Skip to content

Version 24.04.8#121

Merged
mpurg merged 7 commits intonoblefrom
24.04.8-dev
Mar 3, 2026
Merged

Version 24.04.8#121
mpurg merged 7 commits intonoblefrom
24.04.8-dev

Conversation

@mpurg
Copy link
Copy Markdown
Contributor

@mpurg mpurg commented Mar 2, 2026
edited
Loading

Release info

  • Minor fixes and improvements to CaC content
  • Added cis_level1_server_ec2 profile
  • Fixed version pinning for usg-benchmarks

Changelog

  • CaC content - CIS v1.0.0:
    • Add missing section to systemd-timesyncd configuration (LP: #2135245)
    • Add support for drop-in config files in journald rules
    • Add missing rules for sshd drop-in config file permissions
    • Align /var/log ownership rules with Ubuntu CIS (LP: #2142301)
    • Improve chronyd_configure_pool_and_server rule to add trailing newline (LP: #2141667)
    • Fix incorrect username parsing in file_owner template (LP: #2137602)
    • Improve remediation for no_shelllogin_for_systemaccounts (LP: #2133747)
  • CaC content - STIG V1R1:
    • Fix incorrect username parsing in file_owner template (LP: #2137602)
  • USG tool:
    • Pin usg-benchmarks dependency to latest binary version (LP: #2136296)
    • Fix benchmark version and release date in tailoring files (LP: #2142286)
    • Add cis_level1_server_ec2 profile to release metadata

@mpurg
Pin usg-benchmarks dependency to latest binary version
9502cc9 
This ensures usg and usg-benchmarks are always upgraded to the
same version, even when running 'apt install usg' on an existing
installation, which otherwise upgrades the usg package but does
not update usg-benchmarks.

Fixes https://bugs.launchpad.net/usg/+bug/2136296

(cherry picked from commit 8e07910)
mpurg added 6 commits March 2, 2026 17:52
@mpurg
Change to dynamic benchmark version and release date in tailoring files
6e5ed15 
This fixes the issue of the tailoring files (and thus report) having the
same description, version, and release_date regardless of which
benchmark they are associated with.

The benchmark version and release date are now parametrized in the
tailoring file template and replaced at build time.

Other changes:
- tailoring file templates use string.Template placeholders
- introduced 'release_date' to benchmark release metadata
- introduced 'latest_benchmark_id' to channel data
- switched to YAML BaseLoader and cast fields explicitly

(cherry picked from commit b16892f)
@mpurg
Update build test data
0588c6f 
(cherry picked from commit 4f1dd1c)
@mpurg
Fix error logging in build tool
90e8415 
(cherry picked from commit bce4b37)
@mpurg
Add metadata for 'noble-cis-1.7'
1a8d981
@mpurg
Add metadata for 'noble-stig-1.2'
82a0a49
@mpurg
Version 24.04.8
f495b77
@mpurg mpurg marked this pull request as ready for review March 3, 2026 14:48
@mpurg mpurg requested a review from dodys March 3, 2026 14:48
dodys
dodys approved these changes Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dodys dodys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks!

@mpurg mpurg merged commit 909ae48 into noble Mar 3, 2026
1 check passed
@mpurg mpurg added release noble Ubuntu 24.04 labels Mar 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dodys dodys dodys approved these changes

Assignees

No one assigned

Labels

noble Ubuntu 24.04 release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mpurg @dodys