2019-02-12 11:41:05 +01:00
|
|
|
cis-hardening (1.2-1) unstable; urgency=medium
|
|
|
|
|
|
|
|
* Migrate generic checks from secaudit to cis-hardening
|
|
|
|
* Add crontab
|
|
|
|
* FIX: add becho to send batch output to syslog too
|
|
|
|
* Update debian 7/8/9 in help files and remove in generic scripts
|
|
|
|
* IMP: sort find result by name and version to ease reading
|
|
|
|
* FIX: remove "exernal-sources" option when running shellcheck
|
|
|
|
* Add shellcheck recommendation
|
|
|
|
* FIX: add way of completely skipping test that bugged with jessie
|
|
|
|
* Fix typo in test skeleton and add shellcheck comment
|
|
|
|
* FIX: bug crashing for undeclared variable when consitency checks failed
|
|
|
|
* IMP: tests readability and runtime error handling
|
|
|
|
* IMP: new tag in file to tell that the script should pass shellcheck
|
|
|
|
* FIX: tests return value that was always 255
|
|
|
|
* FIX: quotes in find command, misinterpreted shellcheck advice
|
|
|
|
* FEAT: Add sudo_wrapper to catch unauthorized sudo commands
|
|
|
|
* FEAT: automate shellcheck test with docker
|
|
|
|
* FIX: sed that was too greedy
|
|
|
|
* Add missing /usr/bin/su
|
|
|
|
* FIX: add /usr/bin/* path for suid/guid allowed binaries
|
|
|
|
* Adding batch mode to output just one line of text (no colors) in order to be parsed by computer tools
|
|
|
|
* Change from CIS reco and only warn (no crit) if logfile does not exist
|
|
|
|
* IMP(test): Add feature to run functional tests in docker instance
|
|
|
|
* Improve --only option to perform only specified test and no other lookalike test number
|
|
|
|
* Redirect stderr to avoid printing "no such file" error
|
|
|
|
* resolve #SOC-30 Also check /etc/security/limits.d/ for core dump limit
|
|
|
|
* Fix SOC-28, add test if file exist, if not issue error
|
|
|
|
* Add sudo management in main and utils
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 12 Feb 2019 11:39:44 +0100
|
|
|
|
|
2018-02-02 09:40:58 +01:00
|
|
|
cis-hardening (1.1-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* Add hardening templating and several enhancements
|
|
|
|
* CIS_ROOT_DIR management
|
|
|
|
* Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
|
|
|
|
* Debian packaging clean up
|
|
|
|
|
|
|
|
-- Julien Delayen <julien.delayen@corp.ovh.com> Fri, 02 Feb 2018 09:38:31 +0100
|
|
|
|
|
2017-06-05 16:36:25 +02:00
|
|
|
cis-hardening (1.0-11) jessie; urgency=low
|
|
|
|
|
|
|
|
* fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh
|
|
|
|
* [10.2] Fixed result parsing in case of spaces in passwd list
|
|
|
|
* [Debian 8] Fixed comments for debian 8 compliance
|
|
|
|
* [10.1.3] set the good value for $OPTIONS
|
|
|
|
* set a fixed-size prefix for logger
|
|
|
|
* handle ENOENT properly in does_pattern_exist_in_file\(\)
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Mon, 05 Jun 2017 14:32:56 +0200
|
|
|
|
|
2016-05-18 09:06:14 +02:00
|
|
|
cis-hardening (1.0-10) wheezy; urgency=low
|
|
|
|
|
|
|
|
* Script output should be useful with pipe or redirection
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Wed, 18 May 2016 08:38:35 +0200
|
|
|
|
|
2016-05-03 12:34:12 +02:00
|
|
|
cis-hardening (1.0-9) wheezy; urgency=low
|
|
|
|
|
|
|
|
* Fixed replace in file function with proper substitution
|
|
|
|
* tripwire : fixed typo on postinstall helper
|
|
|
|
* fix 99.1 Apply TMOUT Variable
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 03 May 2016 12:31:59 +0200
|
|
|
|
|
2016-04-25 15:15:49 +02:00
|
|
|
cis-hardening (1.0-8) wheezy; urgency=low
|
|
|
|
|
|
|
|
* phrasing reworked all over the place
|
|
|
|
* added debian dependencies bash and bc
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 26 Apr 2016 10:26:18 +0200
|
|
|
|
|
2016-04-25 09:19:46 +02:00
|
|
|
cis-hardening (1.0-7) wheezy; urgency=low
|
|
|
|
|
|
|
|
* Fixed 6.15 netstat analysis
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Mon, 25 Apr 2016 09:18:30 +0200
|
|
|
|
|
2016-04-22 14:29:33 +02:00
|
|
|
cis-hardening (1.0-6) wheezy; urgency=low
|
|
|
|
|
|
|
|
* corrected README.md CIS website address
|
|
|
|
* corrected conffiles: etc/hardening.cfg was missing
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Fri, 22 Apr 2016 14:27:40 +0200
|
|
|
|
|
2016-04-22 10:18:31 +02:00
|
|
|
cis-hardening (1.0-5) wheezy; urgency=low
|
|
|
|
|
|
|
|
* typo fix / phrasing reworked
|
|
|
|
* Fixed default file error handling and quickstart
|
|
|
|
* Fixed point 9.1.8 cron rights as a chmod 600 disabled the cron.allow
|
|
|
|
features (file must be world readable)
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Fri, 22 Apr 2016 10:15:55 +0200
|
|
|
|
|
2016-04-21 12:00:20 +02:00
|
|
|
cis-hardening (1.0-4) wheezy; urgency=low
|
|
|
|
|
|
|
|
* added AUTHORS file
|
|
|
|
* s/README/README.md/ with more details
|
|
|
|
* manpage extracted from README
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Thu, 21 Apr 2016 11:57:39 +0200
|
|
|
|
|
2016-04-20 12:39:58 +02:00
|
|
|
cis-hardening (1.0-3) wheezy; urgency=low
|
|
|
|
|
|
|
|
* add --audit-all option
|
|
|
|
* add --audit-all-enable-passed, add info in README and help
|
|
|
|
* Added exit code to CIS_ROOT_DIR test def, optimized sed and sort
|
|
|
|
* Fixed 8.2.4 check file exists before testing rights
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Wed, 20 Apr 2016 12:37:58 +0200
|
|
|
|
|
2016-04-18 17:14:56 +02:00
|
|
|
cis-hardening (1.0-2) wheezy; urgency=low
|
|
|
|
|
|
|
|
* add LICENSE
|
|
|
|
* duplicate README in /opt and /usr/share/doc
|
|
|
|
* patch conffiles for new correct configuration files names
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Tue, 19 Apr 2016 14:31:03 +0200
|
|
|
|
|
|
|
|
cis-hardening (1.0-1) stable; urgency=low
|
|
|
|
|
|
|
|
* Initial release.
|
|
|
|
|
|
|
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Mon, 18 Apr 2016 17:13:07 +0200
|