-
Tue Jun 06 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-1.0.5
- Fix url to remote oval definitions [Orabug: 35441381]
- Update rules about password aging so they take into account empty string
passwords [Orabug: 35450273]
- Update jinja conditionals in source, so built contents include all expected
strings/code [Orabug: 35450273]
- Update regex in OVAL of rule postfix_prevent_unrestricted_relay to allow
multiple compliant scenarios [Orabug: 35446144]
- Add OVAL, Bash and ansible to rule file_permission_user_init_files [Orabug: 35450273]
- Update vendor references to mention Oracle and Oracle Linux [Orabug: 35450273]
-
Wed Apr 26 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-1.0.3
- Introduce a new OVAL macro to consistently identify interactive users [Orabug: 35214522]
- Update accounts_user_dot_no_world_writable_programs rule to look for
initialization files on the user's homedirs only and to prevent the search for
world-writables to descend to other file systems [Orabug: 35214522]
- Align the OL7 stig profile with latest DISA release v2r11 [Orabug: 35334374]
-
Thu Mar 09 2023 Edgar Aguilar <edgar.aguilar@oracle.com> - 0.1.66-1.0.1
- Rebase to a new Red Hat errata 0.1.66-1 [Orabug: 35165879]
- Sync OL7 stig profile with DISA STIG v2r10 [Orabug: 35049052]
- Update rhel7 project profiles to use oracle gpgkey [Orabug: 33612582]
- Update rhel7 profiles to generate Oracle Linux 7 content [Orabug: 33612582]
- Update source to generate Oracle Linux 7 content [Orabug: 33612582]
- Use separate rule for each audit syscall in pci-dss profile [Orabug: 33612582]
- Add ntpd and chronyd OL approved servers support [Orabug: 33612582]
- Add UEFI boot loader rules to Oracle Linux 7 profiles [Orabug: 33612582]
- Fix OL7 mapping in stable_profile_ids test [Orabug: 33612582]
- Update OL7 Essential Eight profile [Orabug: 33612582]
- Disable cis profile [Orabug: 33612582]
- Disable new CIS and stig_gui profiles for RHEL7 product [Orabug: 34195638]
- Update regex for audit_rules_suid_privilege_function rule [Orabug: 34664858]
-
Tue Feb 14 2023 Watson Sato <wsato@redhat.com> - 0.1.66-1
- Rebase to a new upstream release 0.1.66 (RHBZ#2158410)
- Update RHEL7 STIG profile to V3R10 (RHBZ#2152657)
- Align file_permissions_sshd_private_key with DISA Benchmark (RHBZ#2123284)
- Fix remediation of audit watch rules (RHBZ#2123367)
- Fix check firewalld_sshd_port_enabled (RHBZ#2158410)
- Fix accepted control flags for pam_pwhistory (RHBZ#2158410)
- Unselect rule logind_session_timeout (RHBZ#2158410)
- Add support rainer scripts in rsyslog rules (RHBZ#2170038)
-
Tue Aug 09 2022 Watson Sato <wsato@redhat.com> - 0.1.63-1
- Update to the latest upstream release (RHBZ#2116359)
- Fix SSH Key permissions (RHBZ#2021258)
- Remove PCI-DSS Benchmark(RHBZ2038165)
- Updated source of CVE data feed(RHBZ#2028432)
- Improved alignment with DISA's RHEL7 STIG(RHBZ#1967950)
- Update RHEL7 STIG profile to v3r8 (RHBZ#2112939)
- Add warning how to override audit buffer (RHBZ#1993822)
- Fix smartcard_auth rule for systems installed without authconfig (RHBZ#2116359)
- Fix check of enable_fips_mode on s390x (RHBZ#2116359)
- Fix applicability of pam_pkcs11 and grub2 rules on s390x (RHBZ#2116359)
-
Tue May 03 2022 Watson Sato <wsato@redhat.com> - 0.1.57-8
- Remove warning how to override audit buffer (RHBZ#1993822)
-
Wed Apr 27 2022 Watson Sato <wsato@redhat.com> - 0.1.57-7
- Add warning how to override audit buffer (RHBZ#1993822)
- Fix name of antivirus package in STIG profile (RHBZ#2066321)
- Update RHEL7 DISA STIG profile to v3r7 (RHBZ#2079217)
-
Fri Feb 25 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-6
- Fix bash remediation of sudo_require_reauthentication (RHBZ#2049532)
-
Thu Feb 17 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-5
- Update RHEL7 DISA STIG profile to v3r6 (RHBZ#2049532)
-
Tue Nov 02 2021 Gabriel Becker <ggasparb@redhat.com> - 0.1.57-4
- Update RHEL7 DISA STIG profile to v3r5 (RHBZ#1996678)