEL8-STIG/pull/169 https://github.com/ansible-lockdown/RHEL8-STIG/pull/170 https://github.com/ansible-lockdown/RHEL8-STIG/pull/171 https://github.com/ansible-lockdown/RHEL8-STIG/pull/172 https://github.com/ansible-lockdown/RHEL8-STIG/issues/173 https://github.com/ansible-lockdown/RHEL8-STIG/pull/178 https://github.com/ansible-lockdown/RHEL8-STIG/pull/179 https://github.com/ansible-lockdown/RHEL8-STIG/pull/180 https://github.com/ansible-lockdown/RHEL8-STIG/pull/181 https://github.com/ansible-lockdown/RHEL8-STIG/pull/183 https://github.com/ansible-lockdown/RHEL8-STIG/pull/185 https://github.com/ansible-lockdown/RHEL8-STIG/pull/185

Enhancements: Workflow updates linting audit alignment with correct stig benchmark release Warning layout and updates

Overall Review of Changes: Release of stig v1r9 to main along with many improvements

Issue Fixes: https://github.com/ansible-lockdown/RHEL8-STIG/issues/157 https://github.com/ansible-lockdown/RHEL8-STIG/issues/158 https://github.com/ansible-lockdown/RHEL8-STIG/pull/159 https://github.com/ansible-lockdown/RHEL8-STIG/pull/168 https://github.com/ansible-lockdown/RHEL8-STIG/pull/169 https://github.com/ansible-lockdown/RHEL8-STIG/pull/170 https://github.com/ansible-lockdown/RHEL8-STIG/pull/171 https://github.com/ansible-lockdown/RHEL8-STIG/pull/172 https://github.com/ansible-lockdown/RHEL8-STIG/issues/173 https://github.com/ansible-lockdown/RHEL8-STIG/pull/178 https://github.com/ansible-lockdown/RHEL8-STIG/pull/179 https://github.com/ansible-lockdown/RHEL8-STIG/pull/180 https://github.com/ansible-lockdown/RHEL8-STIG/pull/181 https://github.com/ansible-lockdown/RHEL8-STIG/pull/183 https://github.com/ansible-lockdown/RHEL8-STIG/pull/185 https://github.com/ansible-lockdown/RHEL8-STIG/pull/185

Enhancements: Workflow updates linting audit alignment with correct stig benchmark release Warning layout and updates

STIG Benchmark Release: Version 1 Release 8 STIG Benchmark Release Date: Oct 27, 2022

Issues Fixed:

• #139 - RHEL-08-010330 & RHEL-08-010350 | SETroubleshootD Breaks
• #140 - RHEL-08-020027/020028 | SELinux Permission Discrepancies / Faillock SELinux Denials
• #142 - RHEL-08-010141 /etc/grub.d/01_users need 755 permission
• #147 - Install git
• #148 - RHEL-08-020025 and RHEL-08-020026 - The "preauth" line is NOT listed before pam_unix.so
• #151 - fstype in fix-cat2.yml set to static value "xfs" on mount tasks (Thanks to @whitehat237 for the PR with the fix idea)

Enhancements:

• Updates for new benchmark 1.8
• Updates for banner usage
• Linting updates

STIG Benchmark Release: Version 1 Release 7 STIG Benchmark Release Date: Jul 27, 2022

Issues Fixed:

• #93 - Error with RHEL-08-040137 - Failed
• #104 - README update - cloudint bug when /var noexec
• #107 - RHEL-08-020040/41 needs additional configuration.
• #109 - Broken link for the wiki for Main Variables
• #115 - List dependencies in requirements.txt
• #116 - Inconsistent YAML
• #118 - ansible-lint: 648 failure(s), 0 warning(s) on 18 files
• #124 - RHEL-08-040090 : Firewall must employ deny-all | Missing Configuration
• #125 - RHEL-08-040259: Shall not enable IPv4 Forwarding | Update configuration to latest baseline
• #126 - RHEL-08-010141: Unique Superuser Name for Maintenance | Non-Standard Configuration Method
• #127 - RHEL-08-010690 / RHEL-08-010770 | Failure in Multiple Steps
• #128 - RHEL-08-010050 Banner on Login Screen | Missing Configuration
• #130 - Question regarding RHEL-08-010290 / RHEL-08-010291: Enabling FIPS mode even if not required by STIG?
• #131 - RHEL-08-020040: TMUX Lock-Command Config | Incomplete Regex
• #133 - RHEL-08-010295: GnuTLS Encryption | Line Bug
• #134 - RHEL-08-010740: Group Ownership by Home Dir Owner | Incorrect Ownership by "Nobody" in RHEL 8.6

Enhancements:

• Benchmarks 1.7 updates
• Updates for new linting checks

STIG Benchmark Version: Version 1 Release 6 STIG Benchmark Release Date: Apr 27, 2022

Issues Fixed:

• #104 - README Update - Cloudint bug when/var noexec

Enhancements:

• Benchmark 1.6 updates