v0.20.0-alpha.3

What's Changed?

• Added integration tests for CentOS 7
• Fix audit functions per new integration test findings

Pull Request: #40
Full Changelog: v0.20.0a2...v0.20.0a3

v0.20.0-alpha.2

What's Changed?

• Added audit for removable media's mount options
• Added audit for time sync package being installed
• Added audit to check firewalld's default zone is set
• Added audit to ensure system accounts are secured
• Added audit to ensure gids in /etc/passwd exist in /etc/group
• Added audit to ensure shadow group is empty or absent
• Added audit to ensure users' home directories exist and have the correct permissions and ownership
• Added proper text output formatting

v0.20.0-alpha.1

Rewrite to Python 3

This obsoletes issues raised against the cis-audit.sh script, which no longer exists. Where possible, regression tests have been included in the new test suite to cover the issues that were raised

What's Changed

• Refactor to python by @finalduty in #35

Full Changelog: v0.10.1...v0.20.0a1

v0.10.1

This is the first bugfix release for v0.10.x.

Enhancements:

• Added timeout to repolist command to prevent it blocking completion

Resolved Issues:

• #9 4.1.18 fails whilst configuration is in place
• #10 5.3.1 should be an egrep rather than grep?
• #11 5.3.3 fails when multiple entries exist
• #12 5.4.1.4 check returns date rather than integer
• #13 5.4.1.4 check returns date rather than integer
• #14 5.6 should be egrep and syntax change
• #15 1.6.1.3 fails on default config due to space at the end of line
• #16 1.7.2 check has typo and returns incorrect response
• #17 2.2.1.2 ntp conf test looks for wrong config filename
• #18 1.1.17 looks for an extra comma in the check that isn't always there
• #21 5.1.8 if in my system doesn't turn SELinux
• #24 Several of the tests produce false failures
• #26 test 1.5.1 fails if entry is in multiple files

Thank you to all users who have submitted contributions and raised issues.

v0.10.0

Change Notes

After more than a year sitting on the v0.0.3 release the first production-ready release is done.

Features:

• #7 Tests updated to reflect v2.2.0 recommendations

Resolved Issues:

• #1 Bootloader password test 1.4.2 fails regardless of status
• #5 Various audit checks incorrect
• #6 Password requirements 5.3.1 fails due to syntax

Breaking Changes:

• "Ensure only approved ciphers are used" was present in v2.1.1 as Recommendation 5.2.11 but was removed in v2.2.0.
  This release removes the test for approved ciphers and each subsequent test in that family have been moved forward one place. If you are using explicit --include or --exclude arguments that cover the tests between 5.2.11 and 5.2.16, please review your settings before upgrading.

v0.0.3

Feature Release:

• Added --level option to specify running tests from a specific level only
• Added --no-nice option to disable renice of tests
• Updated progress tracking to be an atomic operation
• Changed renicing of tests to be the default behaviour

v0.0.2

A lot of tests were checked / fixed / updated after running it against the CIS AWS AMI.

v0.0.1

Initial Release