-
Wed Jan 25 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.63-4.0.3
- Update OL stig profile rule selection, add aide_build_database and remove
sshd_disable_compression [Orabug: 35017186]
- Introduce new rules, sshd_use_approved_kex_ordered_stig, configure_bashrc_tmux,
configure_tmux_lock_keybinding [Orabug: 35017186]
- Update rules modifying pam files to handle /etc/pam.d/system-auth precedence over
other configuration files [Orabug: 35017186]
- Update version of stig profiles to V1R5 [Orabug: 35017186]
-
Wed Dec 14 2022 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.63-4.0.2
- Update rules that modify pwquality.conf to delete confs in pwquality.conf.d
so it ensures no wrong confs exist [Orabug: 34893225]
- Allow several non-conflicting entries of the timestamp_timeout config entry
in sudoers files [Orabug: 34893225]
- Update fapolicy_default_deny to look into compiled.rules [Orabug: 34893225]
- Align OL08-00-020352 better by ignoring .bash_history file, and OL08-00-010120
by better detect locked passwords [Orabug: 34893225]
- Update rules dealing with sshd_config to look into files added to the include
keyword [Orabug: 34893225]
- Update remediations in two rules which wasn't letting the system boot when
running anssi-high profile [Orabug: 34893225]
- Update STIG version to V1R4 [Orabug: 34893225]
- Update rules accounts_password_set_min_life_existing and
accounts_password_set_max_life_existing to ignore non-interactive users
[Orabug: 34905591]
-
Mon Oct 03 2022 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.63-4.0.1
- Update rules related to pam pwhistory remember module to allow both
requisite and required control values [Orabug: 34660199]
- Update accounts_password_pam_retry rule to align it with DISA requirements
OL08-00-020102, OL08-00-020103, and OL08-00-020104 [Orabug: 34660199]
- Create mount_option_home and use it in OL8 [Orabug: 34660199]
- Update rule no_empty_passwords to include the password-auth file in
OVAL check and rule wording [Orabug: 34660199]
- Introduce the rule accounts_passwords_pam_faillock_dir to cover
DISA requirements OL08-00-020016 and OL08-00-020017 [Orabug: 34660199]
- Introduce rule account_disable_inactivity_system_auth to cover
DISA requirement OL08-00-020260 [Orabug: 34660199]
- Add automation content to rule accounts_passwords_pam_faillock_audit and include
it in the OL8 stig profile [Orabug: 34660199]
- Add OVAL content to rule fapolicy_default_deny and include it on the
OL8 stig profile [Orabug: 34660199]
- Add automation content to rule rule account_password_selinux_faillock_dir
and include it on the OL8 stig profile [Orabug: 34660199]
- Create rule to cover DISA requirements OL08-00-020018 and OL08-00-020019 [Orabug: 34660199]
- Update sysctl template OVAL [Orabug: 34660199]
- Update accounts_password template OVAL [Orabug: 34660199]
-
Wed Aug 17 2022 Watson Sato <wsato@redhat.com> - 0.1.63-4
- Fix check of enable_fips_mode on s390x (RHBZ#2070564)
-
Mon Aug 15 2022 Watson Sato <wsato@redhat.com> - 0.1.63-3
- Fix Ansible partition conditional (RHBZ#2032403)
-
Wed Aug 10 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-2
- aligning with the latest STIG update (RHBZ#2112937)
- OSPP: use Authselect minimal profile (RHBZ#2117192)
- OSPP: change rules for protecting of boot (RHBZ#2116440)
- add warning about configuring of TCP queues to rsyslog_remote_loghost (RHBZ#2078974)
- fix handling of Defaults clause in sudoers (RHBZ#2083109)
- make rules checking for mount options of /tmp and /var/tmp applicable only when the partition really exists (RHBZ#2032403)
- fix handling of Rsyslog include directives (RHBZ#2075384)
-
Mon Aug 01 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-1
- Rebase to a new upstream release 0.1.63 (RHBZ#2070564)
-
Wed Jun 01 2022 Matej Tyc <matyc@redhat.com> - 0.1.62-1
- Rebase to a new upstream release (RHBZ#2070564)
-
Tue May 17 2022 Watson Sato <wsato@redhat.com> - 0.1.60-9
- Fix validation of OVAL 5.10 content (RHBZ#2079241)
- Fix Ansible sysctl remediation (RHBZ#2079241)
-
Tue May 03 2022 Watson Sato <wsato@redhat.com> - 0.1.60-8
- Update to ensure a sysctl option is not defined in multiple files (RHBZ#2079241)
- Update RHEL8 STIG profile to V1R6 (RHBZ#2079241)