Release Notes 25.10

This document describes announcements and discontinuations in the scope of services of ix.Cloud.

Discontinuations

No updates

Announcements

Addon System Update Microsoft Edge Updates are now released daily

To close security vulnerabilities faster, Edge updates will be checked and released daily on the WSUS server starting October 29th.

After release, the update is available for the VM without restart.

The update can be installed through the monthly update or a one-time update, which will result in a VM restart.

As an alternative, the standard scheduled task can be used for installation without restarting the VM.

The new feature is available for all Windows servers with the System Update Add-on.

Guides

The guideline "CIS Policies for Linux excludieren" will be removed as the IX Security Baseline is now standardly integrated into the image build process and these guidelines are no longer relevant.

Change Log

Textual changes in the service catalog are described per release in the Change Log.

The goal is to provide a transparent and traceable medium for content changes.

New Old Where

To close security vulnerabilities faster, Edge updates are released daily on the WSUS server.
After release, the update is available for the VM without restart.
The update can be installed through the monthly update or a one-time update, which will result in a VM restart.
The update can be manually installed by the user in the OS.
As an alternative, the standard scheduled task can be configured by the VM owner for installation. <No description> Reference
Patching Addon System Update

New	Old	Where
To close security vulnerabilities faster, Edge updates are released daily on the WSUS server. After release, the update is available for the VM without restart. The update can be installed through the monthly update or a one-time update, which will result in a VM restart. The update can be manually installed by the user in the OS. As an alternative, the standard scheduled task can be configured by the VM owner for installation.	<No description>	Reference Patching Addon System Update
<Entry deleted>	CIS Policies for Linux excludieren On Linux VMs (Red Hat Enterprise Linux and AlmaLinux) with CIS add-on enabled, CIS policies can be excluded as follows: Switch to the Ansible vars directory `cd /etc/ansible/vars.d` Create file (filename is irrelevant): `touch cis_excludes.yml` Enter CIS excludes as variables according to the example (see below) in the file just created Example of a CIS exclude file in which CIS rules 2.2.16 and 2.2.17 are excluded: `cis_2_2_16: false cis_2_2_17: false` Important: The exclude variables must be in the above format (e.g., to exclude rule 2.2.16, the variable must be set as follows: `cis_2_2_16: false`) Additional information Execution of the role The CIS role is automatically executed once a day. If you want to execute it directly, you can do so with the following command: `ixcloud -r cis-hardening -f` The logs are displayed immediately after executing the command and can also be found under /var/log/ixcloud/ansible.log Finding CIS rules (rule numbers) The currently set CIS rules can be checked in the Ansible role on the Linux VM: `cat /etc/ansible/roles/cis-hardening/roles/redhat_<release>/defaults/main.yml` *where <release> should be replaced with the Red Hat version (e.g., 8, 9). The CIS rules and their numbers correspond to the official CIS catalog which can be obtained from https://www.cisecurity.org/benchmark/red_hat_linux.	Reference CIS Policies for Linux excludieren \| ix.Cloud Docs

CIS Policies for Linux excludieren

On Linux VMs (Red Hat Enterprise Linux and AlmaLinux) with CIS add-on enabled, CIS policies can be excluded as follows:

Switch to the Ansible vars directory cd /etc/ansible/vars.d
Create file (filename is irrelevant): touch cis_excludes.yml
Enter CIS excludes as variables according to the example (see below) in the file just created

Example of a CIS exclude file in which CIS rules 2.2.16 and 2.2.17 are excluded:

cis_2_2_16: false
cis_2_2_17: false

Important: The exclude variables must be in the above format (e.g., to exclude rule 2.2.16, the variable must be set as follows: cis_2_2_16: false)

Additional information

Execution of the role

The CIS role is automatically executed once a day. If you want to execute it directly, you can do so with the following command:

ixcloud -r cis-hardening -f

The logs are displayed immediately after executing the command and can also be found under /var/log/ixcloud/ansible.log

Finding CIS rules (rule numbers)

The currently set CIS rules can be checked in the Ansible role on the Linux VM:

cat /etc/ansible/roles/cis-hardening/roles/redhat_<release>/defaults/main.yml

*where <release> should be replaced with the Red Hat version (e.g., 8, 9).

The CIS rules and their numbers correspond to the official CIS catalog which can be obtained from https://www.cisecurity.org/benchmark/red_hat_linux.

Reference
CIS Policies for Linux excludieren | ix.Cloud Docs

Discontinuations​

Announcements​

Guides​

Change Log​

CIS Policies for Linux excludieren​

Additional information​

Execution of the role​

Finding CIS rules (rule numbers)​