elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-07-15 21:32:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Change default status to audit for file with custom create_config

Browse Source
This commit is contained in:
Charles Herlin
2019-02-14 14:33:21 +01:00
parent d6172ad89e
commit 5f2803693e
15 changed files with 15 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/hardening/12.10_find_suid_files.sh
View File

@ -46,7 +46,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put Here your valid suid binaries so that they do not appear during the audit
EXCEPTIONS="/bin/mount /usr/bin/mount /bin/ping /usr/bin/ping /bin/ping6 /usr/bin/ping6 /bin/su /usr/bin/su /bin/umount /usr/bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
EOF