-
Tue May 16 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.4
- Bump release version so it is not the same as for OL8.7 [JIRA: OLDIS-23758]
-
Tue May 16 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.3
- Fix ansible to content to manage correctly binary dirs when they have hardlinks. And
manage correctly fstab entries where the mount point has a blank space in mount
point [Orabug: 35338979]
- Update OVAL content to allow spaces in postfix configuration. And recognize locked
accounts with hashed password in /etc/passwd [Orabug: 35338979]
- Add rule package_mailx_installed and ensure_oracle_gpgkey_installed to stig profile
to cover new STIG ids OL08-00-010358 and OL08-00-010019 [Orabug: 35338979]
- Update references to reflect STIG V1R6 compliance [Orabug: 35338979]
- Update bash condition to recognize uefi applicability [Orabug: 35338979]
-
Fri Mar 31 2023 Federico Ramírez <federico.r.ramirez@oracle.com> - 0.1.66-2.0.2
- Introduce a new OVAL macro to consistently identify interactive users [Orabug: 35214522]
- Update accounts_user_dot_no_world_writable_programs rule to look for
initialization files on the user's homedirs only and to prevent the search for
world-writables to descend to other file systems [Orabug: 35214522]
-
Mon Feb 27 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-2.0.1
- Update rules dealing with sshd_config to look into files added to the include
keyword [Orabug: 34893225]
- Update remediation in sebool_secure_mode_insmod which wasn't letting the system boot when
running anssi-high profile [Orabug: 34893225]
- Update OL stig profile rule selection remove sshd_disable_compression [Orabug: 35017186]
- Introduce new rules, sshd_use_approved_kex_ordered_stig, configure_bashrc_tmux,
configure_tmux_lock_keybinding [Orabug: 35017186]
- Update rules modifying pam files to handle /etc/pam.d/system-auth precedence over
other configuration files [Orabug: 35017186]
- Update version of stig profiles to V1R5 [Orabug: 35017186]
-
Mon Feb 13 2023 Watson Sato <wsato@redhat.com> - 0.1.66-2
- Unselect rule logind_session_timeout (RHBZ#2158404)
-
Mon Feb 06 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
- Rebase to a new upstream release 0.1.66 (RHBZ#2158404)
- Update RHEL8 STIG profile to V1R9 (RHBZ#2152658)
- Fix levels of CIS rules (RHBZ#2162803)
- Remove unused RHEL8 STIG control file (RHBZ#2156192)
- Fix accounts_password_pam_unix_remember's check and remediations (RHBZ#2153547)
- Fix handling of space in sudo_require_reauthentication (RHBZ#2152208)
- Add rule for audit immutable login uids (RHBZ#2151553)
- Fix remediation of audit watch rules (RHBZ#2119356)
- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2115343)
- Fix applicability of kerberos rules (RHBZ#2099394)
- Add support rainer scripts in rsyslog rules (RHBZ#2072444)
-
Tue Jan 10 2023 Watson Sato <wsato@redhat.com> - 0.1.63-5
- Update RHEL8 STIG profile to V1R8 (RHBZ#2148446)
- Add rule warning for sysctl IPv4 forwarding config (RHBZ#2118758)
- Fix remediation for firewalld_sshd_port_enabled (RHBZ#2116474)
- Fix compatibility with Ansible 2.14
-
Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
-
Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
- Fix Ansible partition conditional (RHBZ#2032403)
-
Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2
- aligning with the latest STIG update (RHBZ#2112937)
- OSPP: use Authselect minimal profile (RHBZ#2117192)
- OSPP: change rules for protecting of boot (RHBZ#2116440)
- add warning about configuring of TCP queues to rsyslog_remote_loghost (RHBZ#2078974)
- fix handling of Defaults clause in sudoers (RHBZ#2083109)
- make rules checking for mount options of /tmp and /var/tmp applicable only when the partition really exists (RHBZ#2032403)
- fix handling of Rsyslog include directives (RHBZ#2075384)