Comments (5)
For what products are these versions?
from secure_linux_cis.
Sorry, Im talking about "CIS Red Hat Enterprise Linux 7 Benchmark"
Version 3.0.0 was released on Jun 25 2020. The rules numbering changed a lot.
Probably there is also a new Version for CentOS and Oracle Linux, but I havent checked that.
See: https://www.cisecurity.org/blog/cis-benchmarks-july-2020-update/
from secure_linux_cis.
Pull requests are always welcome. I haven't looked into detail into this update; are there other changes except the numbering?
A renumbering of the rules also means that people that use the $include_rules/$exclude_rules parameters for this module must change their Puppet configuration to match this change. We may want to bump the major version of this module when it is released?
from secure_linux_cis.
Yes sadly we had to review all activated rules to make sure that we do not accidently activate something else now.
Some content changed also:
- at and cron (allow/deny) are now separated rules, but content is the same
- selinux should be set to permissive (level1) or enforcing (level2)
- nfs-utils and rpcbind rules are now separated, and you should remove the packages or mask (systemctl mask) the services instead of disabling (systemctl disable) them
- there is one completely new rule called "6.2.1 Ensure accounts in /etc/passwd use shadowed passwords"
- and like I said, there were some changes to firewall, but we're having our own puppet code for firewall, probably its possible to use the code from rhel8
So I had to create 6 new rules classes. And you need to change almost every class in distribution::rhel7 and distribution::centos7.
Probably it makes sense to bump the major version
from secure_linux_cis.
I quickly checked the difference in firewall between rhel7 and rhel8 CIS. Looks pretty similar. So I guess I could also make the changes for this.
from secure_linux_cis.
Related Issues (20)
- RHEL 8.3.0 failing selected rules HOT 4
- CentOS 7 3.0.0 benchmark updates not present HOT 3
- root_path_integrity triggers on missing directories, not just writable ones HOT 1
- Setting boot password through module doesn't satisfy boot password compliance check HOT 2
- update upper version for puppetlabs/reboot in metadata
- Error: Could not set 'present' on ensure: no implicit conversion of Integer into String
- Custom postfix module in spec tests - why? HOT 3
- 3.0.0 broken for Oracle Linux
- firewalld Service Duplicate Declaration HOT 2
- version 3.0.0 on the forge, but not on github - breaking changes? HOT 1
- Do not load module if rule is disabled
- Please republish to Forge, current module fails to install - incorrect metadata HOT 3
- secure_linux_cis
- Documentation not updated for Internet Security (CIS) benchmarks OS HOT 1
- Need to exclude rules also in v3.0.0 HOT 1
- crypto_policy_sshd.rb unexpected return
- include_rules and exclude_rules disabled in module init.pp HOT 2
- pam_tally2.so not available in Debian >=11 (stable an onward)
- file should be file_line for ensure_rsyslog_is_not_configured_to_recieve_logs_from_a_remote_client
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secure_linux_cis.