DevSec Hardening Framework project is releasing a new major release chef-os-hardening 3.0.0 today.
The major points of this release are listed below, many thanks for the contributions and help we received from our users and community!
Highlights and breaking changes:
- Blacklisting of filesystems (PR 169). Important: vfat is included in the default list, so be careful if you have some desktop systems.
- SELinux support for RHEL family distributions. SELinux is unmanaged per default and can be enabled via setting
['os-hardening']['security']['selinux_mode'](PR 173, many thanks to AnMoeller for this contribution)
- Adaptation of some attributes to better RH defaults (PR 177, many thanks to strangeman for updating the baseline)
New attributes and features:
['os-hardening']['security']['selinux_mode']controls the SELinux mode on RH-family distributions
['os-hardening']['security']['kernel']['disable_filesystems']list of filesystem kernel modules, which are blacklisted for loading.
Bugfixes and improvements:
- Fedora CI tests are fixed (PR 179, many thanks to @shoekstra for this contribution)
- Ownership of
/var/logfixed for Ubuntu systems (PR 178, many thanks to @shoekstra for this contribution)
- Fix for failures on fedora with missing yum installation (PR 176)
- Fix for enabling core dumps if they are enabled via cookbook attribute (PR 174)
We wish you Merry Christmas and Happy New Year!