🎉 Compliance Enforcement for Linux - cem_linux 1.9.1 has been released

[Puppet Product Updates]

Released 8 February 2024

Compliance Enforcement for Linux v1.9.1 improves operational efficiency by correcting an issue where Puppet runs fail prematurely in certain scenarios. Furthermore, this release enhances security safeguards by correcting issues that could have prevented three Security Technical Implementation Guide (STIG) controls from being enforced as intended.

Fixed

• Fixed an issue that could potentially cause Puppet runs to fail prematurely on Red Hat Enterprise Linux (RHEL) 8 systems. The issue is related to the Facter fact cem_mount_info, which can fail to resolve when home directories cannot be determined for a user on a system. The fix helps to ensure that the correct default directory is used, and the fact resolves successfully.
• Fixed the default value for STIG Control V-230270 to help prevent kernel profiling by unauthorized users. The kernel parameter kernel.perf_event_paranoid is now set to a default value of 2 to help prevent attackers from gaining system information.
• Fixed an issue that could cause incorrect failure reports for STIG Control V-230281. The control helps to ensure that the RHEL operating system removes previously installed software components when updated versions are installed. In CEM, the specified default value of true was changed to True to ensure that the control works as designed.
• Fixed the default value for STIG Control V-230494. The control helps to protect the security of systems by disabling the Asynchronous Transfer Mode (ATM) protocol. The default value was changed from ATM to atm so that the control works as designed and helps to protect systems from exploitation.

For full details, visit our release notes here.

Thank you for being a Puppet by Perforce Customer! 

This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.