Hello Everyone,
A new version of the Compliance Enforcement Modules has just been released! We are excited to announce that CEM for Linux now supports DISA STIG for Red Hat Enterprise Linux 8.
cem_linux v1.5.0 includes the following:
cem_linux::benchmark: 'stig'
Copied!
(V-nnn)
or rule ID (SV-nnn)
.disable_package_gpgcheck
. By enabling this option, you disable GNU Privacy Guard (GPG) checks of downloaded packages. Disabling GPG checks can be helpful in rare cases if you enable more stringent system encryption standards, such as the Federal Information Processing Standards (FIPS). These standards can introduce stricter criteria than are normally available for GPG package signatures. If GPG and more stringent criteria are applied simultaneously, package downloads can fail. Specify the disable_package_gpgcheck=true
setting only when necessary. Enabling this option can make your infrastructure less secure.cem::utils::boot_fstab_entry
class was fixed to help ensure that Puppet runs would not overwrite user-specified settings.