Draft: Update dependency ComplianceAsCode/content to v0.1.58
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| ComplianceAsCode/content | patch |
v0.1.57 -> v0.1.58
|
Release Notes
ComplianceAsCode/content
v0.1.58
Important Highlights
- Add SCE Support to build system (#7075)
- Split RHEL 8 CIS profile using new controls file format (#6976)
- Introduce automated CCE adder (#7249)
- CIS Profiles for SLE12 (#7434)
- Add initial Ubuntu 20.04 STIG Profile (#7220)
New Rules and Profiles
- Add initial Ubuntu 20.04 STIG Profile (#7220)
- Add rules for RHEL-08-030610 (#7256)
- Add Ubuntu to cron.allow, at.allow rules for CIS (#7223)
- New rules for RHEL-08-010290 (#7151)
- New rules for RHEL-08-010291 (#7169)
- Add /var/log/audit individual ownership rules (#7129)
- New rule for RHEL-08-020270 (#7276)
- Add rule new for RHEL-08-030700 (#7264)
- Added new rule for RHEL-08-030710 (#7268)
- Add rule for RHEL-08-020300 (#7289)
- Add rule for RHEL-08-020090 (#7313)
- Introduce support for the distributed SSHd configuration (#6926)
- UBTU-20-010057: Add missing rules (#7363)
- Add new rule for RHEL-08-030720 (#7288)
- Add a new rules RHEL-08-010001 and RHEL-07-020019 (#7344)
- Add new rule for RHEL-07-030330 and RHEL-08-030730 (#7323)
- Added rule for RHEL-08-010400 (#7411)
- Sysctl disable ipv6 (#7460)
- CIS Profiles for SLE12 (#7434)
Updated Rules and Profiles
- fix problems with variables in rhel7 cis (#7237)
- Sort references, identifiers in rule.yml (#6882)
- Correct some issues with the CIS ICMP redirects rule on RHEL 7/8 (#7259)
- remove broken links to support.ntp.org (#7262)
- Mark as machine rules that collect password_object (#7263)
- OCP4: fips_mode_enabled rule relates to IA-7 (#7267)
- Enable dconf rules for RHEL9 (#7011)
- Enable generic rules for RHEL9 (#7147)
- Introduce support for the distributed SSHd configuration (#6926)
- Add service_pcscd_enabled to SLE15 PCI-DSS profile (#7322)
- update version of rhel7 stig_gui profile (#7340)
- Update References for RHEL8 STIG V1R3 (#7299)
- Suse sle15 fix reference sles 15 030350 assignment (#7346)
- Add to sle15 PCI-DSS profile rules for account uniqueness and grub config ownership (#7345)
- Select sysctl_net_core_bpf_jit_harden for RHEL-08-040286 (#7354)
- Add SRGs for accounts_password_pam_dictcheck and sssd_enable_certmap (#7362)
- Update RHEL 8 CIS references to match benchmark 1.0.1 (#7356)
- Update CCEs and identifiers on rules that make up RHEL 8 CIS 4.1.15 (#7353)
- generic updates to rhel7 CIS (#7384)
- Update existing rule for RHEL-08-020320 (#7303)
- OCP4: Remove
kubelet_disable_hostname_overriderule (#7391) - SLES-12-010599 - remove rule from the STIG (#7397)
- add kickstarts for rhel8 CIS profiles (#7383)
- add rhel7 kickstarts for CIS profiles (#7382)
- UBTU-20-010056: Use rule accounts_password_pam_dictcheck (#7366)
- Add ensure_logrotate_activated rule to SLES15 PCI-DSS (#7381)
- products/sle15/profiles/stig.profile: Update according to U_SLES_15_STIG_V1R3 Manual (#7388)
- Add PCI-DSS rules (#7373)
- Add PCI-DSS file Rules (#7417)
- Add PCI-DSS file rules (#7430)
- SUSE SLE15 service chronyd or ntpd enabled pci dss (#7425)
- Add rsyslog log file configuration rules to SUSE SLE15 PCI-DSS profile (#7420)
- Update existing rules for RHEL-07-010492 and RHEL-07-010482 (#7438)
- Add rule for SLES-12-030365 (#7177)
- SLE15 add package_aide_installed to PCI-DSS profile (#7476)
- SLE15 add package security rules to PCI-DSS profile (#7473)
- SLE15 Add password hashing rules to PCI DSS profile (#7474)
- SLE15 add audit data retnetion rules to PCI-DSS profile (#7475)
- SLE15 add sssd_enable_smartcards to PCI-DSS rule (#7472)
- PCI-DSS Add more auditd rules (#7477)
- OL7 DISA STIG v2r4 update (#7496)
- Pcidss Configure Crypto Rules (#7398)
Changes in Remediations
- Enable remediations for crypto policy settings (#7242)
- fix ansible of accounts_root_path_dirs_no_write (#7255)
- add / fix remediations for audit rules wrt modules (#7252)
- Fix possible issue in harden_openssl_crypto_policy remediation (#7178)
- Mount option template updates (#7081)
- Fix coverity problems (#7258)
- Fix ansible remediation of display_login_attempts (#7271)
- Fixed the remediations when there are no previous kernelopts (#7257)
- Remove specific metadata in shared Bash remediations (#7254)
- Update existing rule for RHEL-08-030650 (#7283)
- Remove kubelet_disable_hostname_override rule (#7400)
- Fix remaining audit rule files permissions. (#7440)
Changes in Checks
- Add oval check for bios_enable_execution_restrictions (#7227)
- Mount option template updates (#7081)
- Update existing rule for RHEL-08-030650 (#7283)
Changes in the Infrastructure
- Prioritize install_smartcard_packages like package_*_installed (#7224)
- Sort references, identifiers in rule.yml (#6882)
- Add SCE Support to build system (#7075)
- SSGTS: tests for shared/templates (#7211)
- Add new rule for RHEL-08-030720 (#7288)
- Introduce automated CCE adder (#7249)
- Add sort prodtypes to fix_rules (#7454)
Changes in the Test Suite
- Add rhel9 Dockerfile and distro choice into install_vm.py (#7235)
- fix ansible of accounts_root_path_dirs_no_write (#7255)
- install_vm.py: add --console option (#7186)
- Add some more tests (#7083)
- Add RHEL7 specific test kickstart (#7355)
- SSGTS: tests for shared/templates (#7211)
- Fix combined mode execution in SSGTS (#7395)
- Option --no-reports for SSGTS rule and combined modes (#7523)
Documentation
- Document rule.yml modification utilities (#6916)
- Update Mailing list location in docs (#7293)
- Fix links to repo: SSG->CaC (#7311)
- More documentation (#7406)
- Fix RHEL7 documentation links (#7409)
- Add readthedocs integration badge (#7407)
- Fix RHEL7 documentation link (#7443)
- Add bats to gating and docs (#7543)
Configuration
-
If you want to rebase/retry this MR, check this box. ⚠ Warning: custom changes will be lost.
This MR has been generated by Renovate Bot.