Merge pull request #25 in IAAS/cis-hardening from dev/thibault.dewailly/fixShadowParsing to master

* commit '0f11b08ffb593285f745e3e249f3aaf83a6f5362':
  [Debian 8] Fixed comments for debian 8 compliance
  [10.2] Fixed result parsing in case of spaces in passwd list
This commit is contained in:
Kevin Tanguy 2017-03-14 16:19:33 +01:00
commit 425683f7f4
193 changed files with 199 additions and 196 deletions

View File

@ -1,6 +1,6 @@
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
Modular Debian 7 security hardening scripts based on [cisecurity.org](https://www.cisecurity.org)
Modular Debian 7/8 security hardening scripts based on [cisecurity.org](https://www.cisecurity.org)
recommendations. We use it at [OVH](https://www.ovh.com) to harden our PCI-DSS infrastructure.
```console
@ -133,6 +133,7 @@ Additionally, quoting the License:
- **Center for Internet Security**: https://www.cisecurity.org/
- **CIS recommendations**: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=debian7.100
- **CIS recommendations**: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=debian8.100
## License

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
# Authors : Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com>
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#
@ -18,7 +18,8 @@ RESULT=''
# This function will be called if the script status is on enabled / audit mode
audit () {
info "Checking if admin accounts have a login shell different than $SHELL"
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
IFS=$'\n'
for LINE in $RESULT; do
debug "line : $LINE"
ACCOUNT=$( echo $LINE | cut -d: -f 1 )
@ -43,6 +44,7 @@ audit () {
# This function will be called if the script status is on enabled mode
apply () {
RESULT=$(egrep -v "^\+" $FILE | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/usr/sbin/nologin" && $7!="/bin/false") {print}')
IFS=$'\n'
for LINE in $RESULT; do
debug "line : $LINE"
ACCOUNT=$( echo $LINE | cut -d: -f 1 )
@ -85,7 +87,7 @@ else
echo "No CIS_ROOT_DIR variable, aborting"
exit 128
fi
fi
fi
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# CIS Debian 7 Hardening
# CIS Debian 7/8 Hardening
#
#

Some files were not shown because too many files have changed in this diff Show More