Merge pull request #203 from ansible-lockdown/devel

Stig V1R10 Release to main

Author: uk-bolly

.github/workflows/update_galaxy.yml

@@ -14,7 +14,7 @@ jobs:
     update_role:
       runs-on: ubuntu-latest
       steps:
-        - uses: actions/checkout@v2
+        - uses: actions/checkout@v3
         - uses: hspaans/ansible-galaxy-action@master
           with:
             api_key: ${{ secrets.GALAXY_API_KEY }}

Changelog.md

@@ -1,5 +1,29 @@
 # Changes to RHEL8STIG
 
+## 2.9.0 Stig V1R10 27th April 2023
+
+- Added new controls
+  - RHEL-08-10019
+  - RHEL-08-10358
+- updated control IDs
+  - RHEL-08-10360
+  - RHEL-08-10540
+  - RHEL-08-10541
+  - RHEL-08-10544
+  - RHEL-08-10800
+  - RHEL-08-20040
+  - RHEL-08-20100
+  - RHEL-08-20101
+  - RHEL-08-20102
+  - RHEL-08-20103
+  - RHEL-08-20220
+  - RHEL-08-20221
+  - RHEL-08-20270
+  - RHEL-08-30070
+  - RHEL-08-40150
+
+- OracleLinux tested and added
+
 ## Release 2.8.6
 
 - [#194](https://github.com/ansible-lockdown/RHEL8-STIG/issues/194) thanks to @JacobBuskirk

README.md

@@ -2,7 +2,7 @@
 
 ## Configure a RHEL8 based system to be complaint with Disa STIG
 
-This role is based on RHEL 8 DISA STIG: [Version 1, Rel 9 released on Jan 26, 2023](https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_8_V1R9_STIG.zip).
+This role is based on RHEL 8 DISA STIG: [Version 1, Rel 10 released on April 24, 2023](https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_RHEL_8_V1R10_STIG.zip).
 
 ---
 

defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 ## metadata for Audit benchmark
-benchmark_version: 'v1r9'
+benchmark_version: 'v1r10'
 
 ## Benchmark name used by audting control role
 # The audit variable found at the base
@@ -108,6 +108,7 @@ rhel_08_040360: true
 # CAT 2 rules
 rhel_08_010001: true
 rhel_08_010010: true
+rhel_08_010019: true
 rhel_08_010030: true
 rhel_08_010040: true
 rhel_08_010049: true
@@ -154,6 +155,7 @@ rhel_08_010340: true
 rhel_08_010341: true
 rhel_08_010350: true
 rhel_08_010351: true
+rhel_08_010358: true
 rhel_08_010359: true
 rhel_08_010360: true
 rhel_08_010372: true
@@ -571,6 +573,7 @@ rhel8stig_min_supported_os_ver:
     CentOS: "8.7"
     Rocky: "8.7"
     AlmaLinux: "8.7"
+    OracleLinux: "8.7"
 
 # RHEL-08-040260
 # If system is not router, run tasks that disable router functions.
@@ -614,7 +617,7 @@ rhel8stig_aide_cron:
     special_time: daily
     # Disable the notification check rule to disable mailing notifications
     notify_by_mail: true
-    notify_cmd: ' | /var/spool/mail -s "$(hostname) - Daily aide integrity check run" root@localhost'
+    notify_cmd: ' | /bin/mail -s "$(hostname) - Daily aide integrity check run" root@localhost'
 
 rhel8stig_cron_special_disable: "{{
         rhel8stig_workaround_for_disa_benchmark or

tasks/fix-cat1.yml

@@ -2,7 +2,7 @@
 
 - name: "HIGH | RHEL-08-010000 | AUDIT | The RHEL 8 must be a vendor-supported release."
   ansible.builtin.debug:
-      msg: Minimum supported version of  {{ ansible_distribution }}  is {{ rhel8stig_min_supported_os_ver[ansible_distribution] }}
+      msg: Minimum supported version of {{ ansible_distribution }} is {{ rhel8stig_min_supported_os_ver[ansible_distribution] }}
   changed_when: ansible_distribution_version is not version_compare(rhel8stig_min_supported_os_ver[ansible_distribution], '>=')
   when:
       - rhel_08_010000