CIS Release 1.0.0 Nov24 - Final

Based on CIS Ubuntu Linux 22.04 LTS Benchmark v1.0.0 Release

Final release v1.0

Remediate

Issues closed and PRs merged - What's changed
Pre-commit updates
Standards and linting

Audit

• updated

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #242
• Issue 38 and 90 by @uk-bolly in #243
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #244
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #246
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #249
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #250
• Final updates for v1.0.0 by @uk-bolly in #251
• Final v1.0 release to main by @uk-bolly in #252

Full Changelog: 1.4.1...1.4.2

CIS Release 1.0.0 August 24 updates

Remediate

Issues closed and PRs merged - What's changed
Pre-commit updates
Standards and linting
jmespath dependency removal

Audit

• updated and improved

What's Changed

• Updated to audit and issues by @uk-bolly in #218
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #217
• add missing ubtu22cis_rule_6_2_10 by @egonzalf in #221
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #222
• April 24 updates by @uk-bolly in #224
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #225
• Fixes 4.1.3.6 to match CIS v1.0.0 benchmark by @dderemiah in #226
• Fixes syntax error in CIS benchmark causing control to never work by @dderemiah in #227
• Enhancements by @uk-bolly in #228
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #230
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #233
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #237
• docs: fix and align section names by @duesee in #232
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #238
• Audit workflow by @uk-bolly in #239
• tidy up layout and titles by @uk-bolly in #241
• workflow updated devel to main by @uk-bolly in #240

New Contributors

• @egonzalf made their first contribution in #221
• @duesee made their first contribution in #232

Full Changelog: 1.4.0...1.4.1

CIS Release 1.0.0 March 24

CIS Version: 1.0.0 - 15th August 2022

Remediate

Issues closed and PRs merged - What's changed
Pre-commit updates
Many improvements to different controls

Contributors

New Contributors

Audit

• Audit only option added
• New goss binary now supported
• Audit variables tidied and moved

What's Changed

• missing grub check fails when using sysctl by @dderemiah in #183
• Fixes a typo that keeps Chr0ny from working by @dderemiah in #187
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #185
• Changed regex to account for different whitespace and grouping by @dderemiah in #188
• improves command collection to match CIS bench by @dderemiah in #189
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #192
• Respect ipv6_disable mechanism by @joshavant in #191
• Fixing issue #180 by @DianaMariaDDM in #181
• Fixing issue #193 by @DianaMariaDDM in #194
• Fixing issue #195 by @DianaMariaDDM in #196
• Fixing issue #197 by @DianaMariaDDM in #198
• Small documentation fixes by @DianaMariaDDM in #202
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #205
• Jan24 - changes and updates by @uk-bolly in #206
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #208
• prevent /etc/issue and /etc/issue.net to be overwritten on package upgrade by @dlesaffre in #211
• updated logic for #207 by @uk-bolly in #212
• fixed test for the arm64 conditional by @uk-bolly in #213
• New release by @uk-bolly in #214

New Contributors

• @joshavant made their first contribution in #191
• @DianaMariaDDM made their first contribution in #181
• @dlesaffre made their first contribution in #211

Full Changelog: 1.3.5...1.4.0

CIS_1.0.0

What's Changed

• Updated the goss binary to add improvements to the report and layout
• Majority of audit variables now movedto vars/audit.yml
• audit_inly function added to enable the audt to be run in standalone with the playbook settings
• tidied up some duplicate variables
• bugfix: When IPv6 is disabled / not available we can not add ufw rule. by @jamesv1994 in #61
• Modify /etc/aide.conf when ubtu22cis_config_aide is true by @colinbruner in #64
• Addressed #62 by @uk-bolly in #66
• fix: #68 Role fails when ubtu22cis_time_sync_tool: "systemd-timesyncd… by @Jason-Hendry in #69
• Added condition for associated task #67 by @uk-bolly in #70
• updates and improvements by @uk-bolly in #71
• Task validation fixes (by Steampunk Spotter) by @anzoman in #72
• Removing duplicate variable signifying containerized systems. by @bgro in #74
• update discord link by @uk-bolly in #75
• Removing unused variable (#77) by @bgro in #78
• Sept issues by @uk-bolly in #83
• Improve variable documentation in defaults/main.yml (issue #84) by @bgro in #85
• Optimization of interactive-users detection(issue #86) by @ipruteanu-sie in #87
• Fixing syntax for 1.8.4, sub-task | session profile | by @ipruteanu-sie in #92
• Getting rule 4.1.3.2 in line with what CIS expects. by @bgro in #95
• Removing restricting of chage operations to UIDs > 1000 by @bgro in #97
• fix(R5.4.3). Correct regexes so that they match by @raabf in #98
• 🐛(R4.1.3.12): Change wrong /var/log/faillog to /var/run/faillock by @raabf in #99
• Alignment by @uk-bolly in #100
• Release devel -> main by @uk-bolly in #104

New Contributors

• @jamesv1994 made their first contribution in #61
• @colinbruner made their first contribution in #64
• @anzoman made their first contribution in #72
• @bgro made their first contribution in #74
• @ipruteanu-sie made their first contribution in #87
• @raabf made their first contribution in #98

Full Changelog: V1.1.0...1.3.5

What's Changed

• #25 updated corresponding typos by @uk-bolly in #26
• May23 updates by @uk-bolly in #28
• June23 updates by @uk-bolly in #34
• Use /bin/true to disable filesystems by @technowhizz in #46
• Fix regex in lininfile in Ubuntu rule 1.6.1.2 by @MoteHue in #48
• July23 issues by @uk-bolly in #56
• fix: Fix error in 4.2.1.5 caused by incorrect indent of notify by @Jason-Hendry in #51
• Aug23 issues by @uk-bolly in #57
• devel to main release by @uk-bolly in #58
• Workflow run and precommit added by @uk-bolly in #59
• workflow run devel -> main by @uk-bolly in #60
• bugfix: When IPv6 is disabled / not available we can not add ufw rule. by @jamesv1994 in #61
• Modify /etc/aide.conf when ubtu22cis_config_aide is true by @colinbruner in #64
• Addressed #62 by @uk-bolly in #66
• fix: #68 Role fails when ubtu22cis_time_sync_tool: "systemd-timesyncd… by @Jason-Hendry in #69
• Added condition for associated task #67 by @uk-bolly in #70
• updates and improvements by @uk-bolly in #71
• Task validation fixes (by Steampunk Spotter) by @anzoman in #72
• Removing duplicate variable signifying containerized systems. by @bgro in #74
• update discord link by @uk-bolly in #75
• Removing unused variable (#77) by @bgro in #78
• Sept issues by @uk-bolly in #83
• Improve variable documentation in defaults/main.yml (issue #84) by @bgro in #85
• Optimization of interactive-users detection(issue #86) by @ipruteanu-sie in #87
• Fixing syntax for 1.8.4, sub-task | session profile | by @ipruteanu-sie in #92
• Getting rule 4.1.3.2 in line with what CIS expects. by @bgro in #95
• Removing restricting of chage operations to UIDs > 1000 by @bgro in #97
• fix(R5.4.3). Correct regexes so that they match by @raabf in #98
• 🐛(R4.1.3.12): Change wrong /var/log/faillog to /var/run/faillock by @raabf in #99
• Alignment by @uk-bolly in #100
• Release devel -> main by @uk-bolly in #104
• fixes a typo in 2.1.1.1 by @dderemiah in #107
• Fixing conditional by removing extra condition in when rule1.1.2.1(fi… by @ipruteanu-sie in #111
• 2023 September Updates: Typo fixes and Implemented Standards by @frederickw082922 in #110
• Fixing conditional for rule2.2.2(issue #108), to prevent always being… by @ipruteanu-sie in #109
• Fixing precondition for rule 1.1.1.2 by @bgro in #113
• Changing value in defaults/main.yml: Replaced '/etc/default/grub.cfg'… by @ipruteanu-sie in #116
• Fixing name of gmd3 config file in Control 1.8.3. by @bgro in #119
• fixes cron and mail.warn rsyslog entry by @dderemiah in #118
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #101
• Changing 3.2.2 conditional by @ipruteanu-sie in #122
• Collections now pulled from git by @uk-bolly in #130
• Siemens/feat/squashfs check hangs by @bgro in #131
• Issues and collections by @uk-bolly in #134
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #133
• Siemens/feat/rule 1.6.1.3 enforce vs complain by @bgro in #148
• Allow multi-line banners by @tomi-bigpi in #123
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #155
• Community work fix by @uk-bolly in #137
• if timesyncd is not installed 2.1.1.1 errors by @dderemiah in #150
• found cron regex typo by @dderemiah in #149
• Workflow galaxy by @uk-bolly in #159
• [pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in #164
• fix: #161 NTP should be a space-separated list of NTP server host nam… by @Jason-Hendry in #162
• update wording and typos by @uk-bolly in #160
• Merge devel to main for release by @uk-bolly in #167
• Issue update and lint by @uk-bolly in https://...

Ubuntu22-cis_v1.0.0

What's Changed

• #25 updated corresponding typos by @uk-bolly in #26
• May23 updates by @uk-bolly in #28
• June23 updates by @uk-bolly in #34
• Use /bin/true to disable filesystems by @technowhizz in #46
• Fix regex in lininfile in Ubuntu rule 1.6.1.2 by @MoteHue in #48
• July23 issues by @uk-bolly in #56
• fix: Fix error in 4.2.1.5 caused by incorrect indent of notify by @Jason-Hendry in #51
• Aug23 issues by @uk-bolly in #57
• devel to main release by @uk-bolly in #58
• Workflow run and precommit added by @uk-bolly in #59
• workflow run devel -> main by @uk-bolly in #60

New Contributors

• @technowhizz made their first contribution in #46
• @MoteHue made their first contribution in #48
• @Jason-Hendry made their first contribution in #51

Full Changelog: V1.0.0...V1.1.0