debian-cis/README

# CIS Debian 7 Hardening git repository
# Authors : Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com>
# This is the code base which will be used to fill CIS hardening requirements

# Hardening scripts :
# bin/hardening : Every script has a .cfg associated, status must be defined here

# Configuration
# etc/hardening.cfg : Global variables defined such as backup directory, or log level
# etc/conf.d        : Folder with all .cfg associated to hardening scripts

# Status parameter will define on each script if it has to be disabled (do nothing), audit (RO), enabled (RW)
# Enabled will perform audit and most of the time correct your system accordingly. 
# There is exceptions as it is difficult to know how you want to correct that.

# Main script : 
# bin/hardening.sh : Will execute hardening according to configuration
# Options are :
# --apply                   : Will apply hardening when scripts have status enabled (RW), and audit points where status is audit (RO)
# --audit                   : Will audit hardening when scripts have status enabled or audit (RO)
# --audit-all               : Apply audit (RO) on all scripts
# --audit-all-enable-passed : Apply audit (RO) on all scripts, and *modify* configuration files to enable scripts that passed. In other words, this is an easy way to enable scripts for which you're already compliant. However, please always review each activated script afterwards, this option should only be regarded as a way to kickstart a configuration from scratch faster than otherwise. Don't run this if you have already customized the scripts enable/disable configurations, obviously.
Initial Commit Basic folders 2016-04-01 07:50:08 +02:00			`# CIS Debian 7 Hardening git repository`
All configuration defaults to disabled README updated 2016-04-18 13:19:46 +02:00			`# Authors : Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com>`
skeleton 2016-04-01 16:48:31 +02:00			`# This is the code base which will be used to fill CIS hardening requirements`
All configuration defaults to disabled README updated 2016-04-18 13:19:46 +02:00
			`# Hardening scripts :`
			`# bin/hardening : Every script has a .cfg associated, status must be defined here`

			`# Configuration`
			`# etc/hardening.cfg : Global variables defined such as backup directory, or log level`
Corrected script names, added License, Completed README and corrected bug with too long logger messages 2016-04-19 09:31:01 +02:00			`# etc/conf.d : Folder with all .cfg associated to hardening scripts`

			`# Status parameter will define on each script if it has to be disabled (do nothing), audit (RO), enabled (RW)`
			`# Enabled will perform audit and most of the time correct your system accordingly.`
			`# There is exceptions as it is difficult to know how you want to correct that.`

			`# Main script :`
			`# bin/hardening.sh : Will execute hardening according to configuration`
			`# Options are :`
add --audit-all-enable-passed, add info in README and help 2016-04-19 20:16:47 +02:00			`# --apply : Will apply hardening when scripts have status enabled (RW), and audit points where status is audit (RO)`
			`# --audit : Will audit hardening when scripts have status enabled or audit (RO)`
			`# --audit-all : Apply audit (RO) on all scripts`
			`# --audit-all-enable-passed : Apply audit (RO) on all scripts, and modify configuration files to enable scripts that passed. In other words, this is an easy way to enable scripts for which you're already compliant. However, please always review each activated script afterwards, this option should only be regarded as a way to kickstart a configuration from scratch faster than otherwise. Don't run this if you have already customized the scripts enable/disable configurations, obviously.`