Thursday, Dec 21, 2017

chef-os-hardening 3.0.0 is released

DevSec Hardening Framework project is releasing a new major release chef-os-hardening 3.0.0 today.

The major points of this release are listed below, many thanks for the contributions and help we received from our users and community!

Highlights and breaking changes:

  • Blacklisting of filesystems (PR 169). Important: vfat is included in the default list, so be careful if you have some desktop systems.
  • SELinux support for RHEL family distributions. SELinux is unmanaged per default and can be enabled via setting ['os-hardening']['security']['selinux_mode'] (PR 173, many thanks to AnMoeller for this contribution)
  • Adaptation of some attributes to better RH defaults (PR 177, many thanks to strangeman for updating the baseline)

New attributes and features:

  • ['os-hardening']['security']['selinux_mode'] controls the SELinux mode on RH-family distributions
  • ['os-hardening']['security']['kernel']['disable_filesystems'] list of filesystem kernel modules, which are blacklisted for loading.

Bugfixes and improvements:

  • Fedora CI tests are fixed (PR 179, many thanks to @shoekstra for this contribution)
  • Ownership of /var/log fixed for Ubuntu systems (PR 178, many thanks to @shoekstra for this contribution)
  • Fix for failures on fedora with missing yum installation (PR 176)
  • Fix for enabling core dumps if they are enabled via cookbook attribute (PR 174)

Please checkout the full changelog and README for more details.

We are looking forward to get your feedback via GitHub issues or Gitter chatroom. Feel free to follow us on Twitter to stay updated.

We wish you Merry Christmas and Happy New Year!