SIMP 6.2.0

Table of Contents

Background

We need to nail down the components for 6.2.0 as it moves forward to the final release.

Component Selection

ComponentGit RefVersionUpdated in 6.2.0-BETA2 metadataRequiredTravisGitlab CIStatus acceptable?Include in release?Tag/Release StatusForge releasedChangelog
simp-adapterc1cb4e20.0.6YESYES - Server 94 issues otherwisepassingNONESIMP-4028YESDONE
Release of 0.0.6
Fri May 11 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 0.0.6-0 Updated the minimum version of the puppet-agent dependency to at least 1.10.4 (packages puppet 4.10.4), due to 'puppet generate types' bugs in puppet-agent releases prior to that. These bugs cause the composite namevar fixes to not function properly.
simp-environment-skeleton86ffad16.2.10??YESpassingNONE
YESDONEN/ASee component
simp-rsync-skeleton7798df76.2.1YESYESpassingNONE
YESDONE
Release of 6.2.1
Thu Apr 26 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 6.2.1-0 Added logic in dhcpd.conf to select the appropriate PXEboot file based on the boot type (BIOS or UEFI).
rubygem-simp-clicaabbaa4.2.0??YESpassingNONE
YESDONEN/ASee component
pupmod-simp-aidebfb82566.1.3??YESpassingpassing
YESDONEYESSee module
pupmod-simp-aide64372a6.1.4??PROPOSEDpassingpassing
PROPOSEDDONEYESAdded /etc/logrotate.simp.d to default rules
pupmod-simp-auditd
e9cf49a
8.0.2
NO - version 8.0.0 introduced breaking changespassingpassing
NO

Release of 7.2.0
Wed Jun 06 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 7.2.0-0 Updated 'simp' audit profile settings for DISA STIG. Expanded the list of successful syscall operations audited. Expanded the list of module syscall operations audited Added an option to monitor selinux commands, (i.e., chcon, semanage, setfiles, setsebool) Added an option to audit the execution of password commands ('passwd', 'unix_chkpwd', 'gpasswd', 'chage', 'userhelper') Added an option to audit the execution of privilege-related commands ('su', 'sudo', 'newgrp', 'chsh', 'sudoedit') Added an option to audit the execution of postfix-related commands ('postdrop', 'postqueue') Added an option to audit the execution of the 'ssh-keysign' command Added an option to audit the execution of the 'crontab' command Added an option to audit the execution of the 'pam_timestamp_check' command
pupmod-simp-clamava985d866.0.3
NOpassingpassing
NO

Release of 6.0.3
Mon Mar 19 2018 Trevor Vaughan < tvaughan at onxypoint dot com> - 6.0.3-0 Add support for Puppet 5 and OEL
pupmod-simp-compliance_markup30983d22.3.4
NOpassingpassing
NO

Release of 2.3.4
Mon Jun 11 2018 Nick Miller < nick.miller at onyxpoint dot com> - 2.3.4-0 DISA STIG changes: Added auditd::config::audit_profiles::simp::audit_crontab_cmd Added auditd::config::audit_profiles::simp::audit_pam_timestamp_check_cmd Added auditd::config::audit_profiles::simp::audit_passwd_cmds Added auditd::config::audit_profiles::simp::audit_postfix_cmds Added auditd::config::audit_profiles::simp::audit_priv_cmds Added auditd::config::audit_profiles::simp::audit_ssh_keysign_cmd Wed Jun 06 2018 Chris Tessmer < chris.tessmer at onyxpoint dot com> - 2.3.4-0 DISA STIG changes: Added auditd::config::audit_profiles::simp::audit_session_files Added auditd::config::audit_profiles::simp::audit_session_files_tag Wed Jun 06 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 2.3.4-0 DISA STIG changes: Added auditd::action_mail_acct entries Added auditd::config::audit_profiles::simp::audit_sudoers Added auditd::config::audit_profiles::simp::audit_selinux_cmds Added auditd::failure_mode Corrected auditd::enable identifiers Fri May 18 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> - 2.3.4-0 Added postfix main.cf settings to el7 DISA STIG. Wed May 16 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 2.3.4-0 Added aide::aliases entries for DISA STIG Replaced OBE simp::yum::enable_auto_updates entries with simp::yum::schedule::enable in all profiles Added and updated simp::yum::schedules entries for DISA STIG Added simp::sysctl entries to the DISA STIG profiles for net.ipv4.conf.default.accept_source_route, net.ipv4.conf.default.send_redirects, and net.ipv6.conf.all.accept_source_route. Fri May 04 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> - 2.3.4-0 Added and updated ssh::server::conf entries for DISA STIG Mon Apr 30 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 2.3.4-0 Added 'svckill::mode' to be 'enforcing' in STIG and 800-53 modes Fri Apr 27 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 2.3.4-0 Fixed the inappropriate value of useradd::useradd::inactive in the DISA STIG profiles. It is now set to 0. Fri Mar 30 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 2.3.4-0 Update PAM settings in the disa_stig profile Fixed issues with the compliance_map logic that were causing false results to be added to the 'documented_missing_parameters' and 'documented_missing_resources' lists
pupmod-simp-gdm4689417.1.0
NOpassingpassing
NO

Release of 7.1.0
Sat May 19 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 7.1.0-0 Added support for setting dconf options for GDM Moved package list to data in modules for easy merging and overwriting Added acceptance tests that go through the stages of setting up both GDM and GNOME for inspection
pupmod-simp-gnome68a51e78.0.0
NOpassingpassing
NO

Release of 8.0.0
Fri May 18 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 8.0.0-0 Removed the deprecated 'gnome::dconf::add' defined type - BREAKING Generalize the gdm::dconf_profile_hierarchy to work with other services, such as GDM, that need to add items to the hierarchy - BREAKING Moved 'gnome::config::dconf' to the top level for clarity - BREAKING Removed all GDM settings from the hierarchy since they could cause errors upon application if GDM is not installed - BREAKING - These settings should now be updated via the simp/gdm module Fixed a typo in the dconf_hash where automount-never was specified instead of autorun-never Added 'gnome::config::dconf::profile' to allow services to add items to the profile hierarchy Solidified the Data Types Added MATE support Purge any extra files dropped into dconf db directories
pupmod-simp-incron643d7a00.3.0YESNOpassingpassing
YESDONEYESRelease of 0.3.0
Tue Jun 19 2018 Nick Miller < nick.miller at onyxpoint dot com> - 0.3.0-0 Stop managing the systemd unit file, because deviating from the RPM defaults violates the STIG Set /etc/incron.d to 0755, the RPM default Fri May 04 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 0.3.0-0 Added a native type incron_system_table to allow for client side glob expansion on paths Pushed all validation of parameters off to the native type from incron::system_table Updated acceptance tests to verify that incron is actually working Bumped the supported puppet version to '< 6'
pupmod-simp-iptablesf889bc86.1.5YESYES - Fix bug introduced with last fixpassingpassing
YESDONEYESRelease of 6.1.5
Thu May 17 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 6.1.5 Perform deep rule comparison on rulesets that are otherwise identical Remove chances for memory leaks due to the design of iptables_rule Set init script permissions back to the RPM defaults of 0755
pupmod-simp-logrotate
6.2.0??YESpassingpassing
YESDONEYESSee module
pupmod-simp-openscap
6.1.1??YESpassingpassing
YESDONEYESSee module
pupmod-simp-networkb5f93bf6.0.3
NOpassingFAILINGyesNO

Release of 6.0.3
Fri Mar 23 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 6.0.3-0 Added support for OEL and Puppet 5
pupmod-simp-nfs7c0625c6.1.1YESYESpassingpassing
YESDONEYESRelease of 6.1.1
Thu Jun 14 2018 Nick Miller < nick.miller at onyxpoint dot com> - 6.1.1-0 Update systemd fixtures and CI assets Add logging for exportfs failures Ensure that reexports happen after the NFS service has been started Mon Apr 16 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 6.1.1-0 Added nfs::client::mount::autodetect_remote to override all autodetection of whether or not the remote host was the current NFS server so an NFS server can mount NFS directories from other servers. Added nfs::client::mount::stunnel to allow users to dictate the stunnel connection state for specific mounts. Wed Apr 04 2018 Nick Miller < nick.miller at onyxpoint dot com> - 6.1.1-0 On systemd systems, the stunnel service is now a dependency of the NFS servers and mounts managed by this module.
pupmod-simp-ntpdc62fdb846.1.1
YESpassingpassing
YESDoneYESRelease of 6.1.1

* Fixed bug in which ntpd::ntpd_options was not applied to ntpd::servers when ntpd::servers is an array.
* Add OEL and Puppet 5 Support
* Update auditd version range in metadata.json
* Cleanup unneeded fixtures

pupmod-simp-pamf1342d26.2.1YESMAYBE? change password hash algorithm MAYBE? enable/disable enforcing password policies for root?passingFAILING
YESDONENeeds updateRelease of 6.2.1
Mon Apr 30 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 6.2.1-0 Allow users to change the password hash algorithm Allow users to enable/disable enforcing password policies for root Update compliance tests to work with inspec profiles and compliance engine enforcement. Mon Apr 16 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 6.2.1-0 Set the default cracklib_maxclassrepeat to 3.
pupmod-simp-pki693a51a6.0.3YESYES helps IPApassingpassing
YESDONE
Release of 6.0.3
Mon Apr 16 2018 Nick Miller < nick.miller at onyxpoint dot com> - 6.0.3-0 pki::copy's source parameter now accepts any string to allow for use of NSS and remote file sources. Cleanup unneeded fixtures
pupmod-simp-postfixc8f46805.1.0YESMAYBE?passingpassing
YESDONEYESRelease of 5.1.0
Tue Jun 19 2018 Nick Miller < nick.miller at onyxpoint dot com> - 5.1.0-0 Avoid changing the permissions from the vendored RPM /etc/postfix/* perms from 0640 to 0644 /usr/libexec/postfix management is no longer recursive - /var/spool/mail perms from 0755 to 0775 Cleanup unneeded fixtures and update CI assets Thu May 17 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> - 5.1.0-0 Added main_cf_hash parameter so a list of additional settings for main.cf file can be added without the need for entering a resource for each one. Added the smtpd_client_restrict entry to main.cf per the STIG. Updated simpcat to concat. Rearranged code into sub-classes to make it easier to follow.
pupmod-simp-pupmod07cd6497.6.0YESYES prevent server 94 problems
YES cron vs puppet agent daemon problems
passingpassing
YESDONEYESRelease of 7.6.0
Fri May 04 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 7.6.0-0 Changed some 'validate_re' statements to 'assert_type' to remove deprecation warnings Added 'pupmod::master::generate_types' (enabled by default) which: Adds a script, /usr/local/sbin/simp_generate_types that will run 'puppet generate types' either on all environments (when first distributed by Puppet) or per environment Adds incron hooks to run 'simp_generate_types' when Ruby files in any puppet type have been updated Adds incron hooks to run 'simp_generate_types' on any new environment Adds incron hooks to run 'simp_generate_types' on all environments if the puppetserver binary is updated All errors are logged to syslog Tue Apr 17 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> - 7.6.0-0 Added line in puppet cron to shutdown/disable puppet client service. Added check in agent/cron manifest to disable and stop puppet client service so it would not run multiple times on newly kickstarted systems.
pupmod-simp-rsyncb3534c86.0.6YESNOpassingpassing
YESDONEYESRelease of 6.0.6
Tue May 08 2018 Adam Yohrling < adam.yohrling at onyxpoint dot com> - 6.0.6-0 Add order => 'numeric' setting to concat for rsyncd.conf Add support for Puppet 5 Add support for and OEL
pupmod-simp-rsyslogf3a24eb7.1.2YESYES Instead of updating to latest rsyslogpassingpassing
YESDONEYESRelease of 7.1.2
Tue May 22 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 7.1.2-0 Add a systemd rsyslog.service override file that fixes a service ordering problem present with older versions of rsyslog. The override ensures the network.target and network-online.target units are added to the 'Wants' and 'After' lists for the rsyslog.service.
pupmod-simp-rsyslog74d6137.2.0NOPROPOSEDpassingpassing
PROPOSEDDONEYES

pupmod-simp-rsyslog does not allow a TLS encrypted server to
be configured to forward to a follow-on unencrypted rsyslog server.

This PR incorporates the initial Rsyslog 8 solution provided by Ralph Wright.

- Removed all ActionSendStreamDriver* directives from the global
configuration for Rsyslog 8.
- Only set ActionSendStreamDriverMode in global configuration
for Rsyslog 7 when sending TLS-encrypted messages.
- Updated manifest documentation for clarity
- Fixed bug in default suite acceptance test that did not allow
centos-6.yml node set to be run.
- Added a double forward acceptance test:
client -> TLS server -> plain TCP server

- Fixed a bug in which removal of a rsyslog::rule from the catalog
did not cause the rsyslog service to restart, when other rules
corresponding to files in the same rsyslog configuration
subdirectory were present.

- Clarified the explanation in /etc/rsyslog.d/README_SIMP.conf, as
users have thought that simply dropping their custom rsyslog rules
into /etc/rsyslog.d would be sufficient for these rules to be
included in the rsyslog rule set.

pupmod-simp-selinux013dd5a2.2.0YESNO less confusing, but not requiredpassingpassing
YESDONEYESRelease of 2.2.0
Mon Apr 23 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> -2.2.0-0 simp_options::selinux was supposed to indicate if the selinux module should be included. Class include lists set in the simp module would include selinux reguardless of this setting. This option was also being used to set the state of selinux. This caused confusion so simp_options::selinux setting was removed. The selinux state, set by the ensure parameter, is defaulted to 'enforcing'. This will result in the same behavior as if simp_options::selinux was set to true. See the pupmod-simp-simp module to see which scenarios include selinux by default.
pupmod-simp-simpd1ff2434.5.0YESYES, SIMP-4966passingpassing
YESDONEYESRelease of 4.5.0
Wed Jun 20 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 4.5.0-0 Use the sudo::user_specification default host list which is correct for almost all cases Fri Jun 08 2018 Dylan Cochran < dylan.cochran at onyxpoint dot com> - 4.5.0-0 Add Windows support Change /root perms to RPM default of 0550 Change /etc/rc.d/rc.local perms to RPM default of 0755 Thu May 03 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 4.5.0-0 Created standalone SIMP client bootstrap script, bootstrap_simp_client. Created simp::server::kickstart::runpuppet replacement, simp::server::kickstart::simp_client_bootstrap, that manages service files for kickstarting a SIMP client, using bootstrap_simp_client and either a sysv (simp_client_bootstrap) or a systemd (simp_client_bootstrap.service) service script. This replacement provides the following improvements: Exponential backoff of requests to the Puppet server, to minimize Puppet server overload. Configurable bootstrap timeout. An option to force a client reboot on client bootstrap failure. More effective puppet agent processing. The bootstrapping takes fewer puppet agent runs. Finer grained control of the bootstrap algorithm. Error handling Bootstrap operation errors are now detected and logged. - Failed puppet agent runs are now retried, instead of blindly continuing on. - Timestamped log messages in the bootstrap log file. This includes messages from bootstrap_simp_client, puppet agent, and fixfiles. service start simp::server::kickstart::runpuppet is deprecated and will be removed in a future release Fri Apr 27 2018 Nick Miller < nick.miller at onyxpoint dot com> - 4.5.0-0 Add simp::netconsole class to manage the netconsole kernel feature Fix a few puppet-lint warnings Fri Apr 27 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 4.5.0-0 Set permissions of /etc/rc.d/rc.local to 0750, instead of 0770, Mon Apr 23 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> 4.5.0-0 simp_options::selinux was supposed to determine if the selinux module was included. However, this value was getting overridden by the class lists which independently included the selinux module. This change removes the unused simp_options::selinux setting to eliminate the confusion. See the scenario maps in the data section to see what scenarios include the selinux module. See the selinux module to see how to use puppet to enable/disable selinux. This may change the defaults for selinux in the simp_lite scenario. Tue Apr 17 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 4.5.0-0 Narrow the focus of the internal hieradata to ensure correct runs on unsupported OSs Update unsupported OS tests Add a test to ensure that an error is throw if an invalid scenario is specified Mon Apr 16 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 4.5.0-0 In the runpuppet init script used to bootstrap kickstarted clients, for EL7, persist the hostname retrieved by DHCP as a static hostname. This prevents problems that can arise on EL7 when the DHCP lease expires in the middle of the client bootstrap puppet runs. Mon Apr 02 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> - 4.5.0-0 changed permission on ctrl-alt-del-capture.service to prevent "no effect" errors in system logs.
pupmod-simp-simp_apachead8b2166.0.2YESYES SIMP-4691passingpassing
YESDONEYESRelease of 6.0.2
Thu Jun 14 2018 Nick Miller < nick.miller at onyxpoint dot com> - 6.0.2 Update systemd fixtures and CI assets
pupmod-simp-simp_dockere0fa56c0.1.1
MAYBE?passingFAILINGnoNO

Release of 0.1.1
Wed May 09 2018 Nick Miller < nick.miller at onyxpoint dot com> - 0.1.1 Update to puppetlabs/docker 1.1.0 $selinux_enabled changed from taking string to only taking booleans, breaking the hiera interpolation trick that was used to set that parameter to the selinux status of the system.
pupmod-simp-simp_elasticsearch28636545.0.2
NOpassingpassing
NO

Release of 5.0.2
Thu Jun 14 2018 Nick Miller < nick.miller at onyxpoint dot com> - 5.0.2-0 Cleanup unneeded fixtures and update CI assets
pupmod-simp-simp_gitlabf4c7e610.3.3??SOON - Newer version of gitlab-ce required to solve TLS problem without adding stunnelpassingSkips failing testsSIMP-4946YESDONEYESSee module
pupmod-simp-simp_ipa4b1ab950.1.0
SOON - After customer feedbackpassingpassing
NO

Release of 0.1.0
Thu May 17 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 0.1.0 Initial release of the simp_ipa module
pupmod-simp-simp_logstash23ee91e5.0.2
NOpassingpassing
NO

Release of 5.0.2
Thu Jun 14 2018 Nick Miller < nick.miller at onyxpoint dot com> - 5.0.2-0 Update systemd fixtures and CI assets
pupmod-simp-simp_nfsc6162be0.0.5YESMAYBEpassingpassing
YESDONEYESRelease of 0.0.5
Wed Apr 18 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 0.0.5 Allow users to properly disable autofs Added parameter, autodetect_remote, that allows users to disable the logic that determines if system is an NFS server and mounts directories locally. This allows the mounting of home directories to another NFS server.
pupmod-simp-simp_openldap8a276bb6.2.1NOPROPOSEDpassingpassing
PROPOSEDDONEYES

The concat resource controlling the slapd.access uses the default puppet ordering method so some lines may be placed in an unexpected order. In order to allow placing of new modifications in a predictable and reliable order, the concat resource should use numeric ordering.

pupmod-simp-simp_options0c95af21.2.0YESNOpassingpassing
YESDONEYESRelease of 1.2.0
Mon Apr 23 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> - 1.2.0-0 Removed simp_options::selinux. Conflicts between this setting and what was in the scenario class lists was causing unexpected results.
pupmod-simp-simp_rsyslogbce75010.2.1
NOpassingpassing
NO

Release of 0.2.1
Thu Jun 14 2018 Nick Miller < nick.miller at onyxpoint dot com> - 0.2.1-0 Update systemd fixtures and CI assets
pupmod-simp-simp_snmpd86b72e40.0.3
NOpassingpassing
NO

Release of 0.0.3
Thu Jun 14 2018 Nick Miller < nick.miller at onyxpoint dot com> - 0.0.3-0 Update fixtures and other assets
pupmod-simp-simplibcce499a3.10.0
YES release community contributionpassingFAILINGSIMP-4948YESDONEYESRelease of 3.10.0
Thu Jun 14 2018 dforste < dforste at users dot noreply dot github dot com> - 3.10.0-0 Fixed bug in cmdline face where duplicate parameters would be ignored Duplicate parameters now turn the value of the parameter into an array Fri Jun 01 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 3.10.0-0 Add a 'simplib::install' defined type that allows users to provide a Hash of packages to install along with a Hash of defaults to apply to those packages and override each package configuration if necessary. This was originally created by Nick Miller < nick.miller at onyxpoint dot com> Thu May 03 2018 Nick Miller < nick.miller at onyxpoint dot com> - 3.10.0-0 Add simplib::hash_to_opts which turns a hash into a string. Useful for generating commands.
pupmod-simp-simplibe39c4743.10.1NOPROPOSEDpassingpassing
PROPOSEDDONEYES

* Added logic to prevent respawn of systemctl isolate, if already in progress

* Added a configurable timeout for changing runlevels based on issues discovered in the field with systemctl.

* Fixed bugs in the EL6 runlevel persistence where, in some cases, the runlevel line might not get written to /etc/inittab.

pupmod-simp-ssh3ae36f26.4.2
NOpassingpassing
YESDONEYESRelease of 6.4.2
Thu May 03 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> - 6.4.2-0 Added some variables for sshd_config to meet STIG requirements. Most are just confirmation of defaults with the exception of ClientAliveInterval and ClientAliveMaxCount which have been set to activate Client Alive checks. Added compliance tests to install setting from compliance markup module and then run inspec tests to check for compliance.
pupmod-simp-ssh22a81766.4.3NOPROPOSEDpassingpassing
PROPOSEDDONEYESRemove support for RhostsRSAAuthentication in sshd_config on openssh >= 7.4 to stop logging errors.
pupmod-simp-sssd2d496d36.1.2
NOpassingpassing
NO

Release of 6.1.2
Tue Jun 19 2018 Nick Miller < nick.miller at onyxpoint dot com> - 6.1.2-0 Avoid changing the permissions from the vendored RPM /etc/sssd/ owner is no longer managed /etc/sssd/ perms went from 0640 to 0711 /etc/init.d/sssd went from 0754 to 0755 on EL6
pupmod-simp-stunnel
6.3.2??YESpassingpassing
YESDONEYESSee module
pupmod-simp-sudo477e0185.0.5
YES SIMP-4966passingpassing
YESDONEYESRelease of 5.0.5
Wed Jun 20 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 5.0.5-0 Add both fqdn and hostname to user_specification entries by default
pupmod-simp-sudo22d93a95.0.6NOPROPOSEDpassingpassing
PROPOSEDDONEYESUpdated user_specification defined type to not accept an empty hostlist.
pupmod-simp-svckill32bf9b73.2.6NOYESpassingpassing
YESDONEYES

Release of 3.2.6

Add simp_client_bootstrap service to the ignore list. If this is omitted from the ignore list, svckill will kill the bootstrap process of SIMP clients, while they are boostrapping the system.

pupmod-simp-tftpboot60f551f6.1.0
YESpassingpassing
YESDONEYESRelease of 6.1.0
Tue Apr 24 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 6.1.0-0 Added support for UEFI PXEboot. Added tftpboot::linux_model_efi. Added tftpboot::assign_host_efi. - Tested primarily on CentOS 7 (grub2). Testing of CentOS 6 UEFI boot with legacy grub is pending. Moved the tftproot root directory from /tftpboot to /var/lib/tftpboot to satisfy the STIG RHEL-07-040520 check. Added tftpboot::tftpboot_root_dir to allow users to override the new default root directory (e.g., to set it back to /tftpboot). Added tftpboot::linux_install_dir and tftpboot::package_ensure to allow more fine-grained control of this module. Explicitly set selinux context on tfptboot files/directories to tftpdir_t in order to restrict their access to read-only tftpd operation. Internally, refactored configuration to use small, private classes.
pupmod-simp-tpm2eaa8d52.0.0
TBD New module for TPM 2.0FAILINGFAILINGSIMP-4693NO

Release of 2.0.0
Mon Jan 22 2018 Jeanne Greulich < jeanne.greulich at onyxpoint dot com> - 2.0.0-0 Added support for installing the Software Stack for TPM 2.0 Added support for taking ownership of TPM 2.0
pupmod-simp-upstart6b4635a6.0.2
NOpassingpassing
YESDONEYESRelease of 6.0.2
Thu Jun 07 2018 Liz Nemsick < lnemsick.simp at gmail dot com> - 6.0.2-0 Advance beyond bad changelog entry
pupmod-simp-vnc20b5d636.0.3
MAYBE?passingFAILING
YESDONEYESRelease of 6.0.3
Tue May 08 2018 Trevor Vaughan < tvaughan at onyxpoint dot com> - 6.0.3-0 Ensure that the default VNC sessions set the IPv4 flag Ensure that the default VNC sessions set the banner to /dev/null

Unresolved Issues

key summary type updated assignee status reporter
Loading...
Refresh

Action items

  •