Change default status to audit for file with custom create_config

This commit is contained in:
Charles Herlin 2019-02-14 14:33:21 +01:00
parent d6172ad89e
commit 5f2803693e
15 changed files with 15 additions and 15 deletions

View File

@ -76,7 +76,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put here your exceptions concerning admin accounts shells separated by spaces
EXCEPTIONS=""
EOF

View File

@ -46,7 +46,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put Here your valid suid binaries so that they do not appear during the audit
EXCEPTIONS="/bin/mount /usr/bin/mount /bin/ping /usr/bin/ping /bin/ping6 /usr/bin/ping6 /bin/su /usr/bin/su /bin/umount /usr/bin/umount /usr/bin/chfn /usr/bin/chsh /usr/bin/fping /usr/bin/fping6 /usr/bin/gpasswd /usr/bin/mtr /usr/bin/newgrp /usr/bin/passwd /usr/bin/sudo /usr/bin/sudoedit /usr/lib/openssh/ssh-keysign /usr/lib/pt_chown /usr/bin/at"
EOF

View File

@ -46,7 +46,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put here valid binaries with sgid enabled separated by spaces
EXCEPTIONS="/sbin/unix_chkpwd /usr/sbin/unix_chkpwd /usr/bin/bsd-write /usr/bin/chage /usr/bin/crontab /usr/bin/expiry /usr/bin/mutt_dotlock /usr/bin/screen /usr/bin/ssh-agent /usr/bin/wall /usr/sbin/postdrop /usr/sbin/postqueue /usr/bin/at /usr/bin/dotlockfile /usr/bin/mail-lock /usr/bin/mail-touchlock /usr/bin/mail-unlock"
EOF

View File

@ -53,7 +53,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put here valid UIDs for which multiple usernames are accepted
EXCEPTIONS=""
EOF

View File

@ -52,7 +52,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put here valid accounts with uid 0 separated by spaces
EXCEPTIONS=""
EOF

View File

@ -92,7 +92,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put here user home directories exceptions, separated by spaces
EXCEPTIONS=""
EOF

View File

@ -70,7 +70,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
SYSLOG_BASEDIR='/etc/syslog-ng'
EOF
}

View File

@ -41,7 +41,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
SYSLOG_BASEDIR='/etc/syslog-ng'
EOF
}

View File

@ -73,7 +73,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# In seconds, value of ClientAliveInterval, ClientAliveCountMax bedoing set to 0
# Settles sshd idle timeout
SSHD_TIMEOUT=900

View File

@ -74,7 +74,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put here ssh user hardening list, there is a default in script to not break your configuration
# However, it can erase current configuration
ALLOWED_USERS=''

View File

@ -70,7 +70,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put here banner file, defaults to /etc/issue.net
BANNER_FILE=""
EOF

View File

@ -69,7 +69,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put EXCEPTION account names here, space separated
EXCEPT="root %root %sudo %wheel"
EOF

View File

@ -85,7 +85,7 @@ create_config() {
fi
set -u
cat <<EOF
status=disabled
status=audit
# Put your KexAlgorithms
OPTIONS="KexAlgorithms=$KEX"
EOF

View File

@ -76,7 +76,7 @@ apply () {
# This function will create the config file for this check with default values
create_config() {
cat <<EOF
status=disabled
status=audit
# Put your MACs
OPTIONS="MACs=umac-128-etm@openssh.com,umac-64-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128@openssh.com,umac-64@openssh.com,hmac-sha2-512,hmac-sha2-256"
EOF

View File

@ -143,7 +143,7 @@ apply () {
create_config() {
cat <<EOF
status=disabled
status=audit
# Put authorized IPs you want to allow in "from" field of authorized_keys
ALLOWED_IPS=""
EOF