Releases: ansible-lockdown/RHEL9-CIS
CIS V2.0.0 Feb26 Updates
CIS Benchmark v2.0.0 - updated Feb 2026
Improvements
QA Fixes
.j2 Branding Update
Added rhel9cis_uses_root variable definition for 5.4.2.5 root PATH integrity task
fixed spelling and grammar across defaults/main.yml, Changelog.md, README.md, tasks/main.yml, and vars/main.yml
Fixed incorrect product reference in vars/main.yml comment (ubtu24cis -> rhel9cis)
Fixed broken Changelog link in README.md (case mismatch)
Align history
Added var-naming[read-only] to ansible-lint skip list for molecule files
Bootloader password logic updated with salt and hash options
Added passlib dependency documentation for bootloader password hash
Updated company title
Tidied up comments and variables for bootloader password
Removed scheduled tasks
Fixed typo thanks to Eugene https://github.com/Frequentis
5.3.2.1 removed unnecessary conditional and var
Unused variable audit: wired up all unused variables, removed legacy references
Updated chrony template to use rhel9cis_chrony_server_makestep, rtcsync, and minsources variables instead of hardcoded values
Wired up rhel9cis_authselect_custom_profile_create toggle in authselect profile creation task
Fixed task 5.3.3.2.7/5.3.3.2.8 mislabeling: separated password quality enforce and root enforce into correct tasks
Wired up audit_capture_files_dir in audit_only workflow for file capture to control node
Clarified rhel9cis_root_unlock_time documentation for commented-out alternative usage
Removed legacy rhel9cis_rule_1_1_10 from molecule converge files and is_container.yml
Fixed wrong variable name rhel9cis_unowned_group to rhel9cis_ungrouped_group in tasks/section_7/cis_7.1.x.yml
Added rhel9cis_install_network_manager toggle to 3.1.2 wireless interfaces task
Issues closed
#345 thanks to @Thulium-Drake
#428 thanks to @draygoX
What's Changed
- Move rhel9cis_ipv6_disable_method to a better location by @draygoX in #428
- Pub feb26 updates by @uk-bolly in #429
- Latest main release by @uk-bolly in #432
New Contributors
Full Changelog: 2.1.0...2.2.0
Contributors
Assets 2
CIS V2.0.0 Jan26 Updates
Issue Fixes:
#408
#409
#410
#413
#416
#418
#419
#420
What's Changed
- .github standardization by @frederickw082922 in #408
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #409
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #411
- #410 add fix provided by @kpi-nourman via discord community by @uk-bolly in #412
- issues 413 addressed thansk to @bbaassssiiee by @uk-bolly in #415
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #417
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #421
- Issue 416 fix by @georgenalen in #422
- Tidy up wording regarding crypto policy module by @uk-bolly in #423
- Issue 416: update changelog and ansible_vars_goss by @frederickw082922 in #424
- 2026 Jan Updates by @frederickw082922 in #425
- fix: make 5.3.2.2 idempotent with 5.3.3.1.1 by @bol7742 in #420
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #426
- Release to main by @uk-bolly in #427
New Contributors
- @georgenalen made their first contribution in #422
- @bol7742 made their first contribution in #420
Full Changelog: 2.0.3...2.1.0
Contributors
Assets 2
CIS v2.0.0 Updates October 2025
CIS 2.0.0 October 25 updates
#380 thanks to @numericillustration
#385 and #390 and #391 thanks to @polski-g
#387 and #393 thank you to @fragglexarmy
#394 thank you to @dbeuker
#398 & #399 thanks to trumbaut
Added max-concurrent options for audit
work flow updates
audit logic improvements
auditd template 2.19 compatible
What's Changed
- Fixing issue for Control 6.3.4.5 by @DianaMariaDDM in #360
- Fixing issue for Control 5.4.2.5 by @DianaMariaDDM in #361
- Fixing issue for Control 6.3.3.5 by @DianaMariaDDM in #359
- Enhancing variable documentation by @DianaMariaDDM in #363
- Fixing minor inconsistencies by @DianaMariaDDM in #367
- July 25 Release to main by @uk-bolly in #368
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #370
- Audit update by @uk-bolly in #375
- renames 3 uses of ansible.builtin.systemd_service by @numericillustration in #380
- August25 updates by @uk-bolly in #381
- 2025 Sep Updates: Issue fixes and Improved logic by @frederickw082922 in #392
- 5.4.1.1: shell command should run in check_mode by @polski-g in #385
- 1.4.2: grep command should run in check_mode by @polski-g in #391
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #376
- 5.3.2.2: fix regex failing to match whitespace by @polski-g in #386
- Support section modularization (for Sec 5 only right now) by @polski-g in #390
- Suggestion for the missing assert parameter by @dbeuker in #394
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #395
- ensure check mode runs all non-destructive tasks by @polski-g in #396
- Update cis_3.2.x.yml (add dccp to blacklist instead of cramfs by @trumbaut in #398
- Oct25 updates by @uk-bolly in #401
- update workflow benchmark_tracking_controller by @frederickw082922 in #403
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #402
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #404
- workflow and audit improvements by @uk-bolly in #405
- Add workflow to auto add new issues to project by @frederickw082922 in #406
- Latest fixed to merge with main by @uk-bolly in #407
New Contributors
- @DianaMariaDDM made their first contribution in #360
- @dbeuker made their first contribution in #394
- @trumbaut made their first contribution in #398
Full Changelog: 2.0.2...2.0.3
Contributors
Assets 2
CIS 2.0.0 release - June updates
CIS Version: 2.0.0
Remediate
workflow updates
ansible facts added
audit improvements and fetch added
lint updates
typos addressed
check_mode updates
Issue Fixes:
#305
#306
#309
#311
#312
#315
#317
#318
#320
#321
#322
#323
#324
#325
#332
#336
#337
#338
#346
#348
#353
#354
What's Changed
- March25 updates by @uk-bolly in #312
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #313
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #316
- Improvements by @uk-bolly in #317
- 2025 Update - April Typo Fixes + Logic update on rhel9cis_discover_int_uid by @frederickw082922 in #321
- Fix for #320 thank you @kodebach by @frederickw082922 in #323
- Fix for #322 thank @mindrb by @frederickw082922 in #324
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #326
- May25 issues by @uk-bolly in #332
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #339
- Check for existence of sshd_config.d/50-redhat.conf by @polski-g in #336
- Variablize network-manager package name by @polski-g in #337
- Fix typo in variable name discovered_group_check by @polski-g in #338
- Updated variable naming for interactive_users by @uk-bolly in #340
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #342
- Fix for #325 thank you @mindrb by @frederickw082922 in #346
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #347
- auditd: ensure check mode runs non-destructive call to ausyscall --dump by @polski-g in #343
- root password and other improvements by @uk-bolly in #348
- Audit only fetch by @uk-bolly in #351
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #352
- Addresses #318 - Thank you @kodebach & @bgro by @frederickw082922 in #353
- Fix re.error due to (?i) not at start of re by @davidalexander83 in #354
- Merge devel to main by @uk-bolly in #355
New Contributors
- @frederickw082922 made their first contribution in #321
- @polski-g made their first contribution in #336
- @davidalexander83 made their first contribution in #354
Full Changelog: 2.0.1...2.0.2
Contributors
Assets 2
CIS v2.0.0 release - March25 updates
CIS Version: 2.0.0
Remediate
Many issues addressed
ARM64support added into Auditd
pre-commit updates
What's Changed
- Feb25 updates by @uk-bolly in #295
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #302
- Issues resolved enhancements by @uk-bolly in #303
- Updates to benchmark v2.0.0 by @uk-bolly in #307
Full Changelog: 2.0.0...2.0.1
Contributors
Assets 2
CIS V2.0.0 release
CIS Version: 2.0.0
Remediate
Complete rewrite
Controls and sections moved as per new baseline
Audit updates
Pipeline Updates
pre-commit updates
Various improvements and enhancements
company naming updated
What's Changed
- Benchmark v2.0.0 by @uk-bolly in #268
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #269
- Title tidy up by @uk-bolly in #270
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #271
- Use shell for grep with shell expansions by @jsonar-cpapke in #274
- remove extra discovered_ prefix from variable by @jsonar-cpapke in #275
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #276
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #277
- Issue #272 by @uk-bolly in #278
- pwquality 5.3.3.2.x logic updates by @uk-bolly in #279
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #284
- Jan25 updates by @uk-bolly in #286
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #287
- updated logic on 7.2.9 by @uk-bolly in #289
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #291
- CIS V2 release to main by @uk-bolly in #290
New Contributors
- @jsonar-cpapke made their first contribution in #274
Full Changelog: v1.3.4...2.0.0
Contributors
Assets 2
CIS v1.0.0 Final
CIS Version: 1.0.0
Remediate
Audit updates
Pipeline Updates
pre-commit updates
Various improvements and enhancements
company naming updated
Issues
What's Changed
- License and issue262 by @uk-bolly in #263
- Update to how auditd restarts by @uk-bolly in #264
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #266
- CIS v1.0.0 final release to main by @uk-bolly in #267
Full Changelog: 1.3.3...v1.3.4
Contributors
Assets 2
CIS Version: 1.0.0 - Nov24 Updates
CIS Version: 1.0.0 - Nov24 Updates
Remediate
Audit updates
Pipeline Updates
pre-commit updates
Various improvements and enhancements
Issues Addressed
#245
#247
#249
#250
#251
#252
#253
#255
#256
AUDIT
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #238
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #241
- Sept 24 updates by @uk-bolly in #240
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #242
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #243
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #244
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #246
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #248
- Added selectattr filter to fix #249 by @yinggs in #250
- issue_247 and pipeline update for first interaction by @uk-bolly in #251
- Mount opts and gpg by @uk-bolly in #252
- Added a means to allow system users to have a shell by @Thulium-Drake in #253
- Added _lock to filename by @uk-bolly in #256
- updated Readme by @uk-bolly in #257
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #258
- removed skip_ansible_lint tag by @uk-bolly in #260
- CIS v1.0.0 updates Nov 2024 by @uk-bolly in #259
New Contributors
- @yinggs made their first contribution in #250
- @Thulium-Drake made their first contribution in #253
Full Changelog: 1.3.2...1.3.3
Contributors
Assets 2
RHEL9-CIS update Sept2024- v1.0.0
RHEL9-CIS v1.0.0
Remediate:
pre-commit updates
workflow updates
jmespath dependancy removal
tidy up of some var naming for ssh config path
Latest workflow updates
6.1.10 and 6.1.11 improvements
Issue Fixes:
#216
#217
#221
#222
#224
#226
#227
#228
#230
#231
#232
#233
#234
Audit:
audit updates and alignment
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #214
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #215
- Issue audit updates by @uk-bolly in #221
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #222
- August issues by @uk-bolly in #228
- added calls to sshd restart handler to fix #230 by @numericillustration in #231
- added fix for #232 thanks to @Arkhenys by @uk-bolly in #233
- Fix link to Changelog.md in README.md by @markgoddard in #234
- Sshd config create by @uk-bolly in #236
- rhel9-cis main release v1.0.0 by @uk-bolly in #235
New Contributors
- @markgoddard made their first contribution in #234
Full Changelog: 1.3.1...1.3.2
Contributors
Assets 2
RHEL9-CIS update June2024
Remediate:
- Issues closed and PRs merged - What's changed
- Pre-commit updates
- Many improvements to different controls
- meta update for galaxy compatability
- Standardize versioning across all repos - removing v
What's Changed
- removing the async; the results of init are needed in the subsequent step by @mark-tomich in #199
- Typo by @svennd in #206
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #207
- 2.4 : socket vs sockets (typo) by @svennd in #208
- June24 updates by @uk-bolly in #209
- Release to main by @uk-bolly in #210
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #211
- updated due to galaxy limitation by @uk-bolly in #212
- Update to galaxy meta by @uk-bolly in #213
New Contributors
- @mark-tomich made their first contribution in #199
- @svennd made their first contribution in #206
Full Changelog: 1.2.0...1.3.1
