mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-22 02:33:42 +02:00
feat: official Debian 11 compatibility (#176)
Introduce Debian 11 compatibility Based on CIS_Debian_Linux_11_Benchmark_v1.0.0 After review, here are the notable changes : - Harden /var/log more (noexec,nodev,nosuid) - Harden /var/log/audit more (noexec,nodev,nosuid) - Harden /home more (nosuid) - Disable cramfs - Fix 5.3.4_acc_pam_sha512.sh - Deprecate Debian 9 and remove useless docker images NB : more audit log rules have been introduced and will be inserted in the checks later Fix #158
This commit is contained in:
@ -1,22 +0,0 @@
|
||||
FROM debian:jessie
|
||||
|
||||
LABEL vendor="OVH"
|
||||
LABEL project="debian-cis"
|
||||
LABEL url="https://github.com/ovh/debian-cis"
|
||||
LABEL description="This image is used to run tests"
|
||||
|
||||
RUN groupadd -g 500 secaudit && useradd -u 500 -g 500 -s /bin/bash secaudit && install -m 700 -o secaudit -g secaudit -d /home/secaudit
|
||||
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server sudo syslog-ng net-tools auditd
|
||||
|
||||
COPY --chown=500:500 . /opt/debian-cis/
|
||||
|
||||
COPY debian/default /etc/default/cis-hardening
|
||||
RUN sed -i 's#cis-hardening#debian-cis#' /etc/default/cis-hardening
|
||||
|
||||
COPY cisharden.sudoers /etc/sudoers.d/secaudit
|
||||
RUN sed -i 's#cisharden#secaudit#' /etc/sudoers.d/secaudit
|
||||
|
||||
|
||||
ENTRYPOINT ["/opt/debian-cis/tests/launch_tests.sh"]
|
||||
|
@ -1,22 +0,0 @@
|
||||
FROM debian:stretch
|
||||
|
||||
LABEL vendor="OVH"
|
||||
LABEL project="debian-cis"
|
||||
LABEL url="https://github.com/ovh/debian-cis"
|
||||
LABEL description="This image is used to run tests"
|
||||
|
||||
RUN groupadd -g 500 secaudit && useradd -u 500 -g 500 -s /bin/bash secaudit && install -m 700 -o secaudit -g secaudit -d /home/secaudit
|
||||
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server sudo syslog-ng net-tools auditd
|
||||
|
||||
COPY --chown=500:500 . /opt/debian-cis/
|
||||
|
||||
COPY debian/default /etc/default/cis-hardening
|
||||
RUN sed -i 's#cis-hardening#debian-cis#' /etc/default/cis-hardening
|
||||
|
||||
COPY cisharden.sudoers /etc/sudoers.d/secaudit
|
||||
RUN sed -i 's#cisharden#secaudit#' /etc/sudoers.d/secaudit
|
||||
|
||||
|
||||
ENTRYPOINT ["/opt/debian-cis/tests/launch_tests.sh"]
|
||||
|
Reference in New Issue
Block a user