mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-26 07:21:22 +01:00
Change default status to audit for file with custom create_config
This commit is contained in:
parent
d6172ad89e
commit
5f2803693e
@ -76,7 +76,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put here your exceptions concerning admin accounts shells separated by spaces
|
# Put here your exceptions concerning admin accounts shells separated by spaces
|
||||||
EXCEPTIONS=""
|
EXCEPTIONS=""
|
||||||
EOF
|
EOF
|
||||||
|
@ -46,7 +46,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put Here your valid suid binaries so that they do not appear during the audit
|
# Put Here your valid suid binaries so that they do not appear during the audit
|
||||||
EXCEPTIONS="/bin/mount /usr/bin/mount /bin/ping /usr/bin/ping /bin/ping6 /usr/bin/ping6 /bin/su /usr/bin/su /bin/umount /usr/bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
|
EXCEPTIONS="/bin/mount /usr/bin/mount /bin/ping /usr/bin/ping /bin/ping6 /usr/bin/ping6 /bin/su /usr/bin/su /bin/umount /usr/bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
|
||||||
EOF
|
EOF
|
||||||
|
@ -46,7 +46,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put here valid binaries with sgid enabled separated by spaces
|
# Put here valid binaries with sgid enabled separated by spaces
|
||||||
EXCEPTIONS="/sbin/unix_chkpwd /usr/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/mutt_dotlock /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/sbin/postdrop /usr/sbin/postqueue /usr/bin/at /usr/bin/dotlockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock"
|
EXCEPTIONS="/sbin/unix_chkpwd /usr/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/mutt_dotlock /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/sbin/postdrop /usr/sbin/postqueue /usr/bin/at /usr/bin/dotlockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock"
|
||||||
EOF
|
EOF
|
||||||
|
@ -53,7 +53,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put here valid UIDs for which multiple usernames are accepted
|
# Put here valid UIDs for which multiple usernames are accepted
|
||||||
EXCEPTIONS=""
|
EXCEPTIONS=""
|
||||||
EOF
|
EOF
|
||||||
|
@ -52,7 +52,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put here valid accounts with uid 0 separated by spaces
|
# Put here valid accounts with uid 0 separated by spaces
|
||||||
EXCEPTIONS=""
|
EXCEPTIONS=""
|
||||||
EOF
|
EOF
|
||||||
|
@ -92,7 +92,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put here user home directories exceptions, separated by spaces
|
# Put here user home directories exceptions, separated by spaces
|
||||||
EXCEPTIONS=""
|
EXCEPTIONS=""
|
||||||
EOF
|
EOF
|
||||||
|
@ -70,7 +70,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
SYSLOG_BASEDIR='/etc/syslog-ng'
|
SYSLOG_BASEDIR='/etc/syslog-ng'
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
@ -41,7 +41,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
SYSLOG_BASEDIR='/etc/syslog-ng'
|
SYSLOG_BASEDIR='/etc/syslog-ng'
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
@ -73,7 +73,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
|
# In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
|
||||||
# Settles sshd idle timeout
|
# Settles sshd idle timeout
|
||||||
SSHD_TIMEOUT=900
|
SSHD_TIMEOUT=900
|
||||||
|
@ -74,7 +74,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put here ssh user hardening list, there is a default in script to not break your configuration
|
# Put here ssh user hardening list, there is a default in script to not break your configuration
|
||||||
# However, it can erase current configuration
|
# However, it can erase current configuration
|
||||||
ALLOWED_USERS=''
|
ALLOWED_USERS=''
|
||||||
|
@ -70,7 +70,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put here banner file, defaults to /etc/issue.net
|
# Put here banner file, defaults to /etc/issue.net
|
||||||
BANNER_FILE=""
|
BANNER_FILE=""
|
||||||
EOF
|
EOF
|
||||||
|
@ -69,7 +69,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put EXCEPTION account names here, space separated
|
# Put EXCEPTION account names here, space separated
|
||||||
EXCEPT="root %root %sudo %wheel"
|
EXCEPT="root %root %sudo %wheel"
|
||||||
EOF
|
EOF
|
||||||
|
@ -85,7 +85,7 @@ create_config() {
|
|||||||
fi
|
fi
|
||||||
set -u
|
set -u
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put your KexAlgorithms
|
# Put your KexAlgorithms
|
||||||
OPTIONS="KexAlgorithms=$KEX"
|
OPTIONS="KexAlgorithms=$KEX"
|
||||||
EOF
|
EOF
|
||||||
|
@ -76,7 +76,7 @@ apply () {
|
|||||||
# This function will create the config file for this check with default values
|
# This function will create the config file for this check with default values
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put your MACs
|
# Put your MACs
|
||||||
OPTIONS="MACs=umac-128-etm@openssh.com,umac-64-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128@openssh.com,umac-64@openssh.com,hmac-sha2-512,hmac-sha2-256"
|
OPTIONS="MACs=umac-128-etm@openssh.com,umac-64-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128@openssh.com,umac-64@openssh.com,hmac-sha2-512,hmac-sha2-256"
|
||||||
EOF
|
EOF
|
||||||
|
@ -143,7 +143,7 @@ apply () {
|
|||||||
|
|
||||||
create_config() {
|
create_config() {
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
status=disabled
|
status=audit
|
||||||
# Put authorized IPs you want to allow in "from" field of authorized_keys
|
# Put authorized IPs you want to allow in "from" field of authorized_keys
|
||||||
ALLOWED_IPS=""
|
ALLOWED_IPS=""
|
||||||
EOF
|
EOF
|
||||||
|
Loading…
Reference in New Issue
Block a user