mirror of
https://github.com/dev-sec/linux-baseline
synced 2024-11-10 05:34:14 +00:00
26 KiB
26 KiB
Changelog
2.9.0 (2024-08-21)
Implemented enhancements:
- extend sysctls for ipv6 #179 (rndmh3ro)
- use centralised issue templates and workflows #178 (schurzi)
Fixed bugs:
Merged pull requests:
- ensure compatibility with new inspec version #184 (schurzi)
- add spellchecking with codespell #183 (schurzi)
- Configure Renovate #182 (renovate[bot])
2.8.3 (2022-09-29)
Fixed bugs:
Closed issues:
- Remove control 'os-08' because entropy is always at 256 #176
- How to deal with squashfs in Ubuntu 22 #174
- why keep_logs? #171
- sysctl-34 - fs.protected_regular is Ubuntu specific #170
Merged pull requests:
- remove entropy-test #177 (rndmh3ro)
- only disable SquashFS if it's not needed #175 (schurzi)
- Change linting to Cookstyle #169 (schurzi)
- Improve SUID find #168 (magmax)
2.8.2 (2022-01-12)
Merged pull requests:
- missing inputs changed #167 (micheelengronne)
2.8.1 (2022-01-12)
Closed issues:
Merged pull requests:
- use input instead of attribute #166 (micheelengronne)
- feat(os-14) add rule to check noexec, nosuid and nodev mount options #164 (cmhe)
- added sysctl-34 for checking link protection settings #160 (cmhe)
2.8.0 (2021-05-06)
Implemented enhancements:
- remove sysctl-18 - ipv6 no longer needs to be disabled #155 (schurzi)
- Disable source routing for IPv6. #152 (joubbi)
Closed issues:
- Remove package-07 test #149
Merged pull requests:
- remove control package-07 #154 (rndmh3ro)
- fix rubocop error for Rakefile #153 (schurzi)
- add dependency to chef-config for CI #151 (schurzi)
2.7.0 (2021-02-22)
Implemented enhancements:
2.6.4 (2021-02-02)
Closed issues:
- os-06: Check for SUID/ SGID blacklist control previously passing is now falling #146
Merged pull requests:
2.6.3 (2021-01-29)
Merged pull requests:
2.6.2 (2021-01-29)
Merged pull requests:
- update code to conform to new linting rules #145 (schurzi)
- add github action for testing #144 (rndmh3ro)
- Fix tiny typo #143 (danwit)
2.6.1 (2020-12-28)
Merged pull requests:
2.6.0 (2020-12-16)
Implemented enhancements:
- feat(osbaseline): support validation for cpu vulnerabilities #138 (imjoseangel)
Closed issues:
- cpu-vulnerability-directory
1 failed- Ubuntu #139 - Support for validation of cpu vulnerabilities #114
Merged pull requests:
2.5.0 (2020-08-25)
Implemented enhancements:
Closed issues:
- os-10: CIS: Disable unused filesystems
1 failed#135
2.4.6 (2020-07-23)
Closed issues:
- Default umask 077/027 leads into several problems installing software packages #133
Merged pull requests:
- The release draft references the correct SHA #134 (micheelengronne)
2.4.5 (2020-06-30)
Closed issues:
- /etc/passwd should not contain any password hashes #117
Merged pull requests:
- Adds /etc/passwd format check #132 (imjoseangel)
2.4.4 (2020-05-19)
Merged pull requests:
- CHANGELOG for RELEASE done before the push to avoid breaking #131 (micheelengronne)
2.4.3 (2020-05-19)
Merged pull requests:
- release trigger #130 (micheelengronne)
2.4.2 (2020-05-19)
Merged pull requests:
- align versions #129 (micheelengronne)
2.4.1 (2020-05-19)
Closed issues:
- New release #127
Merged pull requests:
- github actions #128 (micheelengronne)
2.4.0 (2020-03-26)
Closed issues:
- net.ipv4.ip_forward needs to be '1' on docker hosts #126
- sysctl-19 should check the sysctl_forwarding attribute #124
- Issue after upgrading to the latest version of Inspec. #122
- Support for ESXi #116
- Deprecation Warnings #115
- systctl-33 - undefined method `expect' #107
Merged pull requests:
- skip the sysctl-19 control when sysctl_forwarding is true #125 (b-dean)
- add documentation for missing package-04 control #123 (chris-rock)
- Allow core dumps to be piped into a program with an absolute path. #121 (samjmarshall)
- Allow for lowercase auditd config flush value. #120 (samjmarshall)
- Fixing some deprecation notices #119 (jjasghar)
2.3.0 (2019-05-15)
Closed issues:
- Audit Daemon Fails on Amazon Linux 2 #109
- os-11 fails on vanilla Ubuntu 16.04/18.04 #104
- Container conditions to skip tests? #102
- Duplicate testing for telnetd instead of rsh #97
- Profile summary VS Test Summary #93
- Control Sysctl 31-b from sysctl_spec.rb causing Inspec to exit with error code #92
Merged pull requests:
- Bump version to 2.3.0 and switch to inspec 3 for check #113 (alexpop)
- Add compatibility for alpine based images #111 (zopanix)
- Minor grammatical fix in README #108 (cachedout)
- Update issue templates #106 (rndmh3ro)
- #104 Fix os-11 for Ubuntu 16.04 and newer #105 (IceBear2k)
- efi-check should run on remote host, not locally #103 (rndmh3ro)
- update grammar in desc #101 (juliandunn)
- Update to test for rsh-server instead of duplicate telnetd #98 (aavetis)
2.2.2 (2018-07-19)
Merged pull requests:
- Update to version 2.2.2 #99 (james-stocks)
- Do not disable vfat by default #96 (rndmh3ro)
- fix virtualization usage in older inspec versions #95 (mattlqx)
2.2.1 (2018-05-14)
Closed issues:
- /etc/shadow permissions false positive on Fedora #89
Merged pull requests:
- Skip auditd and sysctl tests for containers #91 (artem-sidorenko)
- Fixes #89 false positive /etc/shadow on Fedora #90 (marcelhuth)
- Fix typos in
inspec.yml#88 (jerryaldrichiii)
2.2.0 (2017-12-01)
Closed issues:
- linux-baseline os-06 can not be skipped #86
- control os-10 fails
/etc/modprobe.d/dev-sec.conf#80 - package-08 error on amazon linux #79
Merged pull requests:
- deferring the execution of permissions to profile execution #87 (chris-rock)
- CIS 4.1.1.3 #85 (tomhaynes)
- Update Fedora controls #84 (shoekstra)
- Fix log_dir_group for Ubuntu 14.04+ #83 (shoekstra)
- Tune some parameters for RedHat system #82 (strangeman)
- add logdir-check #81 (rndmh3ro)
- Optimize file search routines #77 (mcgege)
- Check for Amazon Linux when determining audit package. #76 (HenryTheHamster)
- Update package_spec.rb #74 (lnxchk)
- CIS 1.5.4 Ensure prelink is disabled #73 (bitvijays)
- Added net.ipv4.conf.default.log_martians for Martian Packets in sysctl_spec.rb #72 (bitvijays)
- 1.1.1 CIS Disable unused filesystem #71 (bitvijays)
- os-02: Fix for SUSE environments #70 (mcgege)
- On SUSE environments 'auditd' is part of package 'audit' #69 (mcgege)
- use recommended spdx license identifier #68 (chris-rock)
2.1.1 (2017-06-02)
Closed issues:
Merged pull requests:
- CI: update to ruby 2.4.1 and rubocop 0.49.1 #66 (artem-sidorenko)
- Use assignment_regex, only_if and bump profile version #64 (alexpop)
- num_logs has different values on different distros #63 (artem-sidorenko)
- Allow verification if kernel modules loading is disabled #62 (artem-sidorenko)
- Fix: more generic auditd settings #61 (artem-sidorenko)
2.1.0 (2017-05-08)
Merged pull requests:
- update metadata #58 (chris-rock)
- update gemfile #57 (atomic111)
- restrict ruby testing to version 2.3.3 #56 (atomic111)
- Properly verify the kernel dump setting #52 (artem-sidorenko)
- auditd package is called audit in the rhel family #51 (rdeusser)
- Ignore inspec.lock file #50 (techraf)
- Remove duplicated expectation from sysctl-16 #49 (techraf)
- update links in readme #47 (chris-rock)
- essay: differentiate redhat/debian, add extra conditions #44 (juju4)
2.0.1 (2016-12-21)
Closed issues:
Merged pull requests:
- update profile metadata & tooling #46 (chris-rock)
- update Gemfile #43 (atomic111)
- Update links in README file #42 (netflash)
- Fix cpu flags and change default for net.ipv4.conf.all.log_martians #39 (chris-rock)
2.0.0 (2016-04-29)
Merged pull requests:
- inspec profile #38 (chris-rock)
1.3.0 (2016-04-25)
Fixed bugs:
- update identifier #37 (chris-rock)
Merged pull requests:
1.2.0 (2015-12-08)
Merged pull requests:
1.1.0 (2015-10-15)
Merged pull requests:
- bugfix: lint error #20 (chris-rock)
1.0.0 (2014-08-13)
Merged pull requests:
- Lockdown mode #19 (arlimus)
- split sysctl_spec.rb, added suid whitliste and uid unique search #18 (atomic111)
- added additional test #17 (atomic111)
- add travis config, add default task to rakefile #16 (ehaselwanter)
- update rubocop, add common linter task, fix rubocop issues #15 (ehaselwanter)
- fix exec-shield test #14 (chris-rock)
- add lint rake task with robocop and fix issues #13 (chris-rock)
- added Telekom Security Requirement numbers to the corresponding kitchen test #12 (atomic111)
- add ruby gem source #11 (chris-rock)
- add standalone usage feature #10 (ehaselwanter)
- serverspec has a contract on running commands remote. this fixes the local #9 (ehaselwanter)
- add lockfiles and delete them from tree #8 (ehaselwanter)
- rubocop fixes #7 (ehaselwanter)
- moved site.pp to the shared test, were it belongs #6 (ehaselwanter)
- bugfix: arp restrictions should apply to all, not just eth0 #5 (arlimus)
- one folder level up #4 (ehaselwanter)
- Fix: change value of log_martians to the cookbook default #3 (atomic111)
- discard one level to be able to use the defaults in test-kitchen by just #2 (ehaselwanter)
- added tests from chef-os-hardening #1 (ehaselwanter)
* This Changelog was automatically generated by github_changelog_generator