From 0b85d16c16529bf60b96f8b72ee76e6b82df93f4 Mon Sep 17 00:00:00 2001 From: Charles Herlin Date: Tue, 27 Aug 2019 15:30:47 +0200 Subject: [PATCH] First batch of renaming to comply to comply to 8v2 and 9 pdf renamed: 2.19_disable_freevxfs.sh -> 1.1.1.1_disable_freevxfs.sh renamed: 2.20_disable_jffs2.sh -> 1.1.1.2_disable_jffs2.sh renamed: 2.21_disable_hfs.sh -> 1.1.1.3_disable_hfs.sh renamed: 2.22_disable_hfsplus.sh -> 1.1.1.4_disable_hfsplus.sh renamed: 2.24_disable_udf.sh -> 1.1.1.5_disable_udf.sh renamed: 2.7_var_log_partition.sh -> 1.1.11_var_log_partition.sh renamed: 2.8_var_log_audit_partition.sh -> 1.1.12_var_log_audit_partition.sh renamed: 2.9_home_partition.sh -> 1.1.13_home_partition.sh renamed: 2.10_home_nodev.sh -> 1.1.14_home_nodev.sh renamed: 2.14_run_shm_nodev.sh -> 1.1.15_run_shm_nodev.sh renamed: 2.15_run_shm_nosuid.sh -> 1.1.16_run_shm_nosuid.sh renamed: 2.16_run_shm_noexec.sh -> 1.1.17_run_shm_noexec.sh renamed: 2.11_removable_device_nodev.sh -> 1.1.18_removable_device_nodev.sh renamed: 2.13_removable_device_nosuid.sh -> 1.1.19_removable_device_nosuid.sh renamed: 2.12_removable_device_noexec.sh -> 1.1.20_removable_device_noexec.sh renamed: 2.17_sticky_bit_world_writable_folder.sh -> 1.1.21_sticky_bit_world_writable_folder.sh renamed: 2.25_disable_automounting.sh -> 1.1.22_disable_automounting.sh renamed: 2.1_tmp_partition.sh -> 1.1.2_tmp_partition.sh renamed: 2.2_tmp_nodev.sh -> 1.1.3_tmp_nodev.sh renamed: 2.3_tmp_nosuid.sh -> 1.1.4_tmp_nosuid.sh renamed: 2.4_tmp_noexec.sh -> 1.1.5_tmp_noexec.sh renamed: 2.5_var_partition.sh -> 1.1.6_var_partition.sh renamed: 1.1_install_updates.sh -> 1.8_install_updates.sh --- ...19_disable_freevxfs.sh => 1.1.1.1_disable_freevxfs.sh} | 4 +--- .../{2.20_disable_jffs2.sh => 1.1.1.2_disable_jffs2.sh} | 4 +--- .../{2.21_disable_hfs.sh => 1.1.1.3_disable_hfs.sh} | 4 +--- ...2.22_disable_hfsplus.sh => 1.1.1.4_disable_hfsplus.sh} | 4 +--- .../{2.24_disable_udf.sh => 1.1.1.5_disable_udf.sh} | 4 +--- ...7_var_log_partition.sh => 1.1.11_var_log_partition.sh} | 4 +--- ...dit_partition.sh => 1.1.12_var_log_audit_partition.sh} | 4 +--- .../{2.9_home_partition.sh => 1.1.13_home_partition.sh} | 4 +--- .../{2.10_home_nodev.sh => 1.1.14_home_nodev.sh} | 8 ++++---- .../{2.14_run_shm_nodev.sh => 1.1.15_run_shm_nodev.sh} | 2 +- .../{2.15_run_shm_nosuid.sh => 1.1.16_run_shm_nosuid.sh} | 2 +- .../{2.16_run_shm_noexec.sh => 1.1.17_run_shm_noexec.sh} | 2 +- ...e_device_nodev.sh => 1.1.18_removable_device_nodev.sh} | 6 +++--- ...device_nosuid.sh => 1.1.19_removable_device_nosuid.sh} | 6 +++--- ...device_noexec.sh => 1.1.20_removable_device_noexec.sh} | 6 +++--- ...lder.sh => 1.1.21_sticky_bit_world_writable_folder.sh} | 2 +- ...ble_automounting.sh => 1.1.22_disable_automounting.sh} | 2 +- .../{2.1_tmp_partition.sh => 1.1.2_tmp_partition.sh} | 6 ++---- bin/hardening/{2.2_tmp_nodev.sh => 1.1.3_tmp_nodev.sh} | 2 +- bin/hardening/{2.3_tmp_nosuid.sh => 1.1.4_tmp_nosuid.sh} | 8 ++++---- bin/hardening/{2.4_tmp_noexec.sh => 1.1.5_tmp_noexec.sh} | 8 ++++---- .../{2.5_var_partition.sh => 1.1.6_var_partition.sh} | 2 +- .../{1.1_install_updates.sh => 1.8_install_updates.sh} | 4 ++-- ...1.1_install_updates.sh => 1.1.1.1_disable_freevxfs.sh} | 0 .../{2.10_home_nodev.sh => 1.1.1.2_disable_jffs2.sh} | 0 ...1_removable_device_nodev.sh => 1.1.1.3_disable_hfs.sh} | 0 ...ovable_device_noexec.sh => 1.1.1.4_disable_hfsplus.sh} | 0 ..._removable_device_nosuid.sh => 1.1.1.5_disable_udf.sh} | 0 ...19_disable_freevxfs.sh => 1.1.11_var_log_partition.sh} | 0 ...tmp_partition.sh => 1.1.12_var_log_audit_partition.sh} | 0 .../{2.20_disable_jffs2.sh => 1.1.13_home_partition.sh} | 0 .../{2.21_disable_hfs.sh => 1.1.14_home_nodev.sh} | 0 .../{2.14_run_shm_nodev.sh => 1.1.15_run_shm_nodev.sh} | 0 .../{2.15_run_shm_nosuid.sh => 1.1.16_run_shm_nosuid.sh} | 0 .../{2.16_run_shm_noexec.sh => 1.1.17_run_shm_noexec.sh} | 0 ...isable_hfsplus.sh => 1.1.18_removable_device_nodev.sh} | 0 ...4_disable_udf.sh => 1.1.19_removable_device_nosuid.sh} | 0 ..._automounting.sh => 1.1.20_removable_device_noexec.sh} | 0 ...lder.sh => 1.1.21_sticky_bit_world_writable_folder.sh} | 0 .../{2.2_tmp_nodev.sh => 1.1.22_disable_automounting.sh} | 0 .../{2.3_tmp_nosuid.sh => 1.1.2_tmp_partition.sh} | 0 tests/hardening/{2.4_tmp_noexec.sh => 1.1.3_tmp_nodev.sh} | 0 .../{2.5_var_partition.sh => 1.1.4_tmp_nosuid.sh} | 0 .../{2.7_var_log_partition.sh => 1.1.5_tmp_noexec.sh} | 0 ..._var_log_audit_partition.sh => 1.1.6_var_partition.sh} | 0 .../{2.9_home_partition.sh => 1.8_install_updates.sh} | 0 46 files changed, 40 insertions(+), 58 deletions(-) rename bin/hardening/{2.19_disable_freevxfs.sh => 1.1.1.1_disable_freevxfs.sh} (95%) rename bin/hardening/{2.20_disable_jffs2.sh => 1.1.1.2_disable_jffs2.sh} (95%) rename bin/hardening/{2.21_disable_hfs.sh => 1.1.1.3_disable_hfs.sh} (96%) rename bin/hardening/{2.22_disable_hfsplus.sh => 1.1.1.4_disable_hfsplus.sh} (95%) rename bin/hardening/{2.24_disable_udf.sh => 1.1.1.5_disable_udf.sh} (96%) rename bin/hardening/{2.7_var_log_partition.sh => 1.1.11_var_log_partition.sh} (96%) rename bin/hardening/{2.8_var_log_audit_partition.sh => 1.1.12_var_log_audit_partition.sh} (96%) rename bin/hardening/{2.9_home_partition.sh => 1.1.13_home_partition.sh} (96%) rename bin/hardening/{2.10_home_nodev.sh => 1.1.14_home_nodev.sh} (96%) rename bin/hardening/{2.14_run_shm_nodev.sh => 1.1.15_run_shm_nodev.sh} (97%) rename bin/hardening/{2.15_run_shm_nosuid.sh => 1.1.16_run_shm_nosuid.sh} (97%) rename bin/hardening/{2.16_run_shm_noexec.sh => 1.1.17_run_shm_noexec.sh} (97%) rename bin/hardening/{2.11_removable_device_nodev.sh => 1.1.18_removable_device_nodev.sh} (95%) rename bin/hardening/{2.13_removable_device_nosuid.sh => 1.1.19_removable_device_nosuid.sh} (95%) rename bin/hardening/{2.12_removable_device_noexec.sh => 1.1.20_removable_device_noexec.sh} (95%) rename bin/hardening/{2.17_sticky_bit_world_writable_folder.sh => 1.1.21_sticky_bit_world_writable_folder.sh} (96%) rename bin/hardening/{2.25_disable_automounting.sh => 1.1.22_disable_automounting.sh} (97%) rename bin/hardening/{2.1_tmp_partition.sh => 1.1.2_tmp_partition.sh} (94%) rename bin/hardening/{2.2_tmp_nodev.sh => 1.1.3_tmp_nodev.sh} (97%) rename bin/hardening/{2.3_tmp_nosuid.sh => 1.1.4_tmp_nosuid.sh} (95%) rename bin/hardening/{2.4_tmp_noexec.sh => 1.1.5_tmp_noexec.sh} (95%) rename bin/hardening/{2.5_var_partition.sh => 1.1.6_var_partition.sh} (97%) rename bin/hardening/{1.1_install_updates.sh => 1.8_install_updates.sh} (89%) rename tests/hardening/{1.1_install_updates.sh => 1.1.1.1_disable_freevxfs.sh} (100%) rename tests/hardening/{2.10_home_nodev.sh => 1.1.1.2_disable_jffs2.sh} (100%) rename tests/hardening/{2.11_removable_device_nodev.sh => 1.1.1.3_disable_hfs.sh} (100%) rename tests/hardening/{2.12_removable_device_noexec.sh => 1.1.1.4_disable_hfsplus.sh} (100%) rename tests/hardening/{2.13_removable_device_nosuid.sh => 1.1.1.5_disable_udf.sh} (100%) rename tests/hardening/{2.19_disable_freevxfs.sh => 1.1.11_var_log_partition.sh} (100%) rename tests/hardening/{2.1_tmp_partition.sh => 1.1.12_var_log_audit_partition.sh} (100%) rename tests/hardening/{2.20_disable_jffs2.sh => 1.1.13_home_partition.sh} (100%) rename tests/hardening/{2.21_disable_hfs.sh => 1.1.14_home_nodev.sh} (100%) rename tests/hardening/{2.14_run_shm_nodev.sh => 1.1.15_run_shm_nodev.sh} (100%) rename tests/hardening/{2.15_run_shm_nosuid.sh => 1.1.16_run_shm_nosuid.sh} (100%) rename tests/hardening/{2.16_run_shm_noexec.sh => 1.1.17_run_shm_noexec.sh} (100%) rename tests/hardening/{2.22_disable_hfsplus.sh => 1.1.18_removable_device_nodev.sh} (100%) rename tests/hardening/{2.24_disable_udf.sh => 1.1.19_removable_device_nosuid.sh} (100%) rename tests/hardening/{2.25_disable_automounting.sh => 1.1.20_removable_device_noexec.sh} (100%) rename tests/hardening/{2.17_sticky_bit_world_writable_folder.sh => 1.1.21_sticky_bit_world_writable_folder.sh} (100%) rename tests/hardening/{2.2_tmp_nodev.sh => 1.1.22_disable_automounting.sh} (100%) rename tests/hardening/{2.3_tmp_nosuid.sh => 1.1.2_tmp_partition.sh} (100%) rename tests/hardening/{2.4_tmp_noexec.sh => 1.1.3_tmp_nodev.sh} (100%) rename tests/hardening/{2.5_var_partition.sh => 1.1.4_tmp_nosuid.sh} (100%) rename tests/hardening/{2.7_var_log_partition.sh => 1.1.5_tmp_noexec.sh} (100%) rename tests/hardening/{2.8_var_log_audit_partition.sh => 1.1.6_var_partition.sh} (100%) rename tests/hardening/{2.9_home_partition.sh => 1.8_install_updates.sh} (100%) diff --git a/bin/hardening/2.19_disable_freevxfs.sh b/bin/hardening/1.1.1.1_disable_freevxfs.sh similarity index 95% rename from bin/hardening/2.19_disable_freevxfs.sh rename to bin/hardening/1.1.1.1_disable_freevxfs.sh index 6ba7beb..224d74d 100755 --- a/bin/hardening/2.19_disable_freevxfs.sh +++ b/bin/hardening/1.1.1.1_disable_freevxfs.sh @@ -5,7 +5,7 @@ # # -# 2.19 Disable Mounting of freevxfs Filesystems (Not Scored) +# 1.1.1.1 Disable Mounting of freevxfs Filesystems (Not Scored) # set -e # One error, it's over @@ -26,7 +26,6 @@ audit () { else ok "$KERNEL_OPTION is disabled" fi - : } # This function will be called if the script status is on enabled mode @@ -37,7 +36,6 @@ apply () { else ok "$KERNEL_OPTION is disabled, nothing to do" fi - : } # This function will check config parameters required diff --git a/bin/hardening/2.20_disable_jffs2.sh b/bin/hardening/1.1.1.2_disable_jffs2.sh similarity index 95% rename from bin/hardening/2.20_disable_jffs2.sh rename to bin/hardening/1.1.1.2_disable_jffs2.sh index 881a257..bf0b7ce 100755 --- a/bin/hardening/2.20_disable_jffs2.sh +++ b/bin/hardening/1.1.1.2_disable_jffs2.sh @@ -5,7 +5,7 @@ # # -# 2.20 Disable Mounting of jffs2 Filesystems (Not Scored) +# 1.1.1.2 Disable Mounting of jffs2 Filesystems (Not Scored) # set -e # One error, it's over @@ -26,7 +26,6 @@ audit () { else ok "$KERNEL_OPTION is disabled" fi - : } # This function will be called if the script status is on enabled mode @@ -37,7 +36,6 @@ apply () { else ok "$KERNEL_OPTION is disabled, nothing to do" fi - : } # This function will check config parameters required diff --git a/bin/hardening/2.21_disable_hfs.sh b/bin/hardening/1.1.1.3_disable_hfs.sh similarity index 96% rename from bin/hardening/2.21_disable_hfs.sh rename to bin/hardening/1.1.1.3_disable_hfs.sh index 2dc9a9c..11a70ab 100755 --- a/bin/hardening/2.21_disable_hfs.sh +++ b/bin/hardening/1.1.1.3_disable_hfs.sh @@ -5,7 +5,7 @@ # # -# 2.21 Disable Mounting of hfs Filesystems (Not Scored) +# 1.1.1.3 Disable Mounting of hfs Filesystems (Not Scored) # set -e # One error, it's over @@ -26,7 +26,6 @@ audit () { else ok "$KERNEL_OPTION is disabled" fi - : } # This function will be called if the script status is on enabled mode @@ -37,7 +36,6 @@ apply () { else ok "$KERNEL_OPTION is disabled, nothing to do" fi - : } # This function will check config parameters required diff --git a/bin/hardening/2.22_disable_hfsplus.sh b/bin/hardening/1.1.1.4_disable_hfsplus.sh similarity index 95% rename from bin/hardening/2.22_disable_hfsplus.sh rename to bin/hardening/1.1.1.4_disable_hfsplus.sh index e671ceb..e2629b8 100755 --- a/bin/hardening/2.22_disable_hfsplus.sh +++ b/bin/hardening/1.1.1.4_disable_hfsplus.sh @@ -5,7 +5,7 @@ # # -# 2.22 Disable Mounting of hfsplus Filesystems (Not Scored) +# 1.1.1.4 Disable Mounting of hfsplus Filesystems (Not Scored) # set -e # One error, it's over @@ -26,7 +26,6 @@ audit () { else ok "$KERNEL_OPTION is disabled" fi - : } # This function will be called if the script status is on enabled mode @@ -37,7 +36,6 @@ apply () { else ok "$KERNEL_OPTION is disabled, nothing to do" fi - : } # This function will check config parameters required diff --git a/bin/hardening/2.24_disable_udf.sh b/bin/hardening/1.1.1.5_disable_udf.sh similarity index 96% rename from bin/hardening/2.24_disable_udf.sh rename to bin/hardening/1.1.1.5_disable_udf.sh index 8dda5a4..06098f2 100755 --- a/bin/hardening/2.24_disable_udf.sh +++ b/bin/hardening/1.1.1.5_disable_udf.sh @@ -5,7 +5,7 @@ # # -# 2.24 Disable Mounting of udf Filesystems (Not Scored) +# 1.1.1.5 Disable Mounting of udf Filesystems (Not Scored) # set -e # One error, it's over @@ -26,7 +26,6 @@ audit () { else ok "$KERNEL_OPTION is disabled" fi - : } # This function will be called if the script status is on enabled mode @@ -37,7 +36,6 @@ apply () { else ok "$KERNEL_OPTION is disabled, nothing to do" fi - : } # This function will check config parameters required diff --git a/bin/hardening/2.7_var_log_partition.sh b/bin/hardening/1.1.11_var_log_partition.sh similarity index 96% rename from bin/hardening/2.7_var_log_partition.sh rename to bin/hardening/1.1.11_var_log_partition.sh index 67182e5..b9d27e0 100755 --- a/bin/hardening/2.7_var_log_partition.sh +++ b/bin/hardening/1.1.11_var_log_partition.sh @@ -5,7 +5,7 @@ # # -# 2.7 Create Separate Partition for /var/log (Scored) +# 1.1.11 Create Separate Partition for /var/log (Scored) # set -e # One error, it's over @@ -35,8 +35,6 @@ audit () { ok "$PARTITION is mounted" fi fi - - : } # This function will be called if the script status is on enabled mode diff --git a/bin/hardening/2.8_var_log_audit_partition.sh b/bin/hardening/1.1.12_var_log_audit_partition.sh similarity index 96% rename from bin/hardening/2.8_var_log_audit_partition.sh rename to bin/hardening/1.1.12_var_log_audit_partition.sh index 1963273..d684ce8 100755 --- a/bin/hardening/2.8_var_log_audit_partition.sh +++ b/bin/hardening/1.1.12_var_log_audit_partition.sh @@ -5,7 +5,7 @@ # # -# 2.8 Create Separate Partition for /var/log/audit (Scored) +# 1.1.12 Create Separate Partition for /var/log/audit (Scored) # set -e # One error, it's over @@ -35,8 +35,6 @@ audit () { ok "$PARTITION is mounted" fi fi - - : } # This function will be called if the script status is on enabled mode diff --git a/bin/hardening/2.9_home_partition.sh b/bin/hardening/1.1.13_home_partition.sh similarity index 96% rename from bin/hardening/2.9_home_partition.sh rename to bin/hardening/1.1.13_home_partition.sh index 77b5128..78c038f 100755 --- a/bin/hardening/2.9_home_partition.sh +++ b/bin/hardening/1.1.13_home_partition.sh @@ -5,7 +5,7 @@ # # -# 2.9 Create Separate Partition for /home (Scored) +# 1.1.13 Create Separate Partition for /home (Scored) # set -e # One error, it's over @@ -35,8 +35,6 @@ audit () { ok "$PARTITION is mounted" fi fi - - : } # This function will be called if the script status is on enabled mode diff --git a/bin/hardening/2.10_home_nodev.sh b/bin/hardening/1.1.14_home_nodev.sh similarity index 96% rename from bin/hardening/2.10_home_nodev.sh rename to bin/hardening/1.1.14_home_nodev.sh index 66f8c37..da4848c 100755 --- a/bin/hardening/2.10_home_nodev.sh +++ b/bin/hardening/1.1.14_home_nodev.sh @@ -5,7 +5,7 @@ # # -# 2.10 Add nodev Option to /home (Scored) +# 1.1.14 Ensure nodev Option set on /home (Scored) # set -e # One error, it's over @@ -37,11 +37,11 @@ audit () { has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" - FNRET=3 + FNRET=3 else ok "$PARTITION mounted with $OPTION" fi - fi + fi fi } @@ -59,7 +59,7 @@ apply () { elif [ $FNRET = 3 ]; then info "Remounting $PARTITION from fstab" remount_partition $PARTITION - fi + fi } # This function will check config parameters required diff --git a/bin/hardening/2.14_run_shm_nodev.sh b/bin/hardening/1.1.15_run_shm_nodev.sh similarity index 97% rename from bin/hardening/2.14_run_shm_nodev.sh rename to bin/hardening/1.1.15_run_shm_nodev.sh index 04fc3b1..38e6211 100755 --- a/bin/hardening/2.14_run_shm_nodev.sh +++ b/bin/hardening/1.1.15_run_shm_nodev.sh @@ -6,7 +6,7 @@ # # -# 2.14 Add nodev Option to /run/shm Partition (Scored) +# 1.1.15 Ensure nodev option set on /dev/shm partition (Scored) # set -e # One error, it's over diff --git a/bin/hardening/2.15_run_shm_nosuid.sh b/bin/hardening/1.1.16_run_shm_nosuid.sh similarity index 97% rename from bin/hardening/2.15_run_shm_nosuid.sh rename to bin/hardening/1.1.16_run_shm_nosuid.sh index 4e57983..1161cd8 100755 --- a/bin/hardening/2.15_run_shm_nosuid.sh +++ b/bin/hardening/1.1.16_run_shm_nosuid.sh @@ -6,7 +6,7 @@ # # -# 2.15 Add nosuid Option to /run/shm Partition (Scored) +# 1.1.16 Ensure nosuid Option set on /run/shm Partition (Scored) # set -e # One error, it's over diff --git a/bin/hardening/2.16_run_shm_noexec.sh b/bin/hardening/1.1.17_run_shm_noexec.sh similarity index 97% rename from bin/hardening/2.16_run_shm_noexec.sh rename to bin/hardening/1.1.17_run_shm_noexec.sh index cb252ad..2c7e373 100755 --- a/bin/hardening/2.16_run_shm_noexec.sh +++ b/bin/hardening/1.1.17_run_shm_noexec.sh @@ -6,7 +6,7 @@ # # -# 2.16 Add noexec Option to /run/shm Partition (Scored) +# 1.1.17 Ensure noexec Option set on /run/shm Partition (Scored) # set -e # One error, it's over diff --git a/bin/hardening/2.11_removable_device_nodev.sh b/bin/hardening/1.1.18_removable_device_nodev.sh similarity index 95% rename from bin/hardening/2.11_removable_device_nodev.sh rename to bin/hardening/1.1.18_removable_device_nodev.sh index 93beef6..83692b6 100755 --- a/bin/hardening/2.11_removable_device_nodev.sh +++ b/bin/hardening/1.1.18_removable_device_nodev.sh @@ -5,7 +5,7 @@ # # -# 2.11 Add nodev Option to Removable Media Partitions (Not Scored) +# 1.1.18 Add nodev Option to Removable Media Partitions (Not Scored) # set -e # One error, it's over @@ -36,7 +36,7 @@ audit () { FNRET=1 else ok "$PARTITION has $OPTION in fstab" - fi + fi fi } @@ -47,7 +47,7 @@ apply () { elif [ $FNRET = 1 ]; then info "Adding $OPTION to fstab" add_option_to_fstab $PARTITION $OPTION - fi + fi } # This function will check config parameters required diff --git a/bin/hardening/2.13_removable_device_nosuid.sh b/bin/hardening/1.1.19_removable_device_nosuid.sh similarity index 95% rename from bin/hardening/2.13_removable_device_nosuid.sh rename to bin/hardening/1.1.19_removable_device_nosuid.sh index 7de19d6..fd2bb4e 100755 --- a/bin/hardening/2.13_removable_device_nosuid.sh +++ b/bin/hardening/1.1.19_removable_device_nosuid.sh @@ -5,7 +5,7 @@ # # -# 2.13 Add nosuid Option to Removable Media Partitions (Not Scored) +# 1.1.19 Ensure nosuid Option set on Removable Media Partitions (Not Scored) # set -e # One error, it's over @@ -36,7 +36,7 @@ audit () { FNRET=1 else ok "$PARTITION has $OPTION in fstab" - fi + fi fi } @@ -47,7 +47,7 @@ apply () { elif [ $FNRET = 1 ]; then info "Adding $OPTION to fstab" add_option_to_fstab $PARTITION $OPTION - fi + fi } # This function will check config parameters required diff --git a/bin/hardening/2.12_removable_device_noexec.sh b/bin/hardening/1.1.20_removable_device_noexec.sh similarity index 95% rename from bin/hardening/2.12_removable_device_noexec.sh rename to bin/hardening/1.1.20_removable_device_noexec.sh index 93a6970..922ec9a 100755 --- a/bin/hardening/2.12_removable_device_noexec.sh +++ b/bin/hardening/1.1.20_removable_device_noexec.sh @@ -5,7 +5,7 @@ # # -# 2.12 Add noexec Option to Removable Media Partitions (Not Scored) +# 1.1.20 Ensure noexec Option set on Removable Media Partitions (Not Scored) # set -e # One error, it's over @@ -36,7 +36,7 @@ audit () { FNRET=1 else ok "$PARTITION has $OPTION in fstab" - fi + fi fi } @@ -47,7 +47,7 @@ apply () { elif [ $FNRET = 1 ]; then info "Adding $OPTION to fstab" add_option_to_fstab $PARTITION $OPTION - fi + fi } # This function will check config parameters required diff --git a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh similarity index 96% rename from bin/hardening/2.17_sticky_bit_world_writable_folder.sh rename to bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh index e85f5b2..1817ff8 100755 --- a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh +++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh @@ -5,7 +5,7 @@ # # -# 2.17 Set Sticky Bit on All World-Writable Directories (Scored) +# 1.1.21 Ensure Sticky Bit set on All World-Writable Directories (Scored) # set -e # One error, it's over diff --git a/bin/hardening/2.25_disable_automounting.sh b/bin/hardening/1.1.22_disable_automounting.sh similarity index 97% rename from bin/hardening/2.25_disable_automounting.sh rename to bin/hardening/1.1.22_disable_automounting.sh index 7765b88..5ddca14 100755 --- a/bin/hardening/2.25_disable_automounting.sh +++ b/bin/hardening/1.1.22_disable_automounting.sh @@ -5,7 +5,7 @@ # # -# 2.25 Disable Automounting (Scored) +# 1.1.22 Disable Automounting (Scored) # set -e # One error, it's over diff --git a/bin/hardening/2.1_tmp_partition.sh b/bin/hardening/1.1.2_tmp_partition.sh similarity index 94% rename from bin/hardening/2.1_tmp_partition.sh rename to bin/hardening/1.1.2_tmp_partition.sh index 2481438..800e987 100755 --- a/bin/hardening/2.1_tmp_partition.sh +++ b/bin/hardening/1.1.2_tmp_partition.sh @@ -5,14 +5,14 @@ # # -# 2.1 Create Separate Partition for /tmp (Scored) +# 1.1.2 Ensure /tmp is configured (Scored) # set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=3 -DESCRIPTION="/tmp on a separate partition." +DESCRIPTION="Ensure /tmp is configured (Scored)" # Quick factoring as many script use the same logic PARTITION="/tmp" @@ -35,8 +35,6 @@ audit () { ok "$PARTITION is mounted" fi fi - - : } # This function will be called if the script status is on enabled mode diff --git a/bin/hardening/2.2_tmp_nodev.sh b/bin/hardening/1.1.3_tmp_nodev.sh similarity index 97% rename from bin/hardening/2.2_tmp_nodev.sh rename to bin/hardening/1.1.3_tmp_nodev.sh index a1ac5df..ddb43df 100755 --- a/bin/hardening/2.2_tmp_nodev.sh +++ b/bin/hardening/1.1.3_tmp_nodev.sh @@ -5,7 +5,7 @@ # # -# 2.2 Set nodev option for /tmp Partition (Scored) +# 1.1.3 Ensure nodev option set for /tmp Partition (Scored) # set -e # One error, it's over diff --git a/bin/hardening/2.3_tmp_nosuid.sh b/bin/hardening/1.1.4_tmp_nosuid.sh similarity index 95% rename from bin/hardening/2.3_tmp_nosuid.sh rename to bin/hardening/1.1.4_tmp_nosuid.sh index efb7dcd..5c2703e 100755 --- a/bin/hardening/2.3_tmp_nosuid.sh +++ b/bin/hardening/1.1.4_tmp_nosuid.sh @@ -5,7 +5,7 @@ # # -# 2.3 Set nosuid option for /tmp Partition (Scored) +# 1.1.4 Ensure nosuid option set for /tmp Partition (Scored) # set -e # One error, it's over @@ -37,11 +37,11 @@ audit () { has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" - FNRET=3 + FNRET=3 else ok "$PARTITION mounted with $OPTION" fi - fi + fi fi } @@ -59,7 +59,7 @@ apply () { elif [ $FNRET = 3 ]; then info "Remounting $PARTITION from fstab" remount_partition $PARTITION - fi + fi } # This function will check config parameters required diff --git a/bin/hardening/2.4_tmp_noexec.sh b/bin/hardening/1.1.5_tmp_noexec.sh similarity index 95% rename from bin/hardening/2.4_tmp_noexec.sh rename to bin/hardening/1.1.5_tmp_noexec.sh index 1dbc717..5591b11 100755 --- a/bin/hardening/2.4_tmp_noexec.sh +++ b/bin/hardening/1.1.5_tmp_noexec.sh @@ -5,7 +5,7 @@ # # -# 2.4 Set noexec option for /tmp Partition (Scored) +# 1.1.5 Ensure noexec option set for /tmp Partition (Scored) # set -e # One error, it's over @@ -37,11 +37,11 @@ audit () { has_mounted_option $PARTITION $OPTION if [ $FNRET -gt 0 ]; then warn "$PARTITION is not mounted with $OPTION at runtime" - FNRET=3 + FNRET=3 else ok "$PARTITION mounted with $OPTION" fi - fi + fi fi } @@ -59,7 +59,7 @@ apply () { elif [ $FNRET = 3 ]; then info "Remounting $PARTITION from fstab" remount_partition $PARTITION - fi + fi } # This function will check config parameters required diff --git a/bin/hardening/2.5_var_partition.sh b/bin/hardening/1.1.6_var_partition.sh similarity index 97% rename from bin/hardening/2.5_var_partition.sh rename to bin/hardening/1.1.6_var_partition.sh index 01f3e70..e2c20d0 100755 --- a/bin/hardening/2.5_var_partition.sh +++ b/bin/hardening/1.1.6_var_partition.sh @@ -5,7 +5,7 @@ # # -# 2.5 Create Separate Partition for /var (Scored) +# 1.1.6 Create Separate Partition for /var (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1_install_updates.sh b/bin/hardening/1.8_install_updates.sh similarity index 89% rename from bin/hardening/1.1_install_updates.sh rename to bin/hardening/1.8_install_updates.sh index 8202329..7964b28 100755 --- a/bin/hardening/1.1_install_updates.sh +++ b/bin/hardening/1.8_install_updates.sh @@ -5,14 +5,14 @@ # # -# 1.1 Install Updates, Patches and Additional Security Software (Not Scored) +# 1.8 Ensure updates, patches, and additional security software are installed (Not Scored) # set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=3 -DESCRIPTION="Install updates, patches and additional secutiry software." +DESCRIPTION="Ensure updates, patches, and additional security software are installed (Not Scored)" # This function will be called if the script status is on enabled / audit mode audit () { diff --git a/tests/hardening/1.1_install_updates.sh b/tests/hardening/1.1.1.1_disable_freevxfs.sh similarity index 100% rename from tests/hardening/1.1_install_updates.sh rename to tests/hardening/1.1.1.1_disable_freevxfs.sh diff --git a/tests/hardening/2.10_home_nodev.sh b/tests/hardening/1.1.1.2_disable_jffs2.sh similarity index 100% rename from tests/hardening/2.10_home_nodev.sh rename to tests/hardening/1.1.1.2_disable_jffs2.sh diff --git a/tests/hardening/2.11_removable_device_nodev.sh b/tests/hardening/1.1.1.3_disable_hfs.sh similarity index 100% rename from tests/hardening/2.11_removable_device_nodev.sh rename to tests/hardening/1.1.1.3_disable_hfs.sh diff --git a/tests/hardening/2.12_removable_device_noexec.sh b/tests/hardening/1.1.1.4_disable_hfsplus.sh similarity index 100% rename from tests/hardening/2.12_removable_device_noexec.sh rename to tests/hardening/1.1.1.4_disable_hfsplus.sh diff --git a/tests/hardening/2.13_removable_device_nosuid.sh b/tests/hardening/1.1.1.5_disable_udf.sh similarity index 100% rename from tests/hardening/2.13_removable_device_nosuid.sh rename to tests/hardening/1.1.1.5_disable_udf.sh diff --git a/tests/hardening/2.19_disable_freevxfs.sh b/tests/hardening/1.1.11_var_log_partition.sh similarity index 100% rename from tests/hardening/2.19_disable_freevxfs.sh rename to tests/hardening/1.1.11_var_log_partition.sh diff --git a/tests/hardening/2.1_tmp_partition.sh b/tests/hardening/1.1.12_var_log_audit_partition.sh similarity index 100% rename from tests/hardening/2.1_tmp_partition.sh rename to tests/hardening/1.1.12_var_log_audit_partition.sh diff --git a/tests/hardening/2.20_disable_jffs2.sh b/tests/hardening/1.1.13_home_partition.sh similarity index 100% rename from tests/hardening/2.20_disable_jffs2.sh rename to tests/hardening/1.1.13_home_partition.sh diff --git a/tests/hardening/2.21_disable_hfs.sh b/tests/hardening/1.1.14_home_nodev.sh similarity index 100% rename from tests/hardening/2.21_disable_hfs.sh rename to tests/hardening/1.1.14_home_nodev.sh diff --git a/tests/hardening/2.14_run_shm_nodev.sh b/tests/hardening/1.1.15_run_shm_nodev.sh similarity index 100% rename from tests/hardening/2.14_run_shm_nodev.sh rename to tests/hardening/1.1.15_run_shm_nodev.sh diff --git a/tests/hardening/2.15_run_shm_nosuid.sh b/tests/hardening/1.1.16_run_shm_nosuid.sh similarity index 100% rename from tests/hardening/2.15_run_shm_nosuid.sh rename to tests/hardening/1.1.16_run_shm_nosuid.sh diff --git a/tests/hardening/2.16_run_shm_noexec.sh b/tests/hardening/1.1.17_run_shm_noexec.sh similarity index 100% rename from tests/hardening/2.16_run_shm_noexec.sh rename to tests/hardening/1.1.17_run_shm_noexec.sh diff --git a/tests/hardening/2.22_disable_hfsplus.sh b/tests/hardening/1.1.18_removable_device_nodev.sh similarity index 100% rename from tests/hardening/2.22_disable_hfsplus.sh rename to tests/hardening/1.1.18_removable_device_nodev.sh diff --git a/tests/hardening/2.24_disable_udf.sh b/tests/hardening/1.1.19_removable_device_nosuid.sh similarity index 100% rename from tests/hardening/2.24_disable_udf.sh rename to tests/hardening/1.1.19_removable_device_nosuid.sh diff --git a/tests/hardening/2.25_disable_automounting.sh b/tests/hardening/1.1.20_removable_device_noexec.sh similarity index 100% rename from tests/hardening/2.25_disable_automounting.sh rename to tests/hardening/1.1.20_removable_device_noexec.sh diff --git a/tests/hardening/2.17_sticky_bit_world_writable_folder.sh b/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh similarity index 100% rename from tests/hardening/2.17_sticky_bit_world_writable_folder.sh rename to tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh diff --git a/tests/hardening/2.2_tmp_nodev.sh b/tests/hardening/1.1.22_disable_automounting.sh similarity index 100% rename from tests/hardening/2.2_tmp_nodev.sh rename to tests/hardening/1.1.22_disable_automounting.sh diff --git a/tests/hardening/2.3_tmp_nosuid.sh b/tests/hardening/1.1.2_tmp_partition.sh similarity index 100% rename from tests/hardening/2.3_tmp_nosuid.sh rename to tests/hardening/1.1.2_tmp_partition.sh diff --git a/tests/hardening/2.4_tmp_noexec.sh b/tests/hardening/1.1.3_tmp_nodev.sh similarity index 100% rename from tests/hardening/2.4_tmp_noexec.sh rename to tests/hardening/1.1.3_tmp_nodev.sh diff --git a/tests/hardening/2.5_var_partition.sh b/tests/hardening/1.1.4_tmp_nosuid.sh similarity index 100% rename from tests/hardening/2.5_var_partition.sh rename to tests/hardening/1.1.4_tmp_nosuid.sh diff --git a/tests/hardening/2.7_var_log_partition.sh b/tests/hardening/1.1.5_tmp_noexec.sh similarity index 100% rename from tests/hardening/2.7_var_log_partition.sh rename to tests/hardening/1.1.5_tmp_noexec.sh diff --git a/tests/hardening/2.8_var_log_audit_partition.sh b/tests/hardening/1.1.6_var_partition.sh similarity index 100% rename from tests/hardening/2.8_var_log_audit_partition.sh rename to tests/hardening/1.1.6_var_partition.sh diff --git a/tests/hardening/2.9_home_partition.sh b/tests/hardening/1.8_install_updates.sh similarity index 100% rename from tests/hardening/2.9_home_partition.sh rename to tests/hardening/1.8_install_updates.sh