CIS RedHat Enterprise Linux 7 Benchmark v4.0.0 - 21-12-2023

Remediate

• Many changes for new version
  • reordering of rules
  • new rules added and updated
• workflows updated and migrated to new method
• precommit updates
• rebase between releases

Audit

• audit updates
  • new audit binary version
  • updated tests and tasks

What's Changed

• Task validation fixes (by Steampunk Spotter) by @anzoman in #321
• Discord link, lint files and lint by @uk-bolly in #323
• Update to collection and linting by @uk-bolly in #324
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #325
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #327
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #331
• Audit only and lint by @uk-bolly in #333
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #335
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #336
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #337
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #339
• V4.0 release to devel by @uk-bolly in #338
• Update and align devel by @uk-bolly in #341
• CIS v4.0.0 release to main by @uk-bolly in #340

New Contributors

• @anzoman made their first contribution in #321

Full Changelog: 1.3.0...2.0.0

Remediate

Issues closed and PRs merged - What's changed
Pre-commit updates
Update to allow Galaxy Releases for new galaxy_ng

Audit

update to later audit binary version
ability to run audit in standalone with audit_only: true

What's Changed

• Task validation fixes (by Steampunk Spotter) by @anzoman in #321
• Discord link, lint files and lint by @uk-bolly in #323
• Update to collection and linting by @uk-bolly in #324
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #325
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #327
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #331
• Audit only and lint by @uk-bolly in #333

New Contributors

• @anzoman made their first contribution in #321
• @pre-commit-ci made their first contribution in #325

Full Changelog: 1.2.3...1.3.0

New workflow adopted
New readme layout

What's Changed

• Lint updates by @uk-bolly in #311
• Yamllint Update, Yamllint Check, Ansible-lint Check, Module Names Update by @MrSteve81 in #312
• Added 1.2.4 and 1.2.5. by @uk-bolly in #314
• Sept23 updates by @uk-bolly in #317
• Update main release and alignment by @uk-bolly in #318
• Precommit by @uk-bolly in #319
• Update main with devel fixes by @uk-bolly in #320

Full Changelog: 1.2.2...1.2.3

Summary

• linting
• workflows
• audit branch alignments

What's Changed

• Changes for Release v1.0.0 by @georgenalen in #191
• Version 1.0.1 Fixes by @georgenalen in #197
• Version 1.0.2 updates - Minor fixes by @georgenalen in #201
• Version 1.1.0 Release by @georgenalen in #211
• Devel to main for release by @uk-bolly in #246
• Benchmark 3.1.1 Updates by @georgenalen in #257
• Issues Fixes by @georgenalen in #277
• Truthy updates by @MrSteve81 in #279
• Issue 275 and checkmode changes by @georgenalen in #280
• updated readme for checkmode by @georgenalen in #281
• 4.2.4 logrotate update by @uk-bolly in #283
• Outstanding issues and improvements by @uk-bolly in #288
• Collections workflows by @uk-bolly in #289
• Ablity to change audit environment by @uk-bolly in #290
• updated tags section of readme by @georgenalen in #291
• fix for issue #292 by @georgenalen in #293
• Updates by @uk-bolly in #297
• Ssh and 4.1.1.3 by @uk-bolly in #300
• fixed copy paste error by @uk-bolly in #304
• Oct issues by @uk-bolly in #307
• Alignment updates by @uk-bolly in #310
• New release to main by @uk-bolly in #299

New Contributors

• @MrSteve81 made their first contribution in #279

Full Changelog: 1.2.1...1.2.2

CIS Benchmark Version: 3.1.1
CIS Benchmark Release Date: May 21, 2021

Issue Fixes:

• #259 - Undefined Variables

Enhancements:

• PR #269
• PR #271
• PR #273
• Updated logic on 5.3.18
• Removed group in 4.2.3 since it is not required in the benchmark
• Linting updates
• Remove no longer needed libraries

• CIS Version: 3.1.1

Issue Fixes:

• PR #247 - Fix STIG to CIS copy paste failures
• PR #248 - Allow toggling OS check
• PR #250 - 5.3.2 only implemented partially

Enhancements:

• CIS Version 3.1.1 compliance
• Additional lint updates
• Added Issue Templates
• Added PR Template

• CIS Version: 3.0.1

Issue Fixes:

• #199 - Molecule has wrong file name
• #202 - Task for 4.1.1.3 is not fully idempotent
• #203 - Tags are not available in galaxy
• #204 - Task for CIS 6.1.12 seems broken
• #205 - cis_5.2.x.yml - 5.2.15 - Fatal error
• #208 - rhel7cis_legacy_boot variable not accepting boolean
• #209 - UEFI grub file incorrect location
• #213 - Undefined variable rule 5.5
• #215 - Support for CentOS rule 1.2.1 and 1.2.2
• #217 - 4.1.2.4 not idempotent if GRUB_CMDLINE_LINUX_DEFAULT is present
• #222 - Idempotent 5.4.1.4
• #225 - rule 6.2.4 with login banners
• #226 - Inconsistent tag on rule 6.2.5
• #240 - rule 6.1.9 /etc/gshadow- mode should be 0000
• #241 - rule 5.6
• #243 - Bug: typo in 6.2.5 task
• #245 - Incorrect configuration value in Rule 3.1.1

Enhancements:

• Linting for galaxy

• CIS Version: 3.0.1
• Renamed goss module
• Updated SELinux rules idempotence

• CIS Version: 3.0.1
• Added audit output file permissions
• Fixed typos

• CIS Version: 3.0.1
• Capabilities to use goss audit tool
• General updates to make the role better