CEM for Windows v1.3.0 and CEM for Linux 1.4.3 now available

[Puppet Product Updates]

Hello everyone! We have released CEM for Windows v1.3.0 and CEM for Linux 1.4.3

cem_windows 1.3.0 - New in this release: 

• This release includes updates for users of the Microsoft Windows Server 2016 operating system. With this release, users can enforce Center for Internet Security (CIS) Microsoft Windows Server 2016 Benchmark v1.4.0.  

Full release notes can be found online on our docs pages.

cem_linux 1.4.3 - This release includes the following bug fixes:

• Fixed an issue that resulted in catalog compilation errors on the Red Hat Enterprise Linux (RHEL) 7 operating system. The issue, caused by a duplicate instance of control V-204450 in the YAML file, resulted in error messages like the following:

  Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server 
  Error: Evaluation Error: Error while evaluating a Function Call, CEM: 
  cem_create_resources: failed  
  resource: classCopied!

• Fixed an issue related to Center for Internet Security (CIS) Control 4.1.3.6 in a RHEL 8 environment. When Control 4.1.3.6 is enabled, privileged programs are monitored to determine whether unauthorized users are trying to gain access. However, when Control 4.1.3.6 was enabled on systems using the Postfix mail transfer agent, two setuid binary files (postdrop and postqueue) were not being added to the auditd monitor list. The issue is corrected so that scans can run successfully.
• Fixed an issue related to CIS Control 1.5.3 in a RHEL environment. Control 1.5.3 is designed to ensure that address space layout randomization (ASLR) is enabled. ASLR randomly arranges the address space of data areas in processes to help protect system security. Enforcement for Control 1.5.3 was available in a RHEL 7 environment but was missing from RHEL 8. The control is now available to RHEL 8 users.
• Fixed an issue that affects users of the RHEL 7 operating system and pertains to control V-204444. When enabled, the control helps to prevent non-privileged users from initiating privileged functions such as disabling, circumventing, or altering security safeguards. However, after a system administrator specified the privileged users (resources) for control V-204444 and scans were run, the Puppet agent overwrote the resource list on each run. The issue is fixed to ensure that the resource list is not overwritten.
• Fixed an issue that caused scan failures for CIS Control 4.1.16, ‘Ensure kernel module loading and unloading is collected,’ in a RHEL 7 environment. When this control is enforced, the process of loading and unloading kernel modules is monitored to help detect unauthorized access to the system. Users of RHEL 7 found that Control 4.1.16 failed scans even when the control was correctly configured. The issue is corrected so that scans can run successfully.

Full release notes can be found online on our docs pages.

Puppet