Version 2.7.0

Released 16 June 2026

This release introduces support for the Red Hat Enterprise Linux (RHEL) 10, AlmaLinux 10, Oracle Linux 10, and Rocky Linux 10 operating systems and resolves minor issues to improve the reliability of Puppet runs.

New features and enhancements

• Support for RHEL 10, AlmaLinux 10, Oracle Linux 10, and Rocky Linux 10. You can use SCE to enforce the Center for Internet Security (CIS) Benchmark for RHEL 10. The CIS Benchmark is v1.0.1, Server Levels 1 and 2. In addition, you can enforce the CIS Benchmark, v1.0.0, on AlmaLinux 10, Oracle Linux 10, and Rocky Linux 10.
  

Resolved issues

• rsyslog.conf file unconditionally overwritten. Previously, the file was unconditionally overwritten on every Puppet run, even when the rsyslog logging configuration control was set to ignore. This issue affected the following operating systems: RHEL 7, 8, and 9 and its derivatives, AlmaLinux, Oracle Linux, and Rocky Linux. The issue is resolved, and no action is required by users.

• Advanced Intrusion Detection Environment (AIDE) utility class. Previously, SCE generated incorrect configuration options in the /etc/aide.conf file for AIDE 0.19.x, which ships with RHEL 9. The issue caused the aide --init command to fail on RHEL 9, and error messages such as the following were generated: /etc/aide.conf:7: unexpected character: ':' (line: 'database=file:@@{DBDIR}/aide.db.gz'). The issue was resolved by updating deprecated AIDE directives in SCE.

• Reference information on Puppet Forge. Previously, the Reference tab on Puppet Forge displayed information that contradicted the product documentation. The product documentation states that, for CIS Benchmarks, the only supported profile is server. However, the Reference tab indicated that both server and workstation profiles were supported. The Reference tab was regenerated to match the product documentation.

  Deprecation

• RHEL 7. RHEL 7 is end of life and no longer supported.