RuleIDs updated for listed controls after changes
- RHEL-08-010330, RHEL-08-010340, RHEL-08-010350
- Added “/usr/lib64” to Check and Fix Text paths.
- RHEL-08-010380 - Updated sudoers “NOPASSWD” Check Text command.
- RHEL-08-010381 - Updated Check Text command to split the search for “NOPASSWD” and “!authenticate”
- RHEL-08-010382 - Updated sudoers “ALL” Check Text command.
- RHEL-08-010741 - Updated finding text.
- RHEL-08-030610 - Adjusted to change rules.d file thanks to @platymatt
- RHEL-08-030655 - Added requirement to audit any script or executable called by cron as root or by any privileged user.
- RHEL-08-040030 - Updated Check command.
- RHEL-08-040310 - Updated the Discussion to include “aide.conf” monitoring explanation and updated the Check to require the SA to review the “aide.conf” manually.
- QA Linting Fixes
- Revamp 08-01010
- Removed boot_partition premlim var
Complete lint update Updated handlers to start with upper case separated controls to group numbers removed conditionals if pkg - to give OK instead of skipped separated many control to their own task Added warning list to end of play Renamed control variables to correct format auditd logic updated sssd prelim warning now added to warning summary bootloader - 010020 UUID logic updated 010423 fixed and 010660 updated audit alignment mount logic rewrite
- RHEL-08-101030 - Moved to CAT1
- RHEL-08-010296 - Added Client ssh MACs control.
- RHEL-08-010297 - Added Client ssh Cipher control.
- RHEL-08-010455 - Added requirement.
- RHEL-08-020103 - removed
- RHEL-08-020104 - removed
RuleIDs updated for listed controls after changes in control
- RHEL-08-010030 - moved from CAT2 to CAT1 control
- RHEL-08-010130 - hashing round increase min from 5000 to 100000
- RHEL-08-010290 - MAC reordered
- RHEL-08-010291 - Ciphers reordered
- RHEL-08-010292 - RuleID
- RHEL-08-010680 - RuleID
RuleIDs updated for all controls Nist Control ID associations added
- RHEL-08-010350 - command updated
- RHEL-08-010472 - Not Applicable if fips
- RHEL-08-020035 - version 8.7+
- RHEL-08-020039 RHEL-08-020040 RHEL-08-020041 RHEL-08-020042, RHEL-08-020070 - TMUX removed
- RHEL-08-020220, RHEL-08-020221 - remember not required for PAM
- RHEL-08-020320 - Updated Check and Fix
- RHEL-08-030603, RHEL-08-040139, RHEL-08-040140, RHEL-08-040141 - Rules updated Ok if no USB peripherals
- RHEL-08-040284
- RHEL-08-040370
- RHEL-08-010001 - removed as not a NIST value
Min OS version updated to 2.10
workflow updates
-
#232 - thanks to @eday87 @BJSmithIEEE
-
#298 thanks to @mikefrompsu
-
#299 thanks to @cpu010100
-
thanks to @dglinder
- #301
- #302
-
ansible config update
-
Added gui discovery option updated ruleids
-
CAT I
- RHEL-08-020330 - cat1
-
CAT II
- RHEL-08-010040
- RHEL-08-010070
- RHEL-08-010200
- RHEL-08-010201
- RHEL-08-010423
- RHEL-08-010520
- RHEL-08-010521
- RHEL-08-010522
- RHEL-08-010550
- RHEL-08-010830
- RHEL-08-020350
- RHEL-08-040161
- RHEL-08-040340
- RHEL-08-040341
- updated audit variables
- workflow updates
- #277 thanks to @BJSmithIEEE
- #278 thanks to @prestonSeaman2
- #299 thanks to @derekbentson
- removed dependency on jmespath
- updated 010120 prelim and idempotency
- Audit updated
- moved audit into prelim
- updates to audit logic for copy and archive options
ruleid updated
- 010001
- 020250
- 020290
- 040090
CAT II
- 020035 - updated rule and added handler for logind restart
- 040020 - /bin/false update and ruleid update
- 040080 - /bin/false and ruleid
- 040111 - /bin/false and ruleid
CAT III
- 040021 - /bin/false and ruleid
- 040022 - /bin/false and ruleid
- 040023 - /bin/false and ruleid
- 040024 - /bin/false and ruleid
- 040025 - /bin/false and ruleid
- 040026 - /bin/false and ruleid
ruleid updated
-
010020
-
010471
-
030741
-
030742
-
040400
-
added SSH validation
-
added ansible_facts for variable usage
-
AUDIT
- Audit_only ability now added to run standalone audit
- audit_only: true
- Related Audit repo updated to improve tests audit binary(goss updated to latest version)
- Audit_only ability now added to run standalone audit
-
updates to collections since galaxy updated
-
updates to audit
-
#229 thanks to @JacobBuskirk
- workflow and pipeline updates
- links updates in documentation
- #222 thanks to @BJSmithIEEE
- #226 thanks to @jmalpede
- lint config updates
- lint updates
- precommit added and configured
Issues:
Controls updated
-
CAT2:
- 010030 - ruleid
- 010200 - ruleid
- 010201 - ruleid
- 010290 - ruleid and SSH MACS updated
- 010291 - ruleid and SSH Ciphers updated
- 010770 - ruleid
- 020035 - new control idlesession timeout new var idlesessiontimeout
- 020041 - ruleid and tmux script update
- 030690 - ruleid and protocol options added
- 040159 - ruleid
- 040160 - ruleid
- 040342 - ruleid and SSH KEX algorithms updated
-
CAT3
- 010471 - ruleid
-
audit variables updated, new version
-
tidied up the end of the playbook ordering with reboot taking place(if set and enabled) prior to audit now.
- #216 check that sudo user has a password check improvement
- thanks to manish on discord for highlighting this
- Issue #204 address
- tidy up of prelim
- update to allow against container
- vars/is_container.yml updated and aligned
- prelim fqcn
-
Added new controls
- RHEL-08-10019
- RHEL-08-10358
-
updated control IDs
- RHEL-08-10360
- RHEL-08-10540
- RHEL-08-10541
- RHEL-08-10544
- RHEL-08-10800
- RHEL-08-20040
- RHEL-08-20100
- RHEL-08-20101
- RHEL-08-20102
- RHEL-08-20103
- RHEL-08-20220
- RHEL-08-20221
- RHEL-08-20270
- RHEL-08-30070
- RHEL-08-40150
-
OracleLinux tested and added
-
#194 thanks to @JacobBuskirk
-
#196 thanks to @jmalpede
-
#195 thanks to PoundsOfFlesh
-
#197 thanks to PoundsOfFlesh
- updated to /var/log mount check
- added commnets for /mnt and removeable media on Azure systems
- ansible version updated to 2.10.1 minimum
- updated to ansible user check for passwd rule 010380
- thanks to discord community member PoundsOfFlesh
- update readme layout and latest audit example
- changed disruptive back to false to allow users to control the settings
- improvements to openssh configs and seperated tasks
- updates to pamd logic thanks to @JacobBuskirk for highlighting
Also following issues/PRs
- #168
- #169
- #170
- #171
- #172
- #177
- #178
- #179
- #180
- #181
-
updates to workflow
- ami
- update to actions to latest versions
- update_galaxy workflow added
-
README alignment
-
ansible.cfg added showing how tested
-
audit template updated
-
moved warnihg statements arounf for reboot
-
RULEID reference updated
-
010510 rule no longer required
-
010671 improvement
-
020040 loop added
-
040090 - var typo fixed
-
040342 new control for FIP_KEX Algorithms
- new FIPS_KEX_ALGO variable
- lint updates
- Benchmark 1.8 Updates
- New RULEID for the following, plus additional notes if needed
- CAT1
- RHEL-08-010000
- CAT2
- RHEL-08-010040
- RHEL-08-010090
- RHEL-08-010200 - Updated keep alive count max to 1
- RHEL-08-010201
- RHEL-08-010360
- RHEL-08-010372 - Updated to include find and remove for conflicting parameters
- RHEL-08-010373 - Updated to include find and remove for conflicting parameters
- RHEL-08-010373 - Updated to include find and remove for conflicting parameters
- RHEL-08-010374 - Updated to include find and remove for conflicting parameters
- RHEL-08-010375 - Updated to include find and remove for conflicting parameters
- RHEL-08-010376 - Updated to include find and remove for conflicting parameters
- RHEL-08-010383
- RHEL-08-010384
- RHEL-08-010430 - Updated to include find and remove for conflicting parameters
- RHEL-08-010400
- RHEL-08-010500
- RHEL-08-010510
- RHEL-08-010520
- RHEL-08-010521
- RHEL-08-010522
- RHEL-08-010550
- RHEL-08-010671
- RHEL-08-010830
- RHEL-08-020330
- RHEL-08-020090
- RHEL-08-020104
- RHEL-08-020110
- RHEL-08-020120
- RHEL-08-020130
- RHEL-08-020140
- RHEL-08-020150
- RHEL-08-020160
- RHEL-08-020170
- RHEL-08-020190
- RHEL-08-020221
- RHEL-08-020230
- RHEL-08-010280
- RHEL-08-020300
- RHEL-08-020350 - Updated CCI
- RHEL-08-020352
- RHEL-08-040127 - Added tasks to deal with different versions of RHEL8
- RHEL-08-040161
- RHEL-08-040209 - Updated to include find and remove for conflicting parameters
- RHEL-08-040210 - Updated to include find and remove for conflicting parameters
- RHEL-08-040220 - Updated to include find and remove for conflicting parameters
- RHEL-08-040230 - Updated to include find and remove for conflicting parameters
- RHEL-08-040239 - Updated to include find and remove for conflicting parameters
- RHEL-08-040240 - Updated to include find and remove for conflicting parameters
- RHEL-08-040249 - Updated to include find and remove for conflicting parameters
- RHEL-08-040250 - Updated to include find and remove for conflicting parameters
- RHEL-08-040259 - Updated to included find and remove for conflicting parameters
- RHEL-08-040260 - Updated to include find and remove for conflicting parameters
- RHEL-08-040261 - Updated to include find and remove for conflicting parameters
- RHEL-08-040262 - Updated to include find and remove for conflicting parameters
- RHEL-08-040270 - Updated to include find and remove for conflicting parameters
- RHEL-08-040279 - Updated to include find and remove for conflicting parameters
- RHEL-08-040280 - Updated to include find and remove for conflicting parameters
- RHEL-08-040281 - Updated to include find and remove for conflicting parameters
- RHEL-08-040282 - Updated to include find and remove for conflicting parameters
- RHEL-08-040283 - Updated to include find adn remove for conflicting parameters
- RHEL-08-040284 - Updated to include find adn remove for conflicting parameters
- RHEL-08-040285 - Updated to include find adn remove for conflicting parameters
- RHEL-08-040286 - Updated to include find adn remove for conflicting parameters
- RHEL-08-040340
- RHEL-08-040341
- RHEL-08-040400 - New control
- CAT3
- RHEL-08-020340 - Updated CCI
- CAT1
- New RULEID for the following, plus additional notes if needed