mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-23 05:55:38 +01:00
Merge pull request #13 in IAAS/cis-hardening from dev/kevin.tanguy/readme to master
* commit '0018d82060026346693080efc8f7f10a09148a90': Debian package revision bump 1.0-4
This commit is contained in:
commit
4b7b785b63
7
AUTHORS
Normal file
7
AUTHORS
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
Contributors of this project :
|
||||||
|
|
||||||
|
Developers :
|
||||||
|
Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com>
|
||||||
|
|
||||||
|
Debian package maintainers :
|
||||||
|
Kevin Tanguy, OVH <kevin.tanguy@corp.ovh.com>
|
22
README
22
README
@ -1,22 +0,0 @@
|
|||||||
# CIS Debian 7 Hardening git repository
|
|
||||||
# Authors : Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com>
|
|
||||||
# This is the code base which will be used to fill CIS hardening requirements
|
|
||||||
|
|
||||||
# Hardening scripts :
|
|
||||||
# bin/hardening : Every script has a .cfg associated, status must be defined here
|
|
||||||
|
|
||||||
# Configuration
|
|
||||||
# etc/hardening.cfg : Global variables defined such as backup directory, or log level
|
|
||||||
# etc/conf.d : Folder with all .cfg associated to hardening scripts
|
|
||||||
|
|
||||||
# Status parameter will define on each script if it has to be disabled (do nothing), audit (RO), enabled (RW)
|
|
||||||
# Enabled will perform audit and most of the time correct your system accordingly.
|
|
||||||
# There is exceptions as it is difficult to know how you want to correct that.
|
|
||||||
|
|
||||||
# Main script :
|
|
||||||
# bin/hardening.sh : Will execute hardening according to configuration
|
|
||||||
# Options are :
|
|
||||||
# --apply : Will apply hardening when scripts have status enabled (RW), and audit points where status is audit (RO)
|
|
||||||
# --audit : Will audit hardening when scripts have status enabled or audit (RO)
|
|
||||||
# --audit-all : Apply audit (RO) on all scripts
|
|
||||||
# --audit-all-enable-passed : Apply audit (RO) on all scripts, and *modify* configuration files to enable scripts that passed. In other words, this is an easy way to enable scripts for which you're already compliant. However, please always review each activated script afterwards, this option should only be regarded as a way to kickstart a configuration from scratch faster than otherwise. Don't run this if you have already customized the scripts enable/disable configurations, obviously.
|
|
49
README.md
49
README.md
@ -4,15 +4,37 @@ Modular Debian 7 security hardening scripts based on [cisecurity.org](cisecurity
|
|||||||
recommendations. We use it at [OVH](https://ovh.com) to harden our PCI-DSS infrastructure.
|
recommendations. We use it at [OVH](https://ovh.com) to harden our PCI-DSS infrastructure.
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ bin/hardening.sh --audit
|
$ bin/hardening.sh --audit-all
|
||||||
TODO: some eye catchy output
|
[...]
|
||||||
|
hardening [INFO] Treating /opt/cis-hardening/bin/hardening/13.15_check_duplicate_gid.sh
|
||||||
|
13.15_check_duplicate_gid [INFO] Working on 13.15_check_duplicate_gid
|
||||||
|
13.15_check_duplicate_gid [INFO] Checking Configuration
|
||||||
|
13.15_check_duplicate_gid [INFO] Performing audit
|
||||||
|
13.15_check_duplicate_gid [ OK ] No duplicate GIDs
|
||||||
|
13.15_check_duplicate_gid [ OK ] Check Passed
|
||||||
|
[...]
|
||||||
|
################### SUMMARY ###################
|
||||||
|
Total Available Checks : 191
|
||||||
|
Total Runned Checks : 191
|
||||||
|
Total Passed Checks : [ 170/191 ]
|
||||||
|
Total Failed Checks : [ 21/191 ]
|
||||||
|
Enabled Checks Percentage : 100.00 %
|
||||||
|
Conformity Percentage : 89.01 %
|
||||||
```
|
```
|
||||||
|
|
||||||
## Quickstart
|
## Quickstart
|
||||||
|
|
||||||
```console
|
```console
|
||||||
$ git clone https://github.com/ovh/debian-cis.git && debian-cis
|
$ git clone https://github.com/ovh/debian-cis.git && cd debian-cis
|
||||||
$ some-example-command
|
$ cp debian/default /etc/default/cis_hardening
|
||||||
|
$ bin/hardening/1.1_install_updates.sh --audit-all
|
||||||
|
1.1_install_updates [INFO] Working on 1.1_install_updates
|
||||||
|
1.1_install_updates [INFO] Checking Configuration
|
||||||
|
1.1_install_updates [INFO] Performing audit
|
||||||
|
1.1_install_updates [INFO] Checking if apt needs an update
|
||||||
|
1.1_install_updates [INFO] Fetching upgrades ...
|
||||||
|
1.1_install_updates [ OK ] No upgrades available
|
||||||
|
1.1_install_updates [ OK ] Check Passed
|
||||||
```
|
```
|
||||||
|
|
||||||
## Usage
|
## Usage
|
||||||
@ -62,18 +84,29 @@ if you have already started to customize your configuration.
|
|||||||
**Getting the source**
|
**Getting the source**
|
||||||
|
|
||||||
```console
|
```console
|
||||||
git clone https://github.com/ovh/debian-cis.git
|
$ git clone https://github.com/ovh/debian-cis.git
|
||||||
```
|
```
|
||||||
|
|
||||||
**Building a debian Package** (the hacky way)
|
**Building a debian Package** (the hacky way)
|
||||||
|
|
||||||
```console
|
```console
|
||||||
debuild -us -uc
|
$ debuild -us -uc
|
||||||
```
|
```
|
||||||
|
|
||||||
**Adding a custom hardening script**
|
**Adding a custom hardening script**
|
||||||
|
|
||||||
TODO
|
```console
|
||||||
|
$ cp src/skel bin/hardening/99.99_custom_script.sh
|
||||||
|
$ chmod +x bin/hardening/99.99_custom_script.sh
|
||||||
|
$ cp src/skel.cfg etc/conf.d/99.99_custom_script.cfg
|
||||||
|
```
|
||||||
|
|
||||||
|
Code your check explaining what it does then if you want to test
|
||||||
|
|
||||||
|
```console
|
||||||
|
$ sed -i "s/status=.+/status=enabled/" etc/conf.d/99.99_custom_script.cfg
|
||||||
|
$ ./bin/hardening/99.99_custom_script.sh
|
||||||
|
```
|
||||||
|
|
||||||
## Disclaimer
|
## Disclaimer
|
||||||
|
|
||||||
@ -97,7 +130,7 @@ Additionally, quoting the License:
|
|||||||
|
|
||||||
## Reference
|
## Reference
|
||||||
|
|
||||||
- **Center for Internet Securiy**: https://www.cisecurity.org/
|
- **Center for Internet Security**: https://www.cisecurity.org/
|
||||||
- **CIS recommendations**: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=debian7.100
|
- **CIS recommendations**: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=debian7.100
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
8
debian/changelog
vendored
8
debian/changelog
vendored
@ -1,3 +1,11 @@
|
|||||||
|
cis-hardening (1.0-4) wheezy; urgency=low
|
||||||
|
|
||||||
|
* added AUTHORS file
|
||||||
|
* s/README/README.md/ with more details
|
||||||
|
* manpage extracted from README
|
||||||
|
|
||||||
|
-- Kevin Tanguy <kevin.tanguy@ovh.net> Thu, 21 Apr 2016 11:57:39 +0200
|
||||||
|
|
||||||
cis-hardening (1.0-3) wheezy; urgency=low
|
cis-hardening (1.0-3) wheezy; urgency=low
|
||||||
|
|
||||||
* add --audit-all option
|
* add --audit-all option
|
||||||
|
154
debian/cis-hardening.8
vendored
Normal file
154
debian/cis-hardening.8
vendored
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
.TH "CIS Debian 7 Hardening" 8 "OVH Group"
|
||||||
|
.SH NAME
|
||||||
|
cis-hardening - CIS Debian 7 Hardening
|
||||||
|
.PP
|
||||||
|
.SH DESCRIPTION
|
||||||
|
.PP
|
||||||
|
Modular Debian 7 security hardening scripts based on cisecurity.org \[la]cisecurity.org\[ra]
|
||||||
|
recommendations. We use it at OVH \[la]https://ovh.com\[ra] to harden our PCI\-DSS infrastructure.
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
.nf
|
||||||
|
$ bin/hardening.sh \-\-audit\-all
|
||||||
|
[...]
|
||||||
|
hardening [INFO] Treating /opt/cis\-hardening/bin/hardening/13.15_check_duplicate_gid.sh
|
||||||
|
13.15_check_duplicate_gid [INFO] Working on 13.15_check_duplicate_gid
|
||||||
|
13.15_check_duplicate_gid [INFO] Checking Configuration
|
||||||
|
13.15_check_duplicate_gid [INFO] Performing audit
|
||||||
|
13.15_check_duplicate_gid [ OK ] No duplicate GIDs
|
||||||
|
13.15_check_duplicate_gid [ OK ] Check Passed
|
||||||
|
[...]
|
||||||
|
################### SUMMARY ###################
|
||||||
|
Total Available Checks : 191
|
||||||
|
Total Runned Checks : 191
|
||||||
|
Total Passed Checks : [ 170/191 ]
|
||||||
|
Total Failed Checks : [ 21/191 ]
|
||||||
|
Enabled Checks Percentage : 100.00 %
|
||||||
|
Conformity Percentage : 89.01 %
|
||||||
|
.fi
|
||||||
|
.RE
|
||||||
|
.SH Quickstart
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
.nf
|
||||||
|
$ git clone https://github.com/ovh/debian\-cis.git && cd debian\-cis
|
||||||
|
$ cp debian/default /etc/default/cis_hardening
|
||||||
|
$ bin/hardening/1.1_install_updates.sh \-\-audit\-all
|
||||||
|
1.1_install_updates [INFO] Working on 1.1_install_updates
|
||||||
|
1.1_install_updates [INFO] Checking Configuration
|
||||||
|
1.1_install_updates [INFO] Performing audit
|
||||||
|
1.1_install_updates [INFO] Checking if apt needs an update
|
||||||
|
1.1_install_updates [INFO] Fetching upgrades ...
|
||||||
|
1.1_install_updates [ OK ] No upgrades available
|
||||||
|
1.1_install_updates [ OK ] Check Passed
|
||||||
|
.fi
|
||||||
|
.RE
|
||||||
|
.SH Usage
|
||||||
|
.SS Configuration
|
||||||
|
.PP
|
||||||
|
Hardening scripts are in \fB\fCbin/hardening\fR\&. Each script has a corresponding
|
||||||
|
configuration file in \fB\fCetc/conf.d/[script_name].cfg\fR\&.
|
||||||
|
.PP
|
||||||
|
Each hardening script can be individually enabled from its configuration file.
|
||||||
|
For example, this is the default configuration file for \fB\fCdisable_system_accounts\fR:
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
.nf
|
||||||
|
# Configuration for script of same name
|
||||||
|
status=disabled
|
||||||
|
# Put here your exceptions concerning admin accounts shells separated by spaces
|
||||||
|
EXCEPTIONS=""
|
||||||
|
.fi
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fB\fCstatus\fR parameter may take 3 values:
|
||||||
|
\fB\fCdisabled\fR (do nothing): The script will not run.
|
||||||
|
\fB\fCaudit\fR (RO): The script will check if any change \fIshould\fP be applied.
|
||||||
|
\fB\fCenabled\fR (RW): The script will check if any change should be done and automatically apply what it can.
|
||||||
|
.PP
|
||||||
|
Global configuration is in \fB\fCetc/hardening.cfg\fR\&. This file controls the log level
|
||||||
|
as well as the backup directory. Whenever a script is instructed to edit a file, it
|
||||||
|
will create a timestamped backup in this directory.
|
||||||
|
.SS Run aka "Harden your distro"
|
||||||
|
.PP
|
||||||
|
To run the checks and apply the fixes, run \fB\fCbin/hardening.sh\fR\&.
|
||||||
|
.PP
|
||||||
|
This command has 2 main operation modes:
|
||||||
|
\fB\fC\-\-audit\fR: Audit your system with all enabled and audit mode scripts
|
||||||
|
\fB\fC\-\-apply\fR: Audit your system with all enabled and audit mode scripts and apply changes for enabled scripts
|
||||||
|
.PP
|
||||||
|
Additionally, \fB\fC\-\-audit\-all\fR can be used to force running all auditing scripts,
|
||||||
|
including disabled ones. this will \fInot\fP change the system.
|
||||||
|
.PP
|
||||||
|
\fB\fC\-\-audit\-all\-enable\-passed\fR can be used as a quick way to kickstart your
|
||||||
|
configuration. It will run all scripts in audit mode. If a script passes,
|
||||||
|
it will automatically be enabled for future runs. Do NOT use this option
|
||||||
|
if you have already started to customize your configuration.
|
||||||
|
.SH Hacking
|
||||||
|
.PP
|
||||||
|
\fBGetting the source\fP
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
.nf
|
||||||
|
$ git clone https://github.com/ovh/debian\-cis.git
|
||||||
|
.fi
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBBuilding a debian Package\fP (the hacky way)
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
.nf
|
||||||
|
$ debuild \-us \-uc
|
||||||
|
.fi
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
\fBAdding a custom hardening script\fP
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
.nf
|
||||||
|
$ cp src/skel bin/hardening/99.99_custom_script.sh
|
||||||
|
$ chmod +x bin/hardening/99.99_custom_script.sh
|
||||||
|
$ cp src/skel.cfg etc/conf.d/99.99_custom_script.cfg
|
||||||
|
.fi
|
||||||
|
.RE
|
||||||
|
.PP
|
||||||
|
Code your check explaining what it does then if you want to test
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
.nf
|
||||||
|
$ sed \-i "s/status=.+/status=enabled/" etc/conf.d/99.99_custom_script.cfg
|
||||||
|
$ ./bin/hardening/99.99_custom_script.sh
|
||||||
|
.fi
|
||||||
|
.RE
|
||||||
|
.SH Disclaimer
|
||||||
|
.PP
|
||||||
|
This project is a set of tools. They are meant to help the system administrator
|
||||||
|
built a secure environment. While we use it at OVH to harden our PCI\-DSS compliant
|
||||||
|
infrastructure, we can not guarantee that it will work for you. It will not
|
||||||
|
magically secure any random host.
|
||||||
|
.PP
|
||||||
|
Additionally, quoting the License:
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
THIS SOFTWARE IS PROVIDED BY OVH SAS AND CONTRIBUTORS ``AS IS'' AND ANY
|
||||||
|
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||||
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||||
|
DISCLAIMED. IN NO EVENT SHALL OVH SAS AND CONTRIBUTORS BE LIABLE FOR ANY
|
||||||
|
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||||
|
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||||
|
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
.RE
|
||||||
|
.SH Reference
|
||||||
|
.PP
|
||||||
|
.RS
|
||||||
|
.nf
|
||||||
|
**Center for Internet Security**: https://www.cisecurity.org/
|
||||||
|
**CIS recommendations**: https://benchmarks.cisecurity.org/downloads/show\-single/index.cfm?file=debian7.100
|
||||||
|
.fi
|
||||||
|
.RE
|
||||||
|
.SH License
|
||||||
|
.PP
|
||||||
|
3\-Clause BSD
|
382
debian/conffiles
vendored
382
debian/conffiles
vendored
@ -1,191 +1,191 @@
|
|||||||
opt/cis-hardening/etc/conf.d/1.1_install_updates.cfg
|
/opt/cis-hardening/etc/conf.d/1.1_install_updates.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.1_tmp_partition.cfg
|
/opt/cis-hardening/etc/conf.d/2.1_tmp_partition.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.2_tmp_nodev.cfg
|
/opt/cis-hardening/etc/conf.d/2.2_tmp_nodev.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.3_tmp_nosuid.cfg
|
/opt/cis-hardening/etc/conf.d/2.3_tmp_nosuid.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.4_tmp_noexec.cfg
|
/opt/cis-hardening/etc/conf.d/2.4_tmp_noexec.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.5_var_partition.cfg
|
/opt/cis-hardening/etc/conf.d/2.5_var_partition.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.6.1_var_tmp_partition.cfg
|
/opt/cis-hardening/etc/conf.d/2.6.1_var_tmp_partition.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.6.2_var_tmp_nodev.cfg
|
/opt/cis-hardening/etc/conf.d/2.6.2_var_tmp_nodev.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.6.3_var_tmp_nosuid.cfg
|
/opt/cis-hardening/etc/conf.d/2.6.3_var_tmp_nosuid.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.6.4_var_tmp_noexec.cfg
|
/opt/cis-hardening/etc/conf.d/2.6.4_var_tmp_noexec.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.7_var_log_partition.cfg
|
/opt/cis-hardening/etc/conf.d/2.7_var_log_partition.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.8_var_log_audit_partition.cfg
|
/opt/cis-hardening/etc/conf.d/2.8_var_log_audit_partition.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.9_home_partition.cfg
|
/opt/cis-hardening/etc/conf.d/2.9_home_partition.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.10_home_nodev.cfg
|
/opt/cis-hardening/etc/conf.d/2.10_home_nodev.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.11_removable_device_nodev.cfg
|
/opt/cis-hardening/etc/conf.d/2.11_removable_device_nodev.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.12_removable_device_noexec.cfg
|
/opt/cis-hardening/etc/conf.d/2.12_removable_device_noexec.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.13_removable_device_nosuid.cfg
|
/opt/cis-hardening/etc/conf.d/2.13_removable_device_nosuid.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.14_run_shm_nodev.cfg
|
/opt/cis-hardening/etc/conf.d/2.14_run_shm_nodev.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.15_run_shm_nosuid.cfg
|
/opt/cis-hardening/etc/conf.d/2.15_run_shm_nosuid.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.16_run_shm_noexec.cfg
|
/opt/cis-hardening/etc/conf.d/2.16_run_shm_noexec.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.17_sticky_bit_world_writable_folder.cfg
|
/opt/cis-hardening/etc/conf.d/2.17_sticky_bit_world_writable_folder.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.18_disable_cramfs.cfg
|
/opt/cis-hardening/etc/conf.d/2.18_disable_cramfs.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.19_disable_freevxfs.cfg
|
/opt/cis-hardening/etc/conf.d/2.19_disable_freevxfs.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.20_disable_jffs2.cfg
|
/opt/cis-hardening/etc/conf.d/2.20_disable_jffs2.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.21_disable_hfs.cfg
|
/opt/cis-hardening/etc/conf.d/2.21_disable_hfs.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.22_disable_hfsplus.cfg
|
/opt/cis-hardening/etc/conf.d/2.22_disable_hfsplus.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.23_disable_squashfs.cfg
|
/opt/cis-hardening/etc/conf.d/2.23_disable_squashfs.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.24_disable_udf.cfg
|
/opt/cis-hardening/etc/conf.d/2.24_disable_udf.cfg
|
||||||
opt/cis-hardening/etc/conf.d/2.25_disable_automounting.cfg
|
/opt/cis-hardening/etc/conf.d/2.25_disable_automounting.cfg
|
||||||
opt/cis-hardening/etc/conf.d/3.1_bootloader_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/3.1_bootloader_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/3.2_bootloader_permissions.cfg
|
/opt/cis-hardening/etc/conf.d/3.2_bootloader_permissions.cfg
|
||||||
opt/cis-hardening/etc/conf.d/3.3_bootloader_password.cfg
|
/opt/cis-hardening/etc/conf.d/3.3_bootloader_password.cfg
|
||||||
opt/cis-hardening/etc/conf.d/3.4_root_password.cfg
|
/opt/cis-hardening/etc/conf.d/3.4_root_password.cfg
|
||||||
opt/cis-hardening/etc/conf.d/4.1_restrict_core_dumps.cfg
|
/opt/cis-hardening/etc/conf.d/4.1_restrict_core_dumps.cfg
|
||||||
opt/cis-hardening/etc/conf.d/4.2_enable_nx_support.cfg
|
/opt/cis-hardening/etc/conf.d/4.2_enable_nx_support.cfg
|
||||||
opt/cis-hardening/etc/conf.d/4.3_enable_randomized_vm_placement.cfg
|
/opt/cis-hardening/etc/conf.d/4.3_enable_randomized_vm_placement.cfg
|
||||||
opt/cis-hardening/etc/conf.d/4.4_disable_prelink.cfg
|
/opt/cis-hardening/etc/conf.d/4.4_disable_prelink.cfg
|
||||||
opt/cis-hardening/etc/conf.d/4.5_enable_apparmor.cfg
|
/opt/cis-hardening/etc/conf.d/4.5_enable_apparmor.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.1.1_disable_nis.cfg
|
/opt/cis-hardening/etc/conf.d/5.1.1_disable_nis.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.1.2_disable_rsh.cfg
|
/opt/cis-hardening/etc/conf.d/5.1.2_disable_rsh.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.1.3_disable_rsh_client.cfg
|
/opt/cis-hardening/etc/conf.d/5.1.3_disable_rsh_client.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.1.4_disable_talk.cfg
|
/opt/cis-hardening/etc/conf.d/5.1.4_disable_talk.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.1.5_disable_talk_client.cfg
|
/opt/cis-hardening/etc/conf.d/5.1.5_disable_talk_client.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.1.6_disable_telnet_server.cfg
|
/opt/cis-hardening/etc/conf.d/5.1.6_disable_telnet_server.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.1.7_disable_tftp_server.cfg
|
/opt/cis-hardening/etc/conf.d/5.1.7_disable_tftp_server.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.1.8_disable_inetd.cfg
|
/opt/cis-hardening/etc/conf.d/5.1.8_disable_inetd.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.2_disable_chargen.cfg
|
/opt/cis-hardening/etc/conf.d/5.2_disable_chargen.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.3_disable_daytime.cfg
|
/opt/cis-hardening/etc/conf.d/5.3_disable_daytime.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.4_disable_echo.cfg
|
/opt/cis-hardening/etc/conf.d/5.4_disable_echo.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.5_disable_discard.cfg
|
/opt/cis-hardening/etc/conf.d/5.5_disable_discard.cfg
|
||||||
opt/cis-hardening/etc/conf.d/5.6_disable_time.cfg
|
/opt/cis-hardening/etc/conf.d/5.6_disable_time.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.1_disable_xwindow_system.cfg
|
/opt/cis-hardening/etc/conf.d/6.1_disable_xwindow_system.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.2_disable_avahi_server.cfg
|
/opt/cis-hardening/etc/conf.d/6.2_disable_avahi_server.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.3_disable_print_server.cfg
|
/opt/cis-hardening/etc/conf.d/6.3_disable_print_server.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.4_disable_dhcp.cfg
|
/opt/cis-hardening/etc/conf.d/6.4_disable_dhcp.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.5_configure_ntp.cfg
|
/opt/cis-hardening/etc/conf.d/6.5_configure_ntp.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.6_disable_ldap.cfg
|
/opt/cis-hardening/etc/conf.d/6.6_disable_ldap.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.7_disable_nfs_rpc.cfg
|
/opt/cis-hardening/etc/conf.d/6.7_disable_nfs_rpc.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.8_disable_dns_server.cfg
|
/opt/cis-hardening/etc/conf.d/6.8_disable_dns_server.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.9_disable_ftp.cfg
|
/opt/cis-hardening/etc/conf.d/6.9_disable_ftp.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.10_disable_http_server.cfg
|
/opt/cis-hardening/etc/conf.d/6.10_disable_http_server.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.11_disable_imap_pop.cfg
|
/opt/cis-hardening/etc/conf.d/6.11_disable_imap_pop.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.12_disable_samba.cfg
|
/opt/cis-hardening/etc/conf.d/6.12_disable_samba.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.13_disable_http_proxy.cfg
|
/opt/cis-hardening/etc/conf.d/6.13_disable_http_proxy.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.14_disable_snmp_server.cfg
|
/opt/cis-hardening/etc/conf.d/6.14_disable_snmp_server.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.15_mta_localhost.cfg
|
/opt/cis-hardening/etc/conf.d/6.15_mta_localhost.cfg
|
||||||
opt/cis-hardening/etc/conf.d/6.16_disable_rsync.cfg
|
/opt/cis-hardening/etc/conf.d/6.16_disable_rsync.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.1.1_disable_ip_forwarding.cfg
|
/opt/cis-hardening/etc/conf.d/7.1.1_disable_ip_forwarding.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.1.2_disable_send_packet_redirects.cfg
|
/opt/cis-hardening/etc/conf.d/7.1.2_disable_send_packet_redirects.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.2.1_disable_source_routed_packets.cfg
|
/opt/cis-hardening/etc/conf.d/7.2.1_disable_source_routed_packets.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.2.2_disable_icmp_redirect.cfg
|
/opt/cis-hardening/etc/conf.d/7.2.2_disable_icmp_redirect.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.2.3_disable_secure_icmp_redirect.cfg
|
/opt/cis-hardening/etc/conf.d/7.2.3_disable_secure_icmp_redirect.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.2.4_log_martian_packets.cfg
|
/opt/cis-hardening/etc/conf.d/7.2.4_log_martian_packets.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.2.5_ignore_broadcast_requests.cfg
|
/opt/cis-hardening/etc/conf.d/7.2.5_ignore_broadcast_requests.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.2.6_enable_bad_error_message_protection.cfg
|
/opt/cis-hardening/etc/conf.d/7.2.6_enable_bad_error_message_protection.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.2.7_enable_source_route_validation.cfg
|
/opt/cis-hardening/etc/conf.d/7.2.7_enable_source_route_validation.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.2.8_enable_tcp_syn_cookies.cfg
|
/opt/cis-hardening/etc/conf.d/7.2.8_enable_tcp_syn_cookies.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.3.1_disable_ipv6_router_advertisement.cfg
|
/opt/cis-hardening/etc/conf.d/7.3.1_disable_ipv6_router_advertisement.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.3.2_disable_ipv6_redirect.cfg
|
/opt/cis-hardening/etc/conf.d/7.3.2_disable_ipv6_redirect.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.3.3_disable_ipv6.cfg
|
/opt/cis-hardening/etc/conf.d/7.3.3_disable_ipv6.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.4.1_install_tcp_wrapper.cfg
|
/opt/cis-hardening/etc/conf.d/7.4.1_install_tcp_wrapper.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.4.2_hosts_allow.cfg
|
/opt/cis-hardening/etc/conf.d/7.4.2_hosts_allow.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.4.3_hosts_allow_permissions.cfg
|
/opt/cis-hardening/etc/conf.d/7.4.3_hosts_allow_permissions.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.4.4_hosts_deny.cfg
|
/opt/cis-hardening/etc/conf.d/7.4.4_hosts_deny.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.4.5_hosts_deny_permissions.cfg
|
/opt/cis-hardening/etc/conf.d/7.4.5_hosts_deny_permissions.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.5.1_disable_dccp.cfg
|
/opt/cis-hardening/etc/conf.d/7.5.1_disable_dccp.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.5.2_disable_sctp.cfg
|
/opt/cis-hardening/etc/conf.d/7.5.2_disable_sctp.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.5.3_disable_rds.cfg
|
/opt/cis-hardening/etc/conf.d/7.5.3_disable_rds.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.5.4_disable_tipc.cfg
|
/opt/cis-hardening/etc/conf.d/7.5.4_disable_tipc.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.6_disable_wireless.cfg
|
/opt/cis-hardening/etc/conf.d/7.6_disable_wireless.cfg
|
||||||
opt/cis-hardening/etc/conf.d/7.7_enable_firewall.cfg
|
/opt/cis-hardening/etc/conf.d/7.7_enable_firewall.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.0_enable_auditd_kernel.cfg
|
/opt/cis-hardening/etc/conf.d/8.0_enable_auditd_kernel.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.1.1_audit_log_storage.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.1.1_audit_log_storage.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.1.2_halt_when_audit_log_full.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.1.2_halt_when_audit_log_full.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.1.3_keep_all_audit_logs.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.1.3_keep_all_audit_logs.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.2_enable_auditd.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.2_enable_auditd.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.3_audit_bootloader.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.3_audit_bootloader.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.4_record_date_time_edit.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.4_record_date_time_edit.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.5_record_user_group_edit.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.5_record_user_group_edit.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.6_record_network_edit.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.6_record_network_edit.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.7_record_mac_edit.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.7_record_mac_edit.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.8_record_login_logout.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.8_record_login_logout.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.9_record_session_init.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.9_record_session_init.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.10_record_dac_edit.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.10_record_dac_edit.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.11_record_failed_access_file.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.11_record_failed_access_file.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.12_record_privileged_commands.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.12_record_privileged_commands.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.13_record_successful_mount.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.13_record_successful_mount.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.14_record_file_deletions.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.14_record_file_deletions.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.15_record_sudoers_edit.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.15_record_sudoers_edit.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.16_record_sudo_usage.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.16_record_sudo_usage.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.17_record_kernel_modules.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.17_record_kernel_modules.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.1.18_freeze_auditd_conf.cfg
|
/opt/cis-hardening/etc/conf.d/8.1.18_freeze_auditd_conf.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.2.1_install_syslog-ng.cfg
|
/opt/cis-hardening/etc/conf.d/8.2.1_install_syslog-ng.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.2.2_enable_syslog-ng.cfg
|
/opt/cis-hardening/etc/conf.d/8.2.2_enable_syslog-ng.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.2.3_configure_syslog-ng.cfg
|
/opt/cis-hardening/etc/conf.d/8.2.3_configure_syslog-ng.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.2.4_set_logfile_perm.cfg
|
/opt/cis-hardening/etc/conf.d/8.2.4_set_logfile_perm.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg
|
/opt/cis-hardening/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.2.6_remote_syslog-ng_acl.cfg
|
/opt/cis-hardening/etc/conf.d/8.2.6_remote_syslog-ng_acl.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.3.1_install_tripwire.cfg
|
/opt/cis-hardening/etc/conf.d/8.3.1_install_tripwire.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.3.2_tripwire_cron.cfg
|
/opt/cis-hardening/etc/conf.d/8.3.2_tripwire_cron.cfg
|
||||||
opt/cis-hardening/etc/conf.d/8.4_configure_logrotate.cfg
|
/opt/cis-hardening/etc/conf.d/8.4_configure_logrotate.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.1.1_enable_cron.cfg
|
/opt/cis-hardening/etc/conf.d/9.1.1_enable_cron.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.1.2_crontab_perm_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/9.1.2_crontab_perm_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.1.3_cron_hourly_perm_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/9.1.3_cron_hourly_perm_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.1.4_cron_daily_perm_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/9.1.4_cron_daily_perm_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.1.5_cron_weekly_perm_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/9.1.5_cron_weekly_perm_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.1.6_cron_monthly_perm_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/9.1.6_cron_monthly_perm_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.1.7_cron_d_perm_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/9.1.7_cron_d_perm_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.1.8_cron_users.cfg
|
/opt/cis-hardening/etc/conf.d/9.1.8_cron_users.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.2.1_enable_cracklib.cfg
|
/opt/cis-hardening/etc/conf.d/9.2.1_enable_cracklib.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg
|
/opt/cis-hardening/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.2.3_limit_password_reuse.cfg
|
/opt/cis-hardening/etc/conf.d/9.2.3_limit_password_reuse.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.1_sshd_protocol.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.1_sshd_protocol.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.2_sshd_loglevel.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.2_sshd_loglevel.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.4_disable_x11_forwarding.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.4_disable_x11_forwarding.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.5_sshd_maxauthtries.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.5_sshd_maxauthtries.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.8_disable_root_login.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.8_disable_root_login.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.10_disable_sshd_setenv.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.10_disable_sshd_setenv.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.11_sshd_ciphers.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.11_sshd_ciphers.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.12_sshd_idle_timeout.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.12_sshd_idle_timeout.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.13_sshd_limit_access.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.13_sshd_limit_access.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.3.14_ssh_banner.cfg
|
/opt/cis-hardening/etc/conf.d/9.3.14_ssh_banner.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.4_secure_tty.cfg
|
/opt/cis-hardening/etc/conf.d/9.4_secure_tty.cfg
|
||||||
opt/cis-hardening/etc/conf.d/9.5_restrict_su.cfg
|
/opt/cis-hardening/etc/conf.d/9.5_restrict_su.cfg
|
||||||
opt/cis-hardening/etc/conf.d/10.1.1_set_password_exp_days.cfg
|
/opt/cis-hardening/etc/conf.d/10.1.1_set_password_exp_days.cfg
|
||||||
opt/cis-hardening/etc/conf.d/10.1.2_set_password_min_days_change.cfg
|
/opt/cis-hardening/etc/conf.d/10.1.2_set_password_min_days_change.cfg
|
||||||
opt/cis-hardening/etc/conf.d/10.1.3_set_password_exp_warning_days.cfg
|
/opt/cis-hardening/etc/conf.d/10.1.3_set_password_exp_warning_days.cfg
|
||||||
opt/cis-hardening/etc/conf.d/10.2_disable_system_accounts.cfg
|
/opt/cis-hardening/etc/conf.d/10.2_disable_system_accounts.cfg
|
||||||
opt/cis-hardening/etc/conf.d/10.3_default_root_group.cfg
|
/opt/cis-hardening/etc/conf.d/10.3_default_root_group.cfg
|
||||||
opt/cis-hardening/etc/conf.d/10.4_default_umask.cfg
|
/opt/cis-hardening/etc/conf.d/10.4_default_umask.cfg
|
||||||
opt/cis-hardening/etc/conf.d/10.5_lock_inactive_user_account.cfg
|
/opt/cis-hardening/etc/conf.d/10.5_lock_inactive_user_account.cfg
|
||||||
opt/cis-hardening/etc/conf.d/11.1_warning_banners.cfg
|
/opt/cis-hardening/etc/conf.d/11.1_warning_banners.cfg
|
||||||
opt/cis-hardening/etc/conf.d/11.2_remove_os_info_warning_banners.cfg
|
/opt/cis-hardening/etc/conf.d/11.2_remove_os_info_warning_banners.cfg
|
||||||
opt/cis-hardening/etc/conf.d/11.3_graphical_warning_banners.cfg
|
/opt/cis-hardening/etc/conf.d/11.3_graphical_warning_banners.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.1_etc_passwd_permissions.cfg
|
/opt/cis-hardening/etc/conf.d/12.1_etc_passwd_permissions.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.2_etc_shadow_permissions.cfg
|
/opt/cis-hardening/etc/conf.d/12.2_etc_shadow_permissions.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.3_etc_group_permissions.cfg
|
/opt/cis-hardening/etc/conf.d/12.3_etc_group_permissions.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.4_etc_passwd_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/12.4_etc_passwd_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.5_etc_shadow_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/12.5_etc_shadow_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.6_etc_group_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/12.6_etc_group_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.7_find_world_writable_file.cfg
|
/opt/cis-hardening/etc/conf.d/12.7_find_world_writable_file.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.8_find_unowned_files.cfg
|
/opt/cis-hardening/etc/conf.d/12.8_find_unowned_files.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.9_find_ungrouped_files.cfg
|
/opt/cis-hardening/etc/conf.d/12.9_find_ungrouped_files.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.10_find_suid_files.cfg
|
/opt/cis-hardening/etc/conf.d/12.10_find_suid_files.cfg
|
||||||
opt/cis-hardening/etc/conf.d/12.11_find_sgid_files.cfg
|
/opt/cis-hardening/etc/conf.d/12.11_find_sgid_files.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.1_remove_empty_password_field.cfg
|
/opt/cis-hardening/etc/conf.d/13.1_remove_empty_password_field.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.2_remove_legacy_passwd_entries.cfg
|
/opt/cis-hardening/etc/conf.d/13.2_remove_legacy_passwd_entries.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.3_remove_legacy_shadow_entries.cfg
|
/opt/cis-hardening/etc/conf.d/13.3_remove_legacy_shadow_entries.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.4_remove_legacy_group_entries.cfg
|
/opt/cis-hardening/etc/conf.d/13.4_remove_legacy_group_entries.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.5_find_0_uid_non_root_account.cfg
|
/opt/cis-hardening/etc/conf.d/13.5_find_0_uid_non_root_account.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.6_sanitize_root_path.cfg
|
/opt/cis-hardening/etc/conf.d/13.6_sanitize_root_path.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.7_check_user_dir_perm.cfg
|
/opt/cis-hardening/etc/conf.d/13.7_check_user_dir_perm.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.8_check_user_dot_file_perm.cfg
|
/opt/cis-hardening/etc/conf.d/13.8_check_user_dot_file_perm.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.9_set_perm_on_user_netrc.cfg
|
/opt/cis-hardening/etc/conf.d/13.9_set_perm_on_user_netrc.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.10_find_user_rhosts_files.cfg
|
/opt/cis-hardening/etc/conf.d/13.10_find_user_rhosts_files.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.11_find_passwd_group_inconsistencies.cfg
|
/opt/cis-hardening/etc/conf.d/13.11_find_passwd_group_inconsistencies.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.12_users_valid_homedir.cfg
|
/opt/cis-hardening/etc/conf.d/13.12_users_valid_homedir.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.13_check_user_homedir_ownership.cfg
|
/opt/cis-hardening/etc/conf.d/13.13_check_user_homedir_ownership.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.14_check_duplicate_uid.cfg
|
/opt/cis-hardening/etc/conf.d/13.14_check_duplicate_uid.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.15_check_duplicate_gid.cfg
|
/opt/cis-hardening/etc/conf.d/13.15_check_duplicate_gid.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.16_check_duplicate_username.cfg
|
/opt/cis-hardening/etc/conf.d/13.16_check_duplicate_username.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.17_check_duplicate_groupname.cfg
|
/opt/cis-hardening/etc/conf.d/13.17_check_duplicate_groupname.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.18_find_user_netrc_files.cfg
|
/opt/cis-hardening/etc/conf.d/13.18_find_user_netrc_files.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.19_find_user_forward_files.cfg
|
/opt/cis-hardening/etc/conf.d/13.19_find_user_forward_files.cfg
|
||||||
opt/cis-hardening/etc/conf.d/13.20_shadow_group_empty.cfg
|
/opt/cis-hardening/etc/conf.d/13.20_shadow_group_empty.cfg
|
||||||
opt/cis-hardening/etc/conf.d/99.1_timeout_tty.cfg
|
/opt/cis-hardening/etc/conf.d/99.1_timeout_tty.cfg
|
||||||
opt/cis-hardening/etc/conf.d/99.2_disable_usb_devices.cfg
|
/opt/cis-hardening/etc/conf.d/99.2_disable_usb_devices.cfg
|
||||||
|
8
debian/control
vendored
8
debian/control
vendored
@ -1,15 +1,17 @@
|
|||||||
Source: cis-hardening
|
Source: cis-hardening
|
||||||
Section: ovh
|
Section: admin
|
||||||
Priority: extra
|
Priority: extra
|
||||||
Maintainer: Kevin Tanguy <kevin.tanguy@ovh.net>
|
Maintainer: Kevin Tanguy <kevin.tanguy@ovh.net>
|
||||||
Build-Depends: debhelper (>= 8.0.0)
|
Build-Depends: debhelper (>= 8.0.0)
|
||||||
Standards-Version: 3.9.3
|
Standards-Version: 3.9.3
|
||||||
Homepage: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=debian7.100
|
Homepage: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=debian7.100
|
||||||
Vcs-Git: git@github.com:ovh/debian-cis.git
|
Vcs-Git: https://github.com/ovh/debian-cis.git
|
||||||
Vcs-Browser: https://github.com/ovh/debian-cis/
|
Vcs-Browser: https://github.com/ovh/debian-cis/
|
||||||
|
|
||||||
Package: cis-hardening
|
Package: cis-hardening
|
||||||
Architecture: all
|
Architecture: all
|
||||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||||
Description: Suite of configurable scripts to audit or harden a Debian Wheezy.
|
Description: Suite of configurable scripts to audit or harden a Debian Wheezy.
|
||||||
|
Modular Debian 7 security hardening scripts based on cisecurity.org
|
||||||
|
⟨cisecurity.org⟩ recommendations. We use it at OVH ⟨https://ovh.com⟩ to
|
||||||
|
harden our PCI-DSS infrastructure.
|
||||||
|
1
debian/copyright
vendored
Symbolic link
1
debian/copyright
vendored
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../LICENSE
|
1
debian/lintian-overrides
vendored
Normal file
1
debian/lintian-overrides
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
cis-hardening binary: non-etc-file-marked-as-conffile
|
1
debian/manpages
vendored
Normal file
1
debian/manpages
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
debian/cis-hardening.8
|
5
debian/rules
vendored
5
debian/rules
vendored
@ -19,7 +19,7 @@ PACKAGE = $(shell dh_listpackages)
|
|||||||
override_dh_install:
|
override_dh_install:
|
||||||
dh_install
|
dh_install
|
||||||
mkdir -p $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
mkdir -p $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
||||||
cp README $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
cp README.md $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
||||||
cp -R bin $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
cp -R bin $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
||||||
# /!\ tag /opt/$(PACKAGE)/etc/conf.d/* as configuration files in conffiles
|
# /!\ tag /opt/$(PACKAGE)/etc/conf.d/* as configuration files in conffiles
|
||||||
# (ls | sort -V | xargs -i echo opt/cis-hardening/etc/conf.d/{} -- without README)
|
# (ls | sort -V | xargs -i echo opt/cis-hardening/etc/conf.d/{} -- without README)
|
||||||
@ -31,6 +31,5 @@ override_dh_install:
|
|||||||
|
|
||||||
override_dh_installdocs:
|
override_dh_installdocs:
|
||||||
dh_installdocs
|
dh_installdocs
|
||||||
gzip -c LICENSE > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/LICENSE.gz
|
gzip -c AUTHORS > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/AUTHORS.gz
|
||||||
gzip -c README > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/README.gz
|
|
||||||
gzip -c src/skel > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/skel.gz
|
gzip -c src/skel > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/skel.gz
|
||||||
|
2
src/skel.cfg
Normal file
2
src/skel.cfg
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
# Configuration for script of same name
|
||||||
|
status=disabled
|
Loading…
Reference in New Issue
Block a user