Releases: ansible-lockdown/RHEL8-CIS
Releases · ansible-lockdown/RHEL8-CIS
CIS 3.0.0 Oct 25 updates
##Remediate
workflow updates
audit improvements
pre-commit updates
linting
Readme update
##ssue Fixes:
Thank you to all contributors
#485
#489
#492
#494
#496
#499
#501
#506
#505
#508
What's Changed
- Update 1.6.x Logic by @frederickw082922 in #491
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #490
- Update Prelim logic for 1.6.x by @frederickw082922 in #494
- Update logic on 6.2.9 to address #485 by @frederickw082922 in #495
- 2025 August Updates: Issue fixes and improved logic. by @frederickw082922 in #497
- Addresses #496 - Fix for var, thank you @ajjamieson by @frederickw082922 in #498
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #493
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #500
- fixes typo in 5.1.1.5 mail.warning by @dderemiah in #489
- Pub oct25 by @uk-bolly in #504
- allow usage of SSH Config drop in for >=8.6 by @TheSameCH in #506
- Fix: Replace systemd_service with systemd for consistency and compatibility by @gordspeed in #505
- Control 4.2.8 improvements by @uk-bolly in #508
- Release v2.0.0 to main by @uk-bolly in #509
New Contributors
- @TheSameCH made their first contribution in #506
- @gordspeed made their first contribution in #505
Full Changelog: 3.2.0...3.2.1
Contributors
ajjamieson, gordspeed, and 5 other contributors
Assets 2
CIS 3.0.0 July 25 updates
Based upon CIS Version: 3.0.0 10th November 2023
Remediate
pre-commit updates
rule 6.2.11 updates and improvements
#433
#460
#462
#463
#466
#468
#470
#473
#475
#476
What's Changed
- Added files for new fetch audit summary feature by @uk-bolly in #460
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #461
- March25 updates by @uk-bolly in #462
- Added ansible facts by @uk-bolly in #463
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #464
- Added register and failed_when logic to 6.2.11 by @uk-bolly in #466
- extend when clause for parsing passwords by @rilatu in #468
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #469
- Improvements to features by @uk-bolly in #470
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #471
- Ignore comments in /etc/passwd by @polski-g in #473
- respect rhel8cis_rsyslog_ansiblemanaged by @polski-g in #476
- non-destructive tasks should execute in check_mode by @polski-g in #475
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #477
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #480
- June 2025 QA - Updates from Private 2.2.0 by @frederickw082922 in #481
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #482
- Audit only fetch by @uk-bolly in #483
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #484
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci[bot] in #486
- Update main with latest changes by @uk-bolly in #487
New Contributors
- @rilatu made their first contribution in #468
- @polski-g made their first contribution in #473
- @frederickw082922 made their first contribution in #481
Full Changelog: 3.1.2...3.2.0
Contributors
polski-g, rilatu, and 3 other contributors
Assets 2
CIS 3.0.0 March25 updates
Based upon CIS Version: 3.0.0 10th November 2023
Remediate
pre-commit updates
rule 6.2.8 added missing default var
rule 6.2.11 updates and improvements
#455
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #454
- Added a means to allow system users to have a shell by @Thulium-Drake in #455
- added default variable and explanation 6.2.8 by @uk-bolly in #456
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #457
- Rule 6.2.11 by @uk-bolly in #458
- Merge to main by @uk-bolly in #459
Full Changelog: 3.1.1...3.1.2
Contributors
Thulium-Drake, pre-commit-ci, and uk-bolly
Assets 2
CIS 3.0.0 - Feb25 Updates
Based upon CIS Version: 3.0.0 10th November 2023
Remediate
pre-commit updates
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #443
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #444
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #445
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #447
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #448
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #450
- updated logic for 6.2.11 to change files to correct owner|group by @uk-bolly in #449
- New release to main by @uk-bolly in #453
Full Changelog: 3.1.0...3.1.1
Contributors
pre-commit-ci and uk-bolly
Assets 2
CIS Version: 3.0.0 - Dec24 Updates
Based upon CIS Version: 3.0.0 10th November 2023
Remediate
Removed nested variables to allow greater ease to override
conditionals updated
- 4.4.3.4.3
- 4.4.3.4.4
- 6.2.11
Typo fix in var output - 6.2.6
- 6.2.7
Improved logic is 4.4.1.2
AUDIT
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #422
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #423
- updated 1.2.2-1.2.5 improved regex #425 by @uk-bolly in #426
- updated of 6.2.10 inline with control by @uk-bolly in #427
- Rule 6_2_11 by @uk-bolly in #428
- updated loop for 6.2.10 to use interactive users by @uk-bolly in #429
- Nov24 logic updates by @uk-bolly in #436
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #437
- Removed nested variable naming by @uk-bolly in #438
- Dec24 updates by @uk-bolly in #439
- November24 updates to main by @uk-bolly in #435
Full Changelog: 3.0.1...3.1.0
Contributors
pre-commit-ci and uk-bolly
Assets 2
CIS Version: 3.0.0 - Oct24 Updates
Based upon CIS Version: 3.0.0 10th November 2023
Remediate
Rebase to fix some older issues, shows as some updates.
Pre-commit updates
Many improvements to different controls
Audit updates
New workflow pipeline
AUDIT
What's Changed
- V3.0.0 initial by @uk-bolly in #351
- updated prelim and typos by @uk-bolly in #352
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #355
- March 24 updates by @uk-bolly in #356
- Fix for #273 Allow for a local crypto policy module, for instance for the openSSH server. by @bbaassssiiee in #358
- Issues March24 by @uk-bolly in #366
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #367
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #368
- updated for audit and url alignment by @uk-bolly in #370
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #372
- use RHEL chrony.conf by @tomkuba in #371
- Update Alma 8 GPG Key by @ajython in #369
- May 24 updates by @uk-bolly in #376
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #383
- updated known issues thanks to @fgierlinger by @uk-bolly in #384
- Interactive users logic and workflow by @uk-bolly in #385
- Issue 387 by @uk-bolly in #388
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #389
- updated inline with #390 by @uk-bolly in #391
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #393
- Fix rule 1.6.1 idempotence; by @ShawnHardwick in #394
- Jmespath audit by @uk-bolly in #395
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #396
- fixed typo for issue 397 thanks to @dirkvdplas by @uk-bolly in #399
- changed maxseq to maxsequence to correct the syntax by @dderemiah in #404
- August issues by @uk-bolly in #406
- Issue 407 and 408 by @uk-bolly in #409
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #410
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #411
- Sept24 updates by @uk-bolly in #412
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #413
- removed group from control not required 6.2.10 by @uk-bolly in #416
- fix typo in 2.2.17 by @enx-roy-scheepers in #419
- updated 5.3.3 inline with documentation by @uk-bolly in #421
- Oct24_ devel to main by @uk-bolly in #420
New Contributors
- @ajython made their first contribution in #369
- @ShawnHardwick made their first contribution in #394
- @dderemiah made their first contribution in #404
- @enx-roy-scheepers made their first contribution in #419
Full Changelog: 3.0.0...3.0.1
Contributors
fgierlinger, ShawnHardwick, and 8 other contributors
Assets 2
CIS 3.0.0 - 1-10-2023
CIS Version: 3.0.0 10th November 2023
Remediate
V3.0.0 release
Pre-commit updates
Many improvements to different controls
Audit updates
New workflow pipeline
AUDIT
- Audit only option added
- New goss binary now supported
- Audit variables tidied and moved
What's Changed
Final Benchmark 2.0.0 Release
CIS Version: 2.0.0 2-23-2022
Remediate
Issues closed and PRs merged - What's changed
Pre-commit updates
Many improvements to different controls
ansible version to 2.11.1
AUDIT
- Audit only option added
- New goss binary now supported
- Audit variables tidied and moved
What's Changed
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #335
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #341
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #342
- use RHEL conf for chrony by @tomkuba in #343
- fix typo by @tomkuba in #344
- Jan24 updates to devel by @uk-bolly in #346
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #347
- Feb24 updates by @uk-bolly in #349
- Final V2.0.0 release to main by @uk-bolly in #350
New Contributors
Full Changelog: 2.5.2...v2.6
Contributors
tomkuba, pre-commit-ci, and uk-bolly
Assets 2
RHEL8 CIS - 2.0.0
-
audit updates
-
pre-commit added and several checks, pre-commit-ci added to repo to ensure content
- README updated
-
Updates to container discovery and usage within benchmark
-
linting
-
aligned ansible version to 2.10.1 +
-
home directories files change links
-
- improve passwd check for user only is using sudo thanks to manish on discord community for highlighting issue.
thanks to @bbaassssiiee
- removed legacy tcp_wrappers information
- disable ipv6 options
- #299
- disable ipv6 for sshd - rhel8cis_ipv6_sshd_disable: false (default) - added to prelim
- disable ipv6 for chrony - rhel8cis_ipv6_chrony_disable: false (default) - added to prelim
- turn off ipv6 for localhost - rhel8cis_ipv6_disable_localhost: false (default) - refer https://access.redhat.com/solutions/8709
- #306
- #295 crypto policy option updates
- #296
- journald
- #320 thanks to @bbbbaassiieeee set files even if rsyslog chosen
What's Changed
- Fix for 3.1.3 and premediation/postmediation script calls by @cf-sewe in #317
- updated discord link by @uk-bolly in #318
- Alignment by @uk-bolly in #321
- Oct23 issues by @uk-bolly in #325
- updated the workflow version and galaxy setup by @uk-bolly in #328
- main release by @uk-bolly in #327
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #330
- Formatted task name fields to match playbook format by @BillSkiCO in #331
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #332
- [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #333
- Main Release by @uk-bolly in #334
New Contributors
- @pre-commit-ci made their first contribution in #330
- @BillSkiCO made their first contribution in #331
Full Changelog: 2.5.1...2.5.2
Contributors
cobrin, bbaassssiiee, and 5 other contributors
Assets 2
Beta test for pamd
080629a
This commit was signed with the committer’s verified signature.
The key has expired.
uk-bolly
uk-bolly
thanks to @Crayeth
#278
Added new options to allow ipv6 rules if required although ipv6 disabled
rhel8cis_ipv6_sysctl_force
default: true
thanks to @bbaassssiiee
#279
#280
#281
#284
new option to allow manual changes to pamd files without using authconfig
rhel8cis_5_4_2_risks need sto be set to ACCEPT to run
default: NEVER**
Contributors
bbaassssiiee and Crayeth