Hello everyone! We have released CEM for Linux 1.5.1
FUTURE
was set for cryptographic policies to help prevent malware attacks, the OpenSSH process failed with the following error message:Extra argument FUTURE.
Copied!
cem_linux::system_account
task from the PE console to view system accounts.audit.rules
file. The issue was seen on RHEL operating systems after an upgrade to CEM for Linux v1.5.0. The following error message was issued:Could not stat /etc/audit/rules.d/audit.rules
Copied!
To resolve the issue, the CEM for Linux module was updated to reference all existing files in /etc/audit/rules.d/
directory.
sudo
log files. When events pertaining to a sudo
log file are collected, system administrators can review the events to detect whether unauthorized commands were run. The issue, which affected users on RHEL 8 systems, was caused by a failure to enforce Center for Internet Security (CIS) Control 4.1.3.3. The control is now enforced."Ensure gpgcheck is globally activated"
) is designed to ensure that downloaded packages from the RPM package management tool are checked. However, these checks failed to occur because the repo_files
parameter associated with the CIS control does not specify the YUM files that are used to manage RHEL packages. The fix ensures that GPG checks will be enabled on a per-repository basis for each file that is listed in the repo_files
parameter.Grub2
bootloader could not be set: cem_linux::regenerate_grub2_config
, cem_linux::set_grub2_password
,cem_linux::grub2_superuser
, and cem_linux::grub2_superuser_password
. The issue was resolved to ensure that the parameters can be set, and the values are applied./var/log/messages
file. The issue occurred because the resource data for STIG control V-230245 specified a value of directory
instead of file
. The issue was fixed to ensure that permissions are set for the messages
file. The fix also ensures that a /var/log/messages
directory is not created inadvertently.cem_linux/manifests/utils/bootloader/grub2/fips.pp
file. The extraneous text, a Universal Unique Identifier of 6484, is now removed.