Chef Automate 1.8.38 Released

We are delighted to announce release 1.8.38 of Chef Automate. The release is available for download from https://downloads.chef.io/automate.

New Features

  • automate-ctl install-runner supports a non-standard ssh port with the -p or --port options.
  • RHEL7 Server CIS Compliance Profiles refactored to improve overall testing methods and effectiveness
  • Windows 2012 DC and Member Server CIS Compliance Profiles refactored to improve overall testing methods and effectiveness
  • The reaper service can now be configured to remove missing nodes from the Nodes tab on a schedule by setting the reaper['insights_clean_missing_nodes'] setting to true alongside the reaper['insights_retention_period_in_days'] setting.
  • The Compliance Scanner feature is available in the Chef Automate Pilot demo environment

Resolved Issues

  • More than 100 nodes are now displayed on the scan job creation page
  • The cron job for the reaper service runs on schedule again
  • The sudo checkbox on the Scanner Node configuration page is now correctly labeled as ‘Enable Sudo’

RHEL7 CIS Compliance Profile fixes:

  • Corrected control 1.6.1.1 “Ensure SELinux is not disabled in bootloader configuration”
  • Corrected control 5.2.14 “Ensure SSH LoginGraceTime is set to one minute or less”
  • Corrected control 3.6.2 “Ensure default deny firewall policy”
  • Corrected control 5.2.11 “Ensure only approved ciphers are used”
  • Corrected control 5.1.1 “Ensure cron daemon is enabled”
  • Corrected control 1.3.2 “Ensure file system integrity is regularly checked”

We encourage you to upgrade often. As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate!