Important Highlights

• Add new product kylinserver10 (#12393)
• Create OL10 product (#12290)
• Update PCI-DSS control file for version 4.0.1 (#12435)

New Rules and Profiles

• [New Rule] Package kea removed (#12464)
• Add Ism profile for ol8 (#12493)
• Add Ism profile to OL9 (#12346)
• Create CIS rules for login banners (#12472)
• New rule tftp_uses_secure_mode_systemd (#12436)
• Update chrony rules for RHEL 10 (#12415)
• Update RHEL 9 STIG to V2R2 (#12551)

Changes in Remediations

• Add ansible remediation configure_bind_crypto_policy (#12325)
• Add ansible remediation to ensure_oracle_gpgkey_installed rule (#12323)
• Add ansible remediation to mount_option_home template (#12546)
• Add ansible remediaton for rsyslog_cron_logging rule (#12326)
• Add insensitive option to ansible_lineinfile macro (#12314)
• Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524)
• Add rule security_patches_up_to_date to SLE Micro 5 STIG profile (#12506)
• Add rules to support remote offload of journal logs (#12479)
• Add support for XCCDF variables into sshd_lineinfile template (#12251)
• Added remediation and tests for the rule permissions_local_var_log_audit (#12360)
• Avoid tmpfiles override (#12218)
• Bring bash version in-sync with Ansible (#12398)
• Change flags cleanup (#12397)
• Create CIS rules for login banners (#12472)
• Don't autoremove packages on dnf package uninstall (#12389)
• Fix "unknown predicate -L" (#12305)
• Fix ansible remediation for audispd plugin UBTU-20-010216 (#12293)
• Skip users with ID above UID MAX on accounts_user_interactive_home_directory_defined (#12527)
• SLE15 related fixes in ntp and aide rules (#12548)
• Slmicro5 stig add accounts and software rules support (#12364)
• Update ansible remediation to harden_sshd_ciphers_openssh_conf_crypto_policy rule (#12324)
• Update bash remediation to fix bug into account_disable_inactivity* (#12134)
• Update remedation for firewalld_sshd_port_enabled (#12522)
• Update select rules for RHEL not to modify systemd units in /usr (#12486)
• Update SLE12 STIG version to V3R1 (#12580)
• Update SLE15 STIG version to V2R2 (#12570)

Changes in Checks

• Add "is_substring" variable to grub2_bootloader_argument template (#12308)
• Add OL9 into installed_OS_is_vendor_supported (#12333)
• Add rule accounts_tmout to SLE Micro 5 STIG profile (#12524)
• Add support for XCCDF variables into sshd_lineinfile template (#12251)
• convert more rules to sshd_lineinfile template (#12301)
• Create CIS rules for login banners (#12472)
• enhance the grub2_argument template to cover more use cases (#12375)
• Fix Audit related rules in RHEL 10 (#12359)
• Fix inventory_test_kernel_installed for SLE (#12516)
• Remove redundant sshd oval macro (#12532)
• Slmicro5 stig add accounts and software rules support (#12364)
• Update SLE15 STIG version to V2R2 (#12570)

Removed Products

• Remove uos20 (#12248)

Fixed Bugs

• Remove installed_OS_is_FIPS_certified from sshd_use_approved_ciphers (#12242)
• firewalld_sshd_port_enabled add zone to all connections (#12256)
• Create CIS rules for login banners (#12472)
• Disable sysctl_kernel_modules_disabled Ansible remediation (#12514)
• Explicitly state FindOpenSCAP cmake so it loads before it's used. (#12538)
• Extend mount_option_nodev_nonroot_local_partitions (#12270)
• Fix crypto policy selection rhel10 (#12466)
• Fix references section in the workshop artificial rule data. (#12261)
• Fix title of var_networkmanager_dns_mode (#12258)
• Remove enable_dracut_fips_module from RHEL 10 profiles (#12467)
• Two CIS RHEL 9 enhancements (#12453)
• Update Account Home Folder Rules (#12465)
• Update audit_rules_suid_privilege_function to use ExecStart instead of ExecStartPost (#12549)
• Update Regex for sudoers_explicit_command_args (#12350)
• Update SLE15 STIG version to V2R1 (#12269)