feat: official Debian 11 compatibility (#176)

Introduce Debian 11 compatibility Based on CIS_Debian_Linux_11_Benchmark_v1.0.0 After review, here are the notable changes : - Harden /var/log more (noexec,nodev,nosuid) - Harden /var/log/audit more (noexec,nodev,nosuid) - Harden /home more (nosuid) - Disable cramfs - Fix 5.3.4_acc_pam_sha512.sh - Deprecate Debian 9 and remove useless docker images NB : more audit log rules have been introduced and will be inserted in the checks later Fix #158
2025-06-23 19:14:34 +02:00 · 2023-05-02 14:16:19 +02:00
parent 05521d5961
commit 04457e7df2
29 changed files with 1168 additions and 62 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,4 @@
-# :lock: CIS Debian 9/10 Hardening
-
-:tada: **News**: this project is back in the game and is from now on maintained. Be free to use and to
-report issues if you find any!
+# :lock: CIS Debian 10/11 Hardening


 <p align="center">
@ -16,7 +13,7 @@ report issues if you find any!
 ![License](https://img.shields.io/github/license/ovh/debian-cis)
 ---

-Modular Debian 9/10 security hardening scripts based on [cisecurity.org](https://www.cisecurity.org)
+Modular Debian 10/11 security hardening scripts based on [cisecurity.org](https://www.cisecurity.org)
 recommendations. We use it at [OVHcloud](https://www.ovhcloud.com) to harden our PCI-DSS infrastructure.

 ```console
@ -172,7 +169,7 @@ Functional tests are available. They are to be run in a Docker environment.
 $ ./tests/docker_build_and_run_tests.sh <target> [name of test script...]
 ```

-With `target` being like `debian9` or `debian10`.
+With `target` being like `debian10` or `debian11`.

 Running without script arguments will run all tests in `./tests/hardening/` directory.
 Or you can specify one or several test script to be run.