feat: official Debian 11 compatibility (#176)

Introduce Debian 11 compatibility Based on CIS_Debian_Linux_11_Benchmark_v1.0.0 After review, here are the notable changes : - Harden /var/log more (noexec,nodev,nosuid) - Harden /var/log/audit more (noexec,nodev,nosuid) - Harden /home more (nosuid) - Disable cramfs - Fix 5.3.4_acc_pam_sha512.sh - Deprecate Debian 9 and remove useless docker images NB : more audit log rules have been introduced and will be inserted in the checks later Fix #158
2025-06-22 02:33:42 +02:00 · 2023-05-02 14:16:19 +02:00
parent 05521d5961
commit 04457e7df2
29 changed files with 1168 additions and 62 deletions
--- a/tests/docker/Dockerfile.debian8
+++ b/tests/docker/Dockerfile.debian8
@ -1,22 +0,0 @@
-FROM debian:jessie
-
-LABEL vendor="OVH"
-LABEL project="debian-cis"
-LABEL url="https://github.com/ovh/debian-cis"
-LABEL description="This image is used to run tests"
-
-RUN groupadd -g 500 secaudit && useradd  -u 500 -g 500 -s /bin/bash secaudit && install -m 700 -o secaudit -g secaudit -d /home/secaudit
-
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server sudo syslog-ng net-tools auditd
-
-COPY --chown=500:500 . /opt/debian-cis/
-
-COPY debian/default /etc/default/cis-hardening
-RUN sed -i 's#cis-hardening#debian-cis#' /etc/default/cis-hardening
-
-COPY cisharden.sudoers /etc/sudoers.d/secaudit
-RUN sed -i 's#cisharden#secaudit#' /etc/sudoers.d/secaudit
-
-
-ENTRYPOINT ["/opt/debian-cis/tests/launch_tests.sh"]
-
--- a/tests/docker/Dockerfile.debian9
+++ b/tests/docker/Dockerfile.debian9
@ -1,22 +0,0 @@
-FROM debian:stretch
-
-LABEL vendor="OVH"
-LABEL project="debian-cis"
-LABEL url="https://github.com/ovh/debian-cis"
-LABEL description="This image is used to run tests"
-
-RUN groupadd -g 500 secaudit && useradd  -u 500 -g 500 -s /bin/bash secaudit && install -m 700 -o secaudit -g secaudit -d /home/secaudit
-
-RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server sudo syslog-ng net-tools auditd
-
-COPY --chown=500:500 . /opt/debian-cis/
-
-COPY debian/default /etc/default/cis-hardening
-RUN sed -i 's#cis-hardening#debian-cis#' /etc/default/cis-hardening
-
-COPY cisharden.sudoers /etc/sudoers.d/secaudit
-RUN sed -i 's#cisharden#secaudit#' /etc/sudoers.d/secaudit
-
-
-ENTRYPOINT ["/opt/debian-cis/tests/launch_tests.sh"]
-