mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-22 22:15:24 +01:00
Renum 8.1.x auditing configuration
renamed: bin/hardening/8.1.1.1_audit_log_storage.sh -> bin/hardening/4.1.1.1_audit_log_storage.sh renamed: bin/hardening/8.1.1.2_halt_when_audit_log_full.sh -> bin/hardening/4.1.1.2_halt_when_audit_log_full.sh renamed: bin/hardening/8.1.1.3_keep_all_audit_logs.sh -> bin/hardening/4.1.1.3_keep_all_audit_logs.sh renamed: bin/hardening/8.1.10_record_dac_edit.sh -> bin/hardening/4.1.10_record_dac_edit.sh renamed: bin/hardening/8.1.11_record_failed_access_file.sh -> bin/hardening/4.1.11_record_failed_access_file.sh renamed: bin/hardening/8.1.12_record_privileged_commands.sh -> bin/hardening/4.1.12_record_privileged_commands.sh renamed: bin/hardening/8.1.13_record_successful_mount.sh -> bin/hardening/4.1.13_record_successful_mount.sh renamed: bin/hardening/8.1.14_record_file_deletions.sh -> bin/hardening/4.1.14_record_file_deletions.sh renamed: bin/hardening/8.1.15_record_sudoers_edit.sh -> bin/hardening/4.1.15_record_sudoers_edit.sh renamed: bin/hardening/8.1.16_record_sudo_usage.sh -> bin/hardening/4.1.16_record_sudo_usage.sh renamed: bin/hardening/8.1.17_record_kernel_modules.sh -> bin/hardening/4.1.17_record_kernel_modules.sh renamed: bin/hardening/8.1.18_freeze_auditd_conf.sh -> bin/hardening/4.1.18_freeze_auditd_conf.sh renamed: bin/hardening/8.1.2_enable_auditd.sh -> bin/hardening/4.1.2_enable_auditd.sh renamed: bin/hardening/8.1.3_audit_bootloader.sh -> bin/hardening/4.1.3_audit_bootloader.sh renamed: bin/hardening/8.1.4_record_date_time_edit.sh -> bin/hardening/4.1.4_record_date_time_edit.sh renamed: bin/hardening/8.1.5_record_user_group_edit.sh -> bin/hardening/4.1.5_record_user_group_edit.sh renamed: bin/hardening/8.1.6_record_network_edit.sh -> bin/hardening/4.1.6_record_network_edit.sh renamed: bin/hardening/8.1.7_record_mac_edit.sh -> bin/hardening/4.1.7_record_mac_edit.sh renamed: bin/hardening/8.1.8_record_login_logout.sh -> bin/hardening/4.1.8_record_login_logout.sh renamed: bin/hardening/8.1.9_record_session_init.sh -> bin/hardening/4.1.9_record_session_init.sh renamed: tests/hardening/8.1.9_record_session_init.sh -> tests/hardening/4.1.1.1_audit_log_storage.sh renamed: tests/hardening/8.1.8_record_login_logout.sh -> tests/hardening/4.1.1.2_halt_when_audit_log_full.sh renamed: tests/hardening/8.1.7_record_mac_edit.sh -> tests/hardening/4.1.1.3_keep_all_audit_logs.sh renamed: tests/hardening/8.1.6_record_network_edit.sh -> tests/hardening/4.1.10_record_dac_edit.sh renamed: tests/hardening/8.1.5_record_user_group_edit.sh -> tests/hardening/4.1.11_record_failed_access_file.sh renamed: tests/hardening/8.1.4_record_date_time_edit.sh -> tests/hardening/4.1.12_record_privileged_commands.sh renamed: tests/hardening/8.1.3_audit_bootloader.sh -> tests/hardening/4.1.13_record_successful_mount.sh renamed: tests/hardening/8.1.2_enable_auditd.sh -> tests/hardening/4.1.14_record_file_deletions.sh renamed: tests/hardening/8.1.18_freeze_auditd_conf.sh -> tests/hardening/4.1.15_record_sudoers_edit.sh renamed: tests/hardening/8.1.17_record_kernel_modules.sh -> tests/hardening/4.1.16_record_sudo_usage.sh renamed: tests/hardening/8.1.16_record_sudo_usage.sh -> tests/hardening/4.1.17_record_kernel_modules.sh renamed: tests/hardening/8.1.15_record_sudoers_edit.sh -> tests/hardening/4.1.18_freeze_auditd_conf.sh renamed: tests/hardening/8.1.14_record_file_deletions.sh -> tests/hardening/4.1.2_enable_auditd.sh renamed: tests/hardening/8.1.13_record_successful_mount.sh -> tests/hardening/4.1.3_audit_bootloader.sh renamed: tests/hardening/8.1.12_record_privileged_commands.sh -> tests/hardening/4.1.4_record_date_time_edit.sh renamed: tests/hardening/8.1.11_record_failed_access_file.sh -> tests/hardening/4.1.5_record_user_group_edit.sh renamed: tests/hardening/8.1.10_record_dac_edit.sh -> tests/hardening/4.1.6_record_network_edit.sh renamed: tests/hardening/8.1.1.3_keep_all_audit_logs.sh -> tests/hardening/4.1.7_record_mac_edit.sh renamed: tests/hardening/8.1.1.2_halt_when_audit_log_full.sh -> tests/hardening/4.1.8_record_login_logout.sh renamed: tests/hardening/8.1.1.1_audit_log_storage.sh -> tests/hardening/4.1.9_record_session_init.sh
This commit is contained in:
parent
032aaa7c79
commit
00dd3ef591
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.1.1 Configure Audit Log Storage Size (Not Scored)
|
||||
# 4.1.1.1 Ensure audit log storage size is configured (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.1.2 Disable System on Audit Log Full (Not Scored)
|
||||
# 4.1.1.2 Ensure system is disabled when audit logs are full (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.1.3 Keep All Auditing Information (Scored)
|
||||
# 4.1.1.3 Ensure audit logs are not automatically deleted (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.10 Collect Discretionary Access Control Permission Modification Events (Scored)
|
||||
# 4.1.10 Ensure discretionary access control permission modification events are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.11 Collect Unsuccessful Unauthorized Access Attempts to Files (Scored)
|
||||
# 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.12 Collect Use of Privileged Commands (Scored)
|
||||
# 4.1.12 Ensure use of privileged commands is collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.13 Collect Successful File System Mounts (Scored)
|
||||
# 4.1.13 Ensure successful file system mounts are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.14 Collect File Deletion Events by User (Scored)
|
||||
# 4.1.14 Ensure file deletion events by users are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.15 Collect Changes to System Administration Scope (sudoers) (Scored)
|
||||
# 4.1.15 nsure changes to system administration scope (sudoers) is collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.16 Collect System Administrator Actions (sudolog) (Scored)
|
||||
# 4.1.16 Ensure system administrator actions (sudolog) are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.17 Collect Kernel Module Loading and Unloading (Scored)
|
||||
# 4.1.17 Ensure kernel module loading and unloading is collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.18 Make the Audit Configuration Immutable (Scored)
|
||||
# 4.1.18 Ensure the audit configuration is immutable (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.2 Install and Enable auditd Service (Scored)
|
||||
# 4.1.2 Ensure auditd service is enabled (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
@ -27,7 +27,7 @@ audit () {
|
||||
is_service_enabled $SERVICE_NAME
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$SERVICE_NAME is enabled"
|
||||
else
|
||||
else
|
||||
crit "$SERVICE_NAME is not enabled"
|
||||
fi
|
||||
fi
|
||||
@ -45,7 +45,7 @@ apply () {
|
||||
is_service_enabled $SERVICE_NAME
|
||||
if [ $FNRET = 0 ]; then
|
||||
ok "$SERVICE_NAME is enabled"
|
||||
else
|
||||
else
|
||||
warn "$SERVICE_NAME is not enabled, enabling it"
|
||||
update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
|
||||
update-rc.d $SERVICE_NAME defaults > /dev/null 2>&1
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.3 Enable Auditing for Processes That Start Prior to auditd (Scored)
|
||||
# 4.1.3 Ensure auditing for processes that start prior to auditd is enabled (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.4 Record Events That Modify Date and Time Information (Scored)
|
||||
# 4.1.4 Ensure events that modify date and time information are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.5 Record Events That Modify User/Group Information (Scored)
|
||||
# 4.1.5 Ensure events that modify user/group information are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.6 Record Events That Modify the System's Network Environment (Scored)
|
||||
# 4.1.6 Ensure events that modify the system's network environment are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.7 Record Events That Modify the System's Mandatory Access Controls (Scored)
|
||||
# 4.1.7 Ensure that events that modify the system's Mandatory Access Controls are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.8 Collect Login and Logout Events (Scored)
|
||||
# 4.1.8 Ensure login and logout events are collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -5,7 +5,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 8.1.9 Collect Session Initiation Information (Scored)
|
||||
# 4.1.9 Ensure session initiation information is collected (Scored)
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
Loading…
Reference in New Issue
Block a user