CIS Benchmark v2.0.0 - updated Feb 2026
Improvements
QA Fixes
.j2 Branding Update
Added rhel9cis_uses_root variable definition for 5.4.2.5 root PATH integrity task
fixed spelling and grammar across defaults/main.yml, Changelog.md, README.md, tasks/main.yml, and vars/main.yml
Fixed incorrect product reference in vars/main.yml comment (ubtu24cis -> rhel9cis)
Fixed broken Changelog link in README.md (case mismatch)
Align history
Added var-naming[read-only] to ansible-lint skip list for molecule files
Bootloader password logic updated with salt and hash options
Added passlib dependency documentation for bootloader password hash
Updated company title
Tidied up comments and variables for bootloader password
Removed scheduled tasks
Fixed typo thanks to Eugene https://github.com/Frequentis
5.3.2.1 removed unnecessary conditional and var
Unused variable audit: wired up all unused variables, removed legacy references
Updated chrony template to use rhel9cis_chrony_server_makestep, rtcsync, and minsources variables instead of hardcoded values
Wired up rhel9cis_authselect_custom_profile_create toggle in authselect profile creation task
Fixed task 5.3.3.2.7/5.3.3.2.8 mislabeling: separated password quality enforce and root enforce into correct tasks
Wired up audit_capture_files_dir in audit_only workflow for file capture to control node
Clarified rhel9cis_root_unlock_time documentation for commented-out alternative usage
Removed legacy rhel9cis_rule_1_1_10 from molecule converge files and is_container.yml
Fixed wrong variable name rhel9cis_unowned_group to rhel9cis_ungrouped_group in tasks/section_7/cis_7.1.x.yml
Added rhel9cis_install_network_manager toggle to 3.1.2 wireless interfaces task
Issues closed
#345 thanks to @Thulium-Drake
#428 thanks to @draygoX
What's Changed
- Move rhel9cis_ipv6_disable_method to a better location by @draygoX in #428
- Pub feb26 updates by @uk-bolly in #429
- Latest main release by @uk-bolly in #432
New Contributors
Full Changelog: 2.1.0...2.2.0
