CHANGELOG.md

Changelog

0.4.13 (2022-12-05)

Full Changelog

Implemented enhancements:

• use centralised issue templates and workflows #142 (schurzi)

Closed issues:

• cis-dil-benchmark-5.6 Ubuntu does not have group 'wheel' #138
• Add support for arm64 architectures #130
• cis-dil-benchmark-2.2.1.3 assumes user chrony exists #129
• Missing release for 0.4.12? #123

Merged pull requests:

• Remove controll for group 'wheel', since it is not required by benchmark #139 (spencer-cdw)
• Fixes chrony on ubuntu #135 (spencer-cdw)
• Use native severspec functions to check uid and gid of files #134 (spencer-cdw)
• Add ARM64 support #133 (spencer-cdw)
• Document why audit.rules should include 32 on 64 bit systems #132 (spencer-cdw)

0.4.12 (2022-03-18)

Full Changelog

Closed issues:

• /var/log/btmp should be included in group_write_excepts for CIS 4.2.3 #112

Merged pull requests:

• Change linting to Cookstyle #120 (schurzi)
• cis-dil-benchmark-5.3.4 should match spaces better #119 (fargburger)
• (4.2.3) Add group write exemption for btmp #116 (bendres97)

0.4.11 (2022-01-12)

Full Changelog

Fixed bugs:

• cis-dil-benchmark-5.2.5 should allow sshd LogLevel to be INFO or VERBOSE #109
• fix(5.2.5): allow INFO as SSH LogLevel #111 (deric4)

Closed issues:

• this repo should be labelled inspec #110
• Inputs set via 'attribute' is now deprecated. #81

Merged pull requests:

• use input instead of attribute #117 (micheelengronne)
• add dependency to chef-config for CI #108 (schurzi)
• use version tag for changelog action #107 (schurzi)

0.4.10 (2021-02-01)

Full Changelog

Closed issues:

• cis-dil-benchmark-1.6.3.2: undefined method `positive?' for #<RSpec::Matchers::DSL::Matcher cmp> #105

Merged pull requests:

• revert to using cmp for 1.6.3.2 because of implicit string conversion #106 (schurzi)

0.4.9 (2021-01-29)

Full Changelog

Merged pull requests:

• Fix lint #104 (schurzi)
• GitHub action #103 (rndmh3ro)

0.4.8 (2021-01-08)

Full Changelog

Merged pull requests:

• fix(6.1): regression expected_gid #100 (deric4)

0.4.7 (2021-01-06)

Full Changelog

Merged pull requests:

• Check for pool or server in chrony.conf #101 (nvwls)

0.4.6 (2021-01-05)

Full Changelog

Closed issues:

• RootDistanceMax instead of RootDistanceMaxSec #92

Merged pull requests:

• rename RootDistanceMax to RootDistanceMaxSec #93 (yvespp)

0.4.5 (2020-12-30)

Full Changelog

Closed issues:

• Travis CI status check failing #98
• The version on README.md is old #94

Merged pull requests:

• Change travis rvm to 2.6 #99 (micheelengronne)
• docs: update README with correct benchmark ver #95 (deric4)

0.4.4 (2020-11-30)

Full Changelog

Closed issues:

• Any ansible automation to satisfy all these cis checks? #87
• Any planning on supported the "latest" CiS (1.1.0)? #58

Merged pull requests:

• CIS DIL Benchmark V2 #90 (deric4)

0.4.3 (2020-08-12)

Full Changelog

Merged pull requests:

• Feat/updates cinc inspec v4 #85 (deric4)

0.4.2 (2020-07-23)

Full Changelog

Merged pull requests:

• The release draft references the correct SHA #82 (micheelengronne)

0.4.1 (2020-05-19)

Full Changelog

Merged pull requests:

• align versions #80 (micheelengronne)

0.4.0 (2020-05-19)

Full Changelog

Closed issues:

• dil-benchmark-1.6.2.2: undefined method `positive?' for #<RSpec::Matchers::DSL::Matcher cmp> #72
• WARN: DEPRECATION: The 'default' option for attributes is being replaced by 'value' - please use it instead. attribute name: 'Inspec::Input' #69

Merged pull requests:

• automated release #79 (micheelengronne)
• Support wild configs that are tabbed out #78 (markdchurchill)
• SSH config: Allow seconds & minutes config for grace time #77 (markdchurchill)
• Refactor out grub config to profile file #76 (markdchurchill)
• iptables: support conntrack module #75 (markdchurchill)
• Update 3.3 IPv6 to support Amazon Linux 2 #74 (markdchurchill)
• reverse rubocop updates to support ruby versions bundled with InSpec 3 #73 (chris-rock)
• pin to inspec 3 #71 (chris-rock)
• Inspec 4 warning #70 (micheelengronne)

0.3.0 (2019-02-04)

Full Changelog

Closed issues:

• Make a release #64
• Tagging versions for release? #51
• Why are you using custom linux_module instead of the Inspec built in kernel_module? #48
• How much divergence from CIS DIL Benchmark document is accepted? #43

Merged pull requests:

• 0.3.0 #65 (chris-rock)
• Ensure /etc/group- /etc/shadow- and /etc/gshadow- match their respect… #63 (bdwyertech)
• Fixes #62 (bdwyertech)
• Change password to passwords #60 (jerryaldrichiii)
• Update issue templates #56 (rndmh3ro)
• use inspec's new unified attributes feature #55 (chris-rock)
• modify package check to satisfy openjdk dependency #53 (alval5280)
• allow group write /var/log/wtmp #50 (alval5280)

0.2.0 (2018-08-26)

Full Changelog

Closed issues:

• Debian uses group 42 ('shadow') as group for shadow files #31
• inspec fails to run due to undefined method 'passwords' #5
• Wrong modinfo option #4
• Getting undefined method `split' for nil:NilClass (NoMethodError) on MacOS #3
• Update 6_2_user_and_group_settings.rb to mock empty array. #1

Merged pull requests:

• 0.2.0 #52 (chris-rock)
• Modified controls to use the built in kernel_module of Inspec #49 (csabapatyi)
• handle potential leading space for umask regex #47 (veetow)
• increase rubocop block length #44 (chris-rock)
• Fix shadow user and password deprecations #42 (timstoop)
• Fix a compare with zero. #41 (timstoop)
• Also allow pool to be set. #39 (timstoop)
• Make the 4.1.15 check less strict. #38 (timstoop)
• According to CIS DIL 1.1.0, wtmp and btmp should be tagged logins. #37 (timstoop)
• This fixes for the syntax for CIS DIL 4.1.6 to require just one valid describe. #36 (timstoop)
• Make the check slightly less strict. #35 (timstoop)
• Fix deprecation warnings. #34 (timstoop)
• Debian uses group 42 shadow #33 (timstoop)
• updated regex to account for sha512 not being first option #30 (michael-c-hoffman)
• Adjust modprobe check to remove false positives. #28 (millerthomasj)
• Update umask checks for Centos7 and Amazon Linux. #27 (millerthomasj)
• Update password quality checks for pam. #25 (millerthomasj)
• Allowed MACs should allow for greater security #24 (millerthomasj)
• pin inspec 2.1.0 #23 (chris-rock)
• Should check one of cron or crond not both. #22 (millerthomasj)
• Add auditd fixes for Centos7 #21 (millerthomasj)
• Add tcp_wrappers package for both Centos7 and Amazon Linux. #20 (millerthomasj)
• Add additional filepath for chrony.conf on Centos7. #19 (millerthomasj)
• Ntpd run as user #18 (millerthomasj)
• Centos7 uses grub2 by default, add checks for proper file. #17 (millerthomasj)
• On both Centos7 and latest Amazon Linux ansible auto creates cron ent… #16 (millerthomasj)
• updated regex to detect proper string #15 (michael-c-hoffman)
• Undefinedmethod #14 (michael-c-hoffman)
• changed command for redhat family to modprobe to properly evaluate test #10 (michael-c-hoffman)
• implements inspec check and enables it in travis #9 (chris-rock)
• use inspec's os_env split method #8 (chris-rock)
• Passwords to password #6 (michael-c-hoffman)

0.1.0 (2017-08-15)

Full Changelog

* This Changelog was automatically generated by github_changelog_generator