Final - STIG V1R13 release

STIG Version1 Release 13 release - Jan 24

Remediate

Pre-commit updates
new workflow configurations
removed jmespath dependency

Audit

Improvements and updates

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #276
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #285
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #286
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #288
• issues, workflow and jmespath by @uk-bolly in #291
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #290
• Updated ordering and notify location by @uk-bolly in #293
• workflow and audit updated devel to main by @uk-bolly in #292
• Remove remnants of removed openscap scanning feature by @qwestduck in #295
• Remove duplicate and templated task tags by @qwestduck in #297
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #300
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #303
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #304
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #307
• Final main release v1r13 - Jan24 -updated by @uk-bolly in #308

Full Changelog: 3.3.0...3.3.2

STIG V1R13 release

STIG Version1 Release 13 release - Jan 24

Main Release for v1r13 RHEL8 STIG

Remediate

• Issues closed and PRs merged - What's changed
• Pre-commit updates
• Many improvements to different controls
• Rebase required from v1r12

Audit

• Related Audit repo updated to improve tests audit binary(goss updated to latest version)

What's Changed

• Stig v1r12 release to devel by @uk-bolly in #259
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #260
• Updated RHEL-08-020050 to loop over stdout_lines. Fixes issue #261. by @Phenix66 in #262
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #264
• Meet fix text of V-244546 by @fallenpixel in #266
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #268
• April 24 issues into devel by @uk-bolly in #269
• fixed error in conditional rhel-08-020022 #271 by @uk-bolly in #272
• Merge in changes from v1r13 - Jan 24 by @uk-bolly in #274
• updated conditional 040260 by @uk-bolly in #279
• Updated of devel - DCO confirmation and signoff update by @uk-bolly in #280
• V13 merge fixes by @uk-bolly in #282
• May24 updates by @uk-bolly in #283
• Initial main release of v1r13 by @uk-bolly in #281

Full Changelog: 3.2.0...3.3.0

STIG v1r12 - April 2024 update

STIG Version1 Release 12 release - October 23

Main Release for v1r12 RHEL8 STIG

Remediate

• Issues closed and PRs merged - What's changed
• Pre-commit updates
• Many improvements to different controls

Audit

• Audit_only ability now added to run standalone audit
  • audit_only: true
• Related Audit repo updated to improve tests audit binary(goss updated to latest version)

What's Changed

• Change master to main in actions by @georgenalen in #4
• RHEL8 STIG Version 1 Release 1 by @georgenalen in #7
• Minor Fixes by @georgenalen in #11
• Devel to main by @uk-bolly in #34
• Benchmark Version 1 Rev. 2 and other fixes by @georgenalen in #44
• Added Issue and PR templates and an issue fix by @georgenalen in #49
• Benchmark 1.3 updates and issue fixes by @georgenalen in #61
• Release 2.3.1 by @georgenalen in #71
• V1.5 update by @uk-bolly in #102
• 2.5.0 Release by @georgenalen in #106
• Benchmark 1.7 and issue fixes by @georgenalen in #137
• Main updates to Benchmark v1r8 release by @uk-bolly in #155
• Devel to main release stig v1r9 by @uk-bolly in #188
• Release to main for bug fixes and improvements by @uk-bolly in #200
• Stig V1R10 Release to main by @uk-bolly in #203
• June devel to main by @uk-bolly in #206
• v1r11 updates release to main by @uk-bolly in #221
• devel - main - workflow and discord by @uk-bolly in #225
• New release devel -> main by @uk-bolly in #255
• Release of v1r12 by @uk-bolly in #275

Full Changelog: 3.1.0...3.2.0

Final STIG V1R11

STIG Version1 Release 11 release - July 23

Remediate

Issues closed and PRs merged - What's changed
Pre-commit updates
Many improvements to different controls
Update to allow Galaxy Releases for new galaxy_ng

What's Changed

• Precommit workflow by @uk-bolly in #223
• Issue #222 and tidy up by @uk-bolly in #224
• Issue 226 and alignment by @uk-bolly in #228
• Sysctl and collections by @uk-bolly in #235
• updated the workflow version and galaxy setup by @uk-bolly in #236
• Revert "fixed gnutls as per issue 196 thansk to @jmalpede" by @qwestduck in #234
• Update main.yml by @BillSkiCO in #237
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #238
• Oracle Linux rhel8stig_bootloader_path and RHEL-08-020030 fix by @BillSkiCO in #253
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #247
• Adds when criteria for rhel_08_040321 in tasks/fix-cat2.yml, to skip … by @whitehat237 in #250
• Update meta and readme due to galaxy_ng by @uk-bolly in #258

New Contributors

• @qwestduck made their first contribution in #234
• @BillSkiCO made their first contribution in #237
• @pre-commit-ci made their first contribution in #238

Full Changelog: 3.0.0...3.1.0

Stig V1R11 - release

What's Changed

• Fix typo in defaults/main by @fallenpixel in #215
• improve password check by @uk-bolly in #217
• Stig v1r11 release by @uk-bolly in #218
• July23 by @uk-bolly in #219
• Updated when on line 197 of prelim to use an or instead of and by @georgenalen in #220

New Contributors

• @fallenpixel made their first contribution in #215

#Issues:

• #207
• #208
• #209
• #210
• #211
• #212

Controls updated

• CAT2:
  • 010030 - ruleid
  • 010200 - ruleid
  • 010201 - ruleid
  • 010290 - ruleid and SSH MACS updated
  • 010291 - ruleid and SSH Ciphers updated
  • 010770 - ruleid
  • 020035 - new control idlesession timeout new var rhel_08_020035_idlesessiontimeout
  • 020041 - ruleid and tmux script update
  • 030690 - ruleid and protocol options added
  • 040159 - ruleid
  • 040160 - ruleid
  • 040342 - ruleid and SSH KEX algorithms updated

Full Changelog: 2.9.1...3.0.0

Stig V1R10 - release

What's Changed

• Container updates & issue 204 by @uk-bolly in #205
• Boot part variable by @uk-bolly in #214
• June devel to main by @uk-bolly in #206

Full Changelog: 2.9.0...2.9.1

Stig V1R10 Release

What's Changed

• Stig v1r10 - release by @uk-bolly in #201
• Fixed typo in user password assertion by @Phenix66 in #202
• Stig V1R10 Release to main by @uk-bolly in #203
• updates for containers on new version
• #204
• boot partition variable usage

New Contributors

• @Phenix66 made their first contribution in #202

Full Changelog: 2.8.1...2.9.0

Stig V1r9 release

Overall Review of Changes:
Release of stig v1r9 to main along with many improvements

Issue Fixes:
#157
#158
#159
#168
#169
#170
#171
#172
#173
#178
#179
#180
#181
#183
#185
#185

Enhancements:
Workflow updates
linting
audit alignment with correct stig benchmark release
Warning layout and updates

Benchmark 1.8 Updates

STIG Benchmark Release: Version 1 Release 8
STIG Benchmark Release Date: Oct 27, 2022

Issues Fixed:

• #139 - RHEL-08-010330 & RHEL-08-010350 | SETroubleshootD Breaks
• #140 - RHEL-08-020027/020028 | SELinux Permission Discrepancies / Faillock SELinux Denials
• #142 - RHEL-08-010141 /etc/grub.d/01_users need 755 permission
• #147 - Install git
• #148 - RHEL-08-020025 and RHEL-08-020026 - The "preauth" line is NOT listed before pam_unix.so
• #151 - fstype in fix-cat2.yml set to static value "xfs" on mount tasks (Thanks to @whitehat237 for the PR with the fix idea)

Enhancements:

• Updates for new benchmark 1.8
• Updates for banner usage
• Linting updates

Benchmark 1.7 and Issue Fixes

STIG Benchmark Release: Version 1 Release 7
STIG Benchmark Release Date: Jul 27, 2022

Issues Fixed:

• #93 - Error with RHEL-08-040137 - Failed
• #104 - README update - cloudint bug when /var noexec
• #107 - RHEL-08-020040/41 needs additional configuration.
• #109 - Broken link for the wiki for Main Variables
• #115 - List dependencies in requirements.txt
• #116 - Inconsistent YAML
• #118 - ansible-lint: 648 failure(s), 0 warning(s) on 18 files
• #124 - RHEL-08-040090 : Firewall must employ deny-all | Missing Configuration
• #125 - RHEL-08-040259: Shall not enable IPv4 Forwarding | Update configuration to latest baseline
• #126 - RHEL-08-010141: Unique Superuser Name for Maintenance | Non-Standard Configuration Method
• #127 - RHEL-08-010690 / RHEL-08-010770 | Failure in Multiple Steps
• #128 - RHEL-08-010050 Banner on Login Screen | Missing Configuration
• #130 - Question regarding RHEL-08-010290 / RHEL-08-010291: Enabling FIPS mode even if not required by STIG?
• #131 - RHEL-08-020040: TMUX Lock-Command Config | Incomplete Regex
• #133 - RHEL-08-010295: GnuTLS Encryption | Line Bug
• #134 - RHEL-08-010740: Group Ownership by Home Dir Owner | Incorrect Ownership by "Nobody" in RHEL 8.6

Enhancements:

• Benchmarks 1.7 updates
• Updates for new linting checks