Skip to content

Feature/stig#205

Open
jihan-lf wants to merge 92 commits intoLinuxfabrik:stigfrom
jihan-lf:feature/stig
Open

Feature/stig#205
jihan-lf wants to merge 92 commits intoLinuxfabrik:stigfrom
jihan-lf:feature/stig

Conversation

@jihan-lf
Copy link
Copy Markdown
Contributor

@jihan-lf jihan-lf commented Mar 19, 2026
edited
Loading

the commit is now up to date, the other one has been removed

@jihan-lf jihan-lf requested a review from NavidSassan March 19, 2026 14:29
@NavidSassan NavidSassan changed the base branch from main to feature/stig March 20, 2026 15:54
@NavidSassan NavidSassan changed the base branch from feature/stig to main March 20, 2026 15:54
NavidSassan
NavidSassan requested changes Mar 25, 2026
View reviewed changes
Comment thread stig/README.rst
Comment thread stig/stig.db Outdated
@NavidSassan NavidSassan changed the base branch from main to stig March 25, 2026 13:28
@NavidSassan
Copy link
Copy Markdown
Member

NavidSassan commented Mar 25, 2026

the README.rst is not correct yet, we'll merge it into the stig branch to finish it and then merge it into main later on

@jihan-lf @NavidSassan
fix(roles/mariadb-server): parameter handling
ff382f1 
fix(roles/mariadb-server): parameter handling

fix(roles/mariadb-server): update deprecated param

--trx-tables is enabled by default since 2026-05-18 but since mydumper v0.20.2-1 no-trx-tables replaces trx-tables=0; commit hash is 38d300e8
jihan-lf and others added 20 commits March 26, 2026 15:28
@jihan-lf
fix(roles/influxdb): update gpg key
666e07a
@NavidSassan
docs: update CONTRIBUTING
cd384ff
@NavidSassan
feat(roles/freeipa_server): add --diff support and freeipa_server:con…
b868d8b 
…figure tag
@NavidSassan
Merge branch 'wip/freeipa_server_modules'
ab2f370
@danyalberchtoldlf
refactor(roles/icingaweb2_module_grafana): clean up and delegate to g…
92dad08 
…rafana role
@danyalberchtoldlf
feat(roles/grafana): add variable for JWT TLS key and issue cert via …
dd3f4ee 
…role
@danyalberchtoldlf
refactor(roles/icingaweb2_module_grafana): fix sort order
453c127
@danyalberchtoldlf
fix(roles/icingaweb2_module_grafana): fix private key file ownership
b1f63f1
@markuslf
fix(roles/login): rename sudoers file from lfops_login to `linuxfab…
a5891d7 
…rik` (fix Linuxfabrik#154)
@markuslf
style(roles): add backup: true to all template tasks
616b7d3
@markuslf
docs: unify CONTRIBUTING and convert from RST to Markdown
590ae05
@markuslf
chore: update pre-commit hooks, add autoupdate workflow
126bb48
@markuslf
chore: add SECURITY.md, FUNDING.yml, issue templates, dependabot, cod…
f578fe7 
…eql, scorecard, dependency-review
@dependabot
chore(deps): bump peter-evans/create-pull-request from 7 to 8
41ef301 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7 to 8.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@v7...v8)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump github/codeql-action from 3 to 4
799094d 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump actions/setup-python from 5 to 6
bb59ea4 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump actions/upload-artifact from 4 to 7
40215dd 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@markuslf
Merge pull request Linuxfabrik#210 from Linuxfabrik/dependabot/github…
ca5ea2b 
…_actions/peter-evans/create-pull-request-8

chore(deps): bump peter-evans/create-pull-request from 7 to 8
@markuslf
Merge pull request Linuxfabrik#211 from Linuxfabrik/dependabot/github…
4f88631 
…_actions/github/codeql-action-4

chore(deps): bump github/codeql-action from 3 to 4
@dependabot
chore(deps): bump actions/checkout from 4 to 6
3b1c6cd 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
markuslf and others added 29 commits April 8, 2026 15:42
@markuslf
fix(ci): use complete requirements files for --require-hashes pip ins…
b96cb54 
…talls
@markuslf
fix(ci): replace --require-hashes with pinned versions for pip installs
b8a3068
@markuslf
style(ci): prefix custom workflow names with 'Linuxfabrik: '
19433a1
@bhatti-lf
fix(roles/keycloak): MariaDB database encoding causing warnings in Ke…
3aa104e 
…ycloak 26.6.0+
@bhatti-lf
fix(roles/keycloak): Quarkus timeout property getting overridden by n…
ebecdee 
…ew transaction timeout variable in Keycloak 26.6.0+
@bhatti-lf
style(roles/keycloak): use fqcn
f447782
@dependabot
chore(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1
a8c22f7 
Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.16.0 to 2.16.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@v2.16.0...fe10465)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.16.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@markuslf
Merge pull request Linuxfabrik#217 from Linuxfabrik/dependabot/github…
560eb7b 
…_actions/step-security/harden-runner-2.16.1

chore(deps): bump step-security/harden-runner from 2.16.0 to 2.16.1
@NavidSassan
docs(roles): rewrite all role READMEs to new standard format
ddbfa4f
@NavidSassan
fix(execution-environment): add missing sshpass system package
1ddb812
@markuslf
feat(ci): add dependabot auto-merge for patch and minor updates
fc263b2
@dependabot
chore(deps): bump dependabot/fetch-metadata from 2 to 3
750d9f7 
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 2 to 3.
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@v2...v3)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump step-security/harden-runner from 2.16.1 to 2.17.0 (L…
8b9b842 
…inuxfabrik#219)

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.16.1 to 2.17.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@fe10465...f808768)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@markuslf
Merge pull request Linuxfabrik#220 from Linuxfabrik/dependabot/github…
3228831 
…_actions/dependabot/fetch-metadata-3

chore(deps): bump dependabot/fetch-metadata from 2 to 3
@markuslf
chore(ci): add bandit and vulture to pre-commit hooks
8114449 
Standard --severity-level=low --confidence-level=low thresholds with
B110/B112/B311 skipped (graceful-degradation patterns, non-crypto
random). Existing findings are tracked in issue Linuxfabrik#221.
@NavidSassan
style(roles/*): improve consistency across roles
e368647
@NavidSassan
refactor(roles/example): greatly improve the example role
28788ff
@NavidSassan
style(roles/monitoring_plugins): be consistent with other roles
a8fbfc0
@NavidSassan
docs: improve CONTRIBUTING
fb39063
@markuslf
ci: align Dependabot daily checks to 11:11 Europe/Zurich
817ba38
@dependabot
chore(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
ffcace5 
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 4.0.0 to 5.0.0.
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@7b1f4a7...fc324d3)

---
updated-dependencies:
- dependency-name: actions/upload-pages-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
be438f2 
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.6.1 to 3.0.0.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@153bb8e...b430933)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (
6924a1c 
…Linuxfabrik#222)

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 8.1.0 to 8.1.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@c0f553f...5f6978f)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (Linuxf…
accfa31 
…abrik#225)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@markuslf
ci: align scheduled workflows to Friday 05:00 UTC
0204bb9
@markuslf
ci: align Dependabot to weekly Friday 05:00 UTC
5e583fe
@markuslf
Merge pull request Linuxfabrik#223 from Linuxfabrik/dependabot/github…
e4d235e 
…_actions/actions/upload-pages-artifact-5.0.0

chore(deps): bump actions/upload-pages-artifact from 4.0.0 to 5.0.0
@markuslf
Merge pull request Linuxfabrik#224 from Linuxfabrik/dependabot/github…
b5b82f7 
…_actions/softprops/action-gh-release-3.0.0

chore(deps): bump softprops/action-gh-release from 2.6.1 to 3.0.0
@jihan-lf
feat: implement Rocky Linux 9 CIS
8da9b53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NavidSassan NavidSassan NavidSassan requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@jihan-lf @NavidSassan @danyalberchtoldlf @markuslf @ebuerki-lf @step-security-bot @bhatti-lf