elie
/
debian-cis
mirror of https://github.com/ovh/debian-cis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: update Readme to clarify project usage (#223) 

fixes: #219
This commit is contained in:
GoldenKiwi 2023-12-26 09:57:15 +01:00 committed by GitHub
parent fb4df82fc4
commit 71019a5512
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
README.md
View File

@ -16,6 +16,9 @@
Modular Debian 10/11/12 security hardening scripts based on [cisecurity.org](https://www.cisecurity.org)
recommendations. We use it at [OVHcloud](https://www.ovhcloud.com) to harden our PCI-DSS infrastructure.
NB : Although Debian 12 CIS Hardening guide is still in development, we do use this set of scripts
in production at OVHcloud on Debian 12 Operating Systems.
```console
$ bin/hardening.sh --audit-all
[...]
@ -243,6 +246,20 @@ built a secure environment. While we use it at OVHcloud to harden our PCI-DSS co
infrastructure, we can not guarantee that it will work for you. It will not
magically secure any random host.
A word about numbering, implementation and sustainability over time of this repository:
This project is born with the Debian 7 distribution in 2016. Over time, CIS Benchmark PDF
has evolved, changing it's numbering, deleting obsolete checks.
In order to keep retro-compatiblity with the last maintained Debian, the numbering
has not been changed along with the PDF, because the configuration scripts are named after it.
Changing the numbering might break automation for admins using it for years, and handling
this issue without breaking anything would require a huge refactoring.
As a consequence, please do not worry about numbering, the checks are there,
but the numbering accross PDFs might differ.
Please also note that all the check inside CIS Benchmark PDF might not be implemented
in this set of scripts.
We did choose the most relevant to us at OVHcloud, do not hesitate to make a
Pull Request in order to add the missing script you might find relevant for you.
Additionally, quoting the License:
> THIS SOFTWARE IS PROVIDED BY OVH SAS AND CONTRIBUTORS ``AS IS'' AND ANY
@ -256,6 +273,7 @@ Additionally, quoting the License:
> (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
> SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
## :satellite: Reference
- **Center for Internet Security**: https://www.cisecurity.org/