debian-cis/debian/changelog

257 lines
9.8 KiB
Plaintext
Raw Normal View History

2020-10-28 09:26:51 +01:00
cis-hardening (2.0-1) unstable; urgency=medium
* Add missing tests CUPS, telnet and LDAP
* Renum 2.6.x to 1.1.x for /var/tmp
* Renum logrotate config 8.4 to 4.3
* Renumbering custom 99.* scripts as newcomers to CIS benchmark
* Renum User and Groups settings 13.x to 6.2.x
* Renum 12.x checks to 6.1.x Verify_System_File_Permissions
* Renum warning banners checks 11.x to 1.7.x
* Renum 10.x to 5.4.x
* Renum login.defs 10.1.x to 5.4.1.x
* Renum 9.x tty and su checks
* Renum ssh config check 9.3.x to 5.2.x
* Renum 9.2.x to 5.3.x Pam password settings
* Renum 9.1.x to 5.1.x cron checks
* Renum 8.2.x to 4.2.2.x for syslog-ng
* Renum 8.1.x auditing configuration
* Renumber 7.5.x and 7.6
* Renumber 7.4.x tcp wrappers
* Renumber network params 7.1.x, 7.2.x and 7.3
* Renumber special purpose services 6.x
* Renumbering OS services checks and removing obsolete ones
* Renumbering 4.x checks
* Renumbering of bootloader checks
* First batch of renaming to comply to comply to 8v2 and 9 pdf
-- Charles Herlin <charles.herlin@corp.ovh.com> Wed, 23 Oct 2019 14:07:13 +0200
2020-10-05 17:26:13 +02:00
cis-hardening (1.3-4) unstable; urgency=medium
* ADD(1.3.1): Install Ossec
* ADD(4.2.3): Syslog-ng install
* ADD(4.2.4): Logs permissions
* ADD(5.2.2, 5.2.3): SSH host keys permissions and ownership
* ADD(5.2.17): SSHD login grace time
-- Thibault AYANIDES <tayanide@ovhcloud.com> Mon, 19 Oct 2020 16:31:48 +0200
cis-hardening (1.3-3) unstable; urgency=medium
* changelog: update changelog
* IMP(12.8,12.9,12.10,12.11): be able to exclude some paths
-- Benjamin MONTHOUËL <benjamin.monthouel@ovhcloud.com> Mon, 30 Mar 2020 19:12:03 +0200
2019-10-22 15:08:56 +02:00
cis-hardening (1.3-2) unstable; urgency=medium
* IMP(test/13.12): ignore the phony '/nonexistent' home folder
-- Stéphane Lesimple <stephane.lesimple@corp.ovh.com> Tue, 22 Oct 2019 15:15:34 +0200
2019-08-28 14:59:51 +02:00
cis-hardening (1.3-1) unstable; urgency=medium
* Change of version numbering
-- Charles Herlin <charles.herlin@corp.ovh.com> Wed, 28 Aug 2019 14:57:33 +0200
2019-08-28 12:35:58 +02:00
cis-hardening (1.2-6) unstable; urgency=medium
* FIX(test/10.2): backup and restore /etc/passwd after test
* IMP(99.3.1): improve check with disabled passwords
* FIX(10.2): improve test to check multiple login shells
-- Charles Herlin <charles.herlin@corp.ovh.com> Wed, 28 Aug 2019 12:34:52 +0200
cis-hardening (1.2-5) unstable; urgency=medium
* fix(99.4): do not stderr iptables warning on buster
-- Kevin Tanguy <kevin.tanguy@ovh.net> Wed, 14 Aug 2019 10:34:15 +0200
cis-hardening (1.2-4) unstable; urgency=medium
2019-04-04 16:27:17 +02:00
* changelog: update changelog
2019-04-04 16:27:17 +02:00
* FIX(99.1): remove dot in files to search
* FIX(13.15): fix code that did not show duplicated group
* FIX(99.5.4): fix regex to allow other authkey options than "from"
* FIX(batch): sed \n to space in batch echo
-- Charles Herlin <charles.herlin@corp.ovh.com> Thu, 04 Apr 2019 16:14:44 +0200
2019-03-06 08:33:18 +01:00
cis-hardening (1.2-3) unstable; urgency=medium
* Debian release 1.2-3
* 99.5.4: add conf to check only listed users (bastions)
-- Kevin Tanguy <kevin.tanguy@ovh.net> Wed, 06 Mar 2019 08:29:30 +0100
2019-02-28 13:03:09 +01:00
cis-hardening (1.2-2) unstable; urgency=medium
* Debian release 1.2-2
2019-03-01 14:41:28 +01:00
* FIX(8.2.4): script crashed when touching a logfile in subdir of /var/log
* IMP(8.2.4): add exceptions in check and apply
* IMP(8.2.5): follow symlinks in find
* FIX(8.3.2): add $SUDO_CMD to find
* FIX(8.2.5): grep: x is a directory
2019-02-28 13:03:09 +01:00
* FEAT(2.6.x): retrieve actual partition in case if bind mount
* CHORE: replace `==` with `=` that is bash syntax
* CHORE(test 8.2.5): removed useless cleanup line
* FIX(9.3.2): dismiss test for initial after e7d9977
* FIX(12.1x): fix tests exception for mail after da6acb0b
* CHORE(2.1x): use "readlink -e" instead of custom func
* IMP(9.3.2): Comply with Debian9 guide: verbose ssh loglevel
* IMP(13.13): improve exception detection
* IMP(9.3.2): Add custom configuration management
* IMP(13.13): Add exceptions for home directories not owned by owner
* IMP(8.2.5): find multiline pattern in files (syslog)
* IMP(2.1x): Retrieve actual partition when symlink
* FIX(tests): change sed to audit in test skeleton after 81f9348
* FIX CONFIG_AUDIT test
-- Kevin Tanguy <kevin.tanguy@ovh.net> Thu, 28 Feb 2019 12:55:15 +0100
2019-02-12 11:41:05 +01:00
cis-hardening (1.2-1) unstable; urgency=medium
2019-02-19 15:40:27 +01:00
* CHORE(tests): cleanup test files
* FIX(tests): change sed in conf file disabled->audit following d6172ad
* CHORE(tests): Cleanup test files
* FIX(tests): improve test cases and cleanup
* FIX(99.2): add missing $SUDO_CMD
* FIX(sudoers): add missing `test`
* FIX(test): catch return values when retval differs to avoid runtime error
* Add test stub for all audit checks, to tests root/sudo consistency
* Rename dismiss_test to skip_tests since test won't even run in this case
* dismiss_count will still report failed root/sudo consistency failure
* properly purge remaining config files on purge
* Change default status to audit for file with custom `create_config`
* Change default status disabled -> audit when no conf file
* FIX package name in example-cron.d-entry
* Improve user management in test cases
* IMP: enhance scripts that check duplicate UID
* FIX: usage if no RUN_MODE, fix only that used to run too many checks
* changelog: Update to 1.2-1 (go cds go)
2019-02-12 11:41:05 +01:00
* Migrate generic checks from secaudit to cis-hardening
* Add crontab
* FIX: add becho to send batch output to syslog too
* Update debian 7/8/9 in help files and remove in generic scripts
* IMP: sort find result by name and version to ease reading
* FIX: remove "exernal-sources" option when running shellcheck
* Add shellcheck recommendation
* FIX: add way of completely skipping test that bugged with jessie
* Fix typo in test skeleton and add shellcheck comment
* FIX: bug crashing for undeclared variable when consitency checks failed
* IMP: tests readability and runtime error handling
* IMP: new tag in file to tell that the script should pass shellcheck
* FIX: tests return value that was always 255
* FIX: quotes in find command, misinterpreted shellcheck advice
* FEAT: Add sudo_wrapper to catch unauthorized sudo commands
* FEAT: automate shellcheck test with docker
* FIX: sed that was too greedy
* Add missing /usr/bin/su
* FIX: add /usr/bin/* path for suid/guid allowed binaries
* Adding batch mode to output just one line of text (no colors) in order to be parsed by computer tools
* Change from CIS reco and only warn (no crit) if logfile does not exist
* IMP(test): Add feature to run functional tests in docker instance
* Improve --only option to perform only specified test and no other lookalike test number
* Redirect stderr to avoid printing "no such file" error
* resolve #SOC-30 Also check /etc/security/limits.d/ for core dump limit
* Fix SOC-28, add test if file exist, if not issue error
* Add sudo management in main and utils
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 12 Feb 2019 11:39:44 +0100
cis-hardening (1.1-1) unstable; urgency=low
* Add hardening templating and several enhancements
* CIS_ROOT_DIR management
* Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
* Debian packaging clean up
-- Julien Delayen <julien.delayen@corp.ovh.com> Fri, 02 Feb 2018 09:38:31 +0100
2017-06-05 16:36:25 +02:00
cis-hardening (1.0-11) jessie; urgency=low
* fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh
* [10.2] Fixed result parsing in case of spaces in passwd list
* [Debian 8] Fixed comments for debian 8 compliance
* [10.1.3] set the good value for $OPTIONS
* set a fixed-size prefix for logger
* handle ENOENT properly in does_pattern_exist_in_file\(\)
-- Kevin Tanguy <kevin.tanguy@ovh.net> Mon, 05 Jun 2017 14:32:56 +0200
2016-05-18 09:06:14 +02:00
cis-hardening (1.0-10) wheezy; urgency=low
* Script output should be useful with pipe or redirection
-- Kevin Tanguy <kevin.tanguy@ovh.net> Wed, 18 May 2016 08:38:35 +0200
2016-05-03 12:34:12 +02:00
cis-hardening (1.0-9) wheezy; urgency=low
* Fixed replace in file function with proper substitution
* tripwire : fixed typo on postinstall helper
* fix 99.1 Apply TMOUT Variable
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 03 May 2016 12:31:59 +0200
cis-hardening (1.0-8) wheezy; urgency=low
* phrasing reworked all over the place
* added debian dependencies bash and bc
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 26 Apr 2016 10:26:18 +0200
2016-04-25 09:19:46 +02:00
cis-hardening (1.0-7) wheezy; urgency=low
* Fixed 6.15 netstat analysis
-- Kevin Tanguy <kevin.tanguy@ovh.net> Mon, 25 Apr 2016 09:18:30 +0200
2016-04-22 14:29:33 +02:00
cis-hardening (1.0-6) wheezy; urgency=low
* corrected README.md CIS website address
* corrected conffiles: etc/hardening.cfg was missing
-- Kevin Tanguy <kevin.tanguy@ovh.net> Fri, 22 Apr 2016 14:27:40 +0200
2016-04-22 10:18:31 +02:00
cis-hardening (1.0-5) wheezy; urgency=low
* typo fix / phrasing reworked
* Fixed default file error handling and quickstart
* Fixed point 9.1.8 cron rights as a chmod 600 disabled the cron.allow
features (file must be world readable)
-- Kevin Tanguy <kevin.tanguy@ovh.net> Fri, 22 Apr 2016 10:15:55 +0200
2016-04-21 12:00:20 +02:00
cis-hardening (1.0-4) wheezy; urgency=low
* added AUTHORS file
* s/README/README.md/ with more details
* manpage extracted from README
-- Kevin Tanguy <kevin.tanguy@ovh.net> Thu, 21 Apr 2016 11:57:39 +0200
2016-04-20 12:39:58 +02:00
cis-hardening (1.0-3) wheezy; urgency=low
* add --audit-all option
* add --audit-all-enable-passed, add info in README and help
* Added exit code to CIS_ROOT_DIR test def, optimized sed and sort
* Fixed 8.2.4 check file exists before testing rights
-- Kevin Tanguy <kevin.tanguy@ovh.net> Wed, 20 Apr 2016 12:37:58 +0200
2016-04-18 17:14:56 +02:00
cis-hardening (1.0-2) wheezy; urgency=low
* add LICENSE
* duplicate README in /opt and /usr/share/doc
* patch conffiles for new correct configuration files names
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 19 Apr 2016 14:31:03 +0200
cis-hardening (1.0-1) stable; urgency=low
* Initial release.
-- Kevin Tanguy <kevin.tanguy@ovh.net> Mon, 18 Apr 2016 17:13:07 +0200