mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-24 11:34:35 +02:00
feat: official Debian 11 compatibility (#176)
Introduce Debian 11 compatibility Based on CIS_Debian_Linux_11_Benchmark_v1.0.0 After review, here are the notable changes : - Harden /var/log more (noexec,nodev,nosuid) - Harden /var/log/audit more (noexec,nodev,nosuid) - Harden /home more (nosuid) - Disable cramfs - Fix 5.3.4_acc_pam_sha512.sh - Deprecate Debian 9 and remove useless docker images NB : more audit log rules have been introduced and will be inserted in the checks later Fix #158
This commit is contained in:
16
tests/hardening/1.1.12.1_var_log_audit_noexec.sh
Normal file
16
tests/hardening/1.1.12.1_var_log_audit_noexec.sh
Normal file
@ -0,0 +1,16 @@
|
||||
# shellcheck shell=bash
|
||||
# run-shellcheck
|
||||
test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
# host, and we check root/sudo consistency. But, we don't test #
|
||||
# the apply function because it can't be automated or it is very #
|
||||
# long to test and not very useful. #
|
||||
##################################################################
|
||||
}
|
Reference in New Issue
Block a user