mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-22 02:33:42 +02:00
Debian package revision bump 1.0-4
This commit is contained in:
kevin.tanguy
8
debian/changelog
vendored
8
debian/changelog
vendored
@ -1,3 +1,11 @@
|
||||
cis-hardening (1.0-4) wheezy; urgency=low
|
||||
|
||||
* added AUTHORS file
|
||||
* s/README/README.md/ with more details
|
||||
* manpage extracted from README
|
||||
|
||||
-- Kevin Tanguy <kevin.tanguy@ovh.net> Thu, 21 Apr 2016 11:57:39 +0200
|
||||
|
||||
cis-hardening (1.0-3) wheezy; urgency=low
|
||||
|
||||
* add --audit-all option
|
||||
|
||||
154
debian/cis-hardening.8
vendored
Normal file
154
debian/cis-hardening.8
vendored
Normal file
@ -0,0 +1,154 @@
|
||||
.TH "CIS Debian 7 Hardening" 8 "OVH Group"
|
||||
.SH NAME
|
||||
cis-hardening - CIS Debian 7 Hardening
|
||||
.PP
|
||||
.SH DESCRIPTION
|
||||
.PP
|
||||
Modular Debian 7 security hardening scripts based on cisecurity.org \[la]cisecurity.org\[ra]
|
||||
recommendations. We use it at OVH \[la]https://ovh.com\[ra] to harden our PCI\-DSS infrastructure.
|
||||
.PP
|
||||
.RS
|
||||
.nf
|
||||
$ bin/hardening.sh \-\-audit\-all
|
||||
[...]
|
||||
hardening [INFO] Treating /opt/cis\-hardening/bin/hardening/13.15_check_duplicate_gid.sh
|
||||
13.15_check_duplicate_gid [INFO] Working on 13.15_check_duplicate_gid
|
||||
13.15_check_duplicate_gid [INFO] Checking Configuration
|
||||
13.15_check_duplicate_gid [INFO] Performing audit
|
||||
13.15_check_duplicate_gid [ OK ] No duplicate GIDs
|
||||
13.15_check_duplicate_gid [ OK ] Check Passed
|
||||
[...]
|
||||
################### SUMMARY ###################
|
||||
Total Available Checks : 191
|
||||
Total Runned Checks : 191
|
||||
Total Passed Checks : [ 170/191 ]
|
||||
Total Failed Checks : [ 21/191 ]
|
||||
Enabled Checks Percentage : 100.00 %
|
||||
Conformity Percentage : 89.01 %
|
||||
.fi
|
||||
.RE
|
||||
.SH Quickstart
|
||||
.PP
|
||||
.RS
|
||||
.nf
|
||||
$ git clone https://github.com/ovh/debian\-cis.git && cd debian\-cis
|
||||
$ cp debian/default /etc/default/cis_hardening
|
||||
$ bin/hardening/1.1_install_updates.sh \-\-audit\-all
|
||||
1.1_install_updates [INFO] Working on 1.1_install_updates
|
||||
1.1_install_updates [INFO] Checking Configuration
|
||||
1.1_install_updates [INFO] Performing audit
|
||||
1.1_install_updates [INFO] Checking if apt needs an update
|
||||
1.1_install_updates [INFO] Fetching upgrades ...
|
||||
1.1_install_updates [ OK ] No upgrades available
|
||||
1.1_install_updates [ OK ] Check Passed
|
||||
.fi
|
||||
.RE
|
||||
.SH Usage
|
||||
.SS Configuration
|
||||
.PP
|
||||
Hardening scripts are in \fB\fCbin/hardening\fR\&. Each script has a corresponding
|
||||
configuration file in \fB\fCetc/conf.d/[script_name].cfg\fR\&.
|
||||
.PP
|
||||
Each hardening script can be individually enabled from its configuration file.
|
||||
For example, this is the default configuration file for \fB\fCdisable_system_accounts\fR:
|
||||
.PP
|
||||
.RS
|
||||
.nf
|
||||
# Configuration for script of same name
|
||||
status=disabled
|
||||
# Put here your exceptions concerning admin accounts shells separated by spaces
|
||||
EXCEPTIONS=""
|
||||
.fi
|
||||
.RE
|
||||
.PP
|
||||
\fB\fCstatus\fR parameter may take 3 values:
|
||||
\fB\fCdisabled\fR (do nothing): The script will not run.
|
||||
\fB\fCaudit\fR (RO): The script will check if any change \fIshould\fP be applied.
|
||||
\fB\fCenabled\fR (RW): The script will check if any change should be done and automatically apply what it can.
|
||||
.PP
|
||||
Global configuration is in \fB\fCetc/hardening.cfg\fR\&. This file controls the log level
|
||||
as well as the backup directory. Whenever a script is instructed to edit a file, it
|
||||
will create a timestamped backup in this directory.
|
||||
.SS Run aka "Harden your distro"
|
||||
.PP
|
||||
To run the checks and apply the fixes, run \fB\fCbin/hardening.sh\fR\&.
|
||||
.PP
|
||||
This command has 2 main operation modes:
|
||||
\fB\fC\-\-audit\fR: Audit your system with all enabled and audit mode scripts
|
||||
\fB\fC\-\-apply\fR: Audit your system with all enabled and audit mode scripts and apply changes for enabled scripts
|
||||
.PP
|
||||
Additionally, \fB\fC\-\-audit\-all\fR can be used to force running all auditing scripts,
|
||||
including disabled ones. this will \fInot\fP change the system.
|
||||
.PP
|
||||
\fB\fC\-\-audit\-all\-enable\-passed\fR can be used as a quick way to kickstart your
|
||||
configuration. It will run all scripts in audit mode. If a script passes,
|
||||
it will automatically be enabled for future runs. Do NOT use this option
|
||||
if you have already started to customize your configuration.
|
||||
.SH Hacking
|
||||
.PP
|
||||
\fBGetting the source\fP
|
||||
.PP
|
||||
.RS
|
||||
.nf
|
||||
$ git clone https://github.com/ovh/debian\-cis.git
|
||||
.fi
|
||||
.RE
|
||||
.PP
|
||||
\fBBuilding a debian Package\fP (the hacky way)
|
||||
.PP
|
||||
.RS
|
||||
.nf
|
||||
$ debuild \-us \-uc
|
||||
.fi
|
||||
.RE
|
||||
.PP
|
||||
\fBAdding a custom hardening script\fP
|
||||
.PP
|
||||
.RS
|
||||
.nf
|
||||
$ cp src/skel bin/hardening/99.99_custom_script.sh
|
||||
$ chmod +x bin/hardening/99.99_custom_script.sh
|
||||
$ cp src/skel.cfg etc/conf.d/99.99_custom_script.cfg
|
||||
.fi
|
||||
.RE
|
||||
.PP
|
||||
Code your check explaining what it does then if you want to test
|
||||
.PP
|
||||
.RS
|
||||
.nf
|
||||
$ sed \-i "s/status=.+/status=enabled/" etc/conf.d/99.99_custom_script.cfg
|
||||
$ ./bin/hardening/99.99_custom_script.sh
|
||||
.fi
|
||||
.RE
|
||||
.SH Disclaimer
|
||||
.PP
|
||||
This project is a set of tools. They are meant to help the system administrator
|
||||
built a secure environment. While we use it at OVH to harden our PCI\-DSS compliant
|
||||
infrastructure, we can not guarantee that it will work for you. It will not
|
||||
magically secure any random host.
|
||||
.PP
|
||||
Additionally, quoting the License:
|
||||
.PP
|
||||
.RS
|
||||
THIS SOFTWARE IS PROVIDED BY OVH SAS AND CONTRIBUTORS ``AS IS'' AND ANY
|
||||
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
||||
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
DISCLAIMED. IN NO EVENT SHALL OVH SAS AND CONTRIBUTORS BE LIABLE FOR ANY
|
||||
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
||||
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.RE
|
||||
.SH Reference
|
||||
.PP
|
||||
.RS
|
||||
.nf
|
||||
**Center for Internet Security**: https://www.cisecurity.org/
|
||||
**CIS recommendations**: https://benchmarks.cisecurity.org/downloads/show\-single/index.cfm?file=debian7.100
|
||||
.fi
|
||||
.RE
|
||||
.SH License
|
||||
.PP
|
||||
3\-Clause BSD
|
||||
382
debian/conffiles
vendored
382
debian/conffiles
vendored
@ -1,191 +1,191 @@
|
||||
opt/cis-hardening/etc/conf.d/1.1_install_updates.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.1_tmp_partition.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.2_tmp_nodev.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.3_tmp_nosuid.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.4_tmp_noexec.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.5_var_partition.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.6.1_var_tmp_partition.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.6.2_var_tmp_nodev.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.6.3_var_tmp_nosuid.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.6.4_var_tmp_noexec.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.7_var_log_partition.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.8_var_log_audit_partition.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.9_home_partition.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.10_home_nodev.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.11_removable_device_nodev.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.12_removable_device_noexec.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.13_removable_device_nosuid.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.14_run_shm_nodev.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.15_run_shm_nosuid.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.16_run_shm_noexec.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.17_sticky_bit_world_writable_folder.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.18_disable_cramfs.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.19_disable_freevxfs.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.20_disable_jffs2.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.21_disable_hfs.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.22_disable_hfsplus.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.23_disable_squashfs.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.24_disable_udf.cfg
|
||||
opt/cis-hardening/etc/conf.d/2.25_disable_automounting.cfg
|
||||
opt/cis-hardening/etc/conf.d/3.1_bootloader_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/3.2_bootloader_permissions.cfg
|
||||
opt/cis-hardening/etc/conf.d/3.3_bootloader_password.cfg
|
||||
opt/cis-hardening/etc/conf.d/3.4_root_password.cfg
|
||||
opt/cis-hardening/etc/conf.d/4.1_restrict_core_dumps.cfg
|
||||
opt/cis-hardening/etc/conf.d/4.2_enable_nx_support.cfg
|
||||
opt/cis-hardening/etc/conf.d/4.3_enable_randomized_vm_placement.cfg
|
||||
opt/cis-hardening/etc/conf.d/4.4_disable_prelink.cfg
|
||||
opt/cis-hardening/etc/conf.d/4.5_enable_apparmor.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.1.1_disable_nis.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.1.2_disable_rsh.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.1.3_disable_rsh_client.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.1.4_disable_talk.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.1.5_disable_talk_client.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.1.6_disable_telnet_server.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.1.7_disable_tftp_server.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.1.8_disable_inetd.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.2_disable_chargen.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.3_disable_daytime.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.4_disable_echo.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.5_disable_discard.cfg
|
||||
opt/cis-hardening/etc/conf.d/5.6_disable_time.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.1_disable_xwindow_system.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.2_disable_avahi_server.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.3_disable_print_server.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.4_disable_dhcp.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.5_configure_ntp.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.6_disable_ldap.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.7_disable_nfs_rpc.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.8_disable_dns_server.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.9_disable_ftp.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.10_disable_http_server.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.11_disable_imap_pop.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.12_disable_samba.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.13_disable_http_proxy.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.14_disable_snmp_server.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.15_mta_localhost.cfg
|
||||
opt/cis-hardening/etc/conf.d/6.16_disable_rsync.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.1.1_disable_ip_forwarding.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.1.2_disable_send_packet_redirects.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.2.1_disable_source_routed_packets.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.2.2_disable_icmp_redirect.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.2.3_disable_secure_icmp_redirect.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.2.4_log_martian_packets.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.2.5_ignore_broadcast_requests.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.2.6_enable_bad_error_message_protection.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.2.7_enable_source_route_validation.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.2.8_enable_tcp_syn_cookies.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.3.1_disable_ipv6_router_advertisement.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.3.2_disable_ipv6_redirect.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.3.3_disable_ipv6.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.4.1_install_tcp_wrapper.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.4.2_hosts_allow.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.4.3_hosts_allow_permissions.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.4.4_hosts_deny.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.4.5_hosts_deny_permissions.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.5.1_disable_dccp.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.5.2_disable_sctp.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.5.3_disable_rds.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.5.4_disable_tipc.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.6_disable_wireless.cfg
|
||||
opt/cis-hardening/etc/conf.d/7.7_enable_firewall.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.0_enable_auditd_kernel.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.1.1_audit_log_storage.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.1.2_halt_when_audit_log_full.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.1.3_keep_all_audit_logs.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.2_enable_auditd.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.3_audit_bootloader.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.4_record_date_time_edit.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.5_record_user_group_edit.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.6_record_network_edit.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.7_record_mac_edit.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.8_record_login_logout.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.9_record_session_init.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.10_record_dac_edit.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.11_record_failed_access_file.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.12_record_privileged_commands.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.13_record_successful_mount.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.14_record_file_deletions.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.15_record_sudoers_edit.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.16_record_sudo_usage.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.17_record_kernel_modules.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.1.18_freeze_auditd_conf.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.2.1_install_syslog-ng.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.2.2_enable_syslog-ng.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.2.3_configure_syslog-ng.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.2.4_set_logfile_perm.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.2.6_remote_syslog-ng_acl.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.3.1_install_tripwire.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.3.2_tripwire_cron.cfg
|
||||
opt/cis-hardening/etc/conf.d/8.4_configure_logrotate.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.1.1_enable_cron.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.1.2_crontab_perm_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.1.3_cron_hourly_perm_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.1.4_cron_daily_perm_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.1.5_cron_weekly_perm_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.1.6_cron_monthly_perm_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.1.7_cron_d_perm_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.1.8_cron_users.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.2.1_enable_cracklib.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.2.3_limit_password_reuse.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.1_sshd_protocol.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.2_sshd_loglevel.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.4_disable_x11_forwarding.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.5_sshd_maxauthtries.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.8_disable_root_login.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.10_disable_sshd_setenv.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.11_sshd_ciphers.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.12_sshd_idle_timeout.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.13_sshd_limit_access.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.3.14_ssh_banner.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.4_secure_tty.cfg
|
||||
opt/cis-hardening/etc/conf.d/9.5_restrict_su.cfg
|
||||
opt/cis-hardening/etc/conf.d/10.1.1_set_password_exp_days.cfg
|
||||
opt/cis-hardening/etc/conf.d/10.1.2_set_password_min_days_change.cfg
|
||||
opt/cis-hardening/etc/conf.d/10.1.3_set_password_exp_warning_days.cfg
|
||||
opt/cis-hardening/etc/conf.d/10.2_disable_system_accounts.cfg
|
||||
opt/cis-hardening/etc/conf.d/10.3_default_root_group.cfg
|
||||
opt/cis-hardening/etc/conf.d/10.4_default_umask.cfg
|
||||
opt/cis-hardening/etc/conf.d/10.5_lock_inactive_user_account.cfg
|
||||
opt/cis-hardening/etc/conf.d/11.1_warning_banners.cfg
|
||||
opt/cis-hardening/etc/conf.d/11.2_remove_os_info_warning_banners.cfg
|
||||
opt/cis-hardening/etc/conf.d/11.3_graphical_warning_banners.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.1_etc_passwd_permissions.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.2_etc_shadow_permissions.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.3_etc_group_permissions.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.4_etc_passwd_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.5_etc_shadow_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.6_etc_group_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.7_find_world_writable_file.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.8_find_unowned_files.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.9_find_ungrouped_files.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.10_find_suid_files.cfg
|
||||
opt/cis-hardening/etc/conf.d/12.11_find_sgid_files.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.1_remove_empty_password_field.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.2_remove_legacy_passwd_entries.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.3_remove_legacy_shadow_entries.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.4_remove_legacy_group_entries.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.5_find_0_uid_non_root_account.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.6_sanitize_root_path.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.7_check_user_dir_perm.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.8_check_user_dot_file_perm.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.9_set_perm_on_user_netrc.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.10_find_user_rhosts_files.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.11_find_passwd_group_inconsistencies.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.12_users_valid_homedir.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.13_check_user_homedir_ownership.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.14_check_duplicate_uid.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.15_check_duplicate_gid.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.16_check_duplicate_username.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.17_check_duplicate_groupname.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.18_find_user_netrc_files.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.19_find_user_forward_files.cfg
|
||||
opt/cis-hardening/etc/conf.d/13.20_shadow_group_empty.cfg
|
||||
opt/cis-hardening/etc/conf.d/99.1_timeout_tty.cfg
|
||||
opt/cis-hardening/etc/conf.d/99.2_disable_usb_devices.cfg
|
||||
/opt/cis-hardening/etc/conf.d/1.1_install_updates.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.1_tmp_partition.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.2_tmp_nodev.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.3_tmp_nosuid.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.4_tmp_noexec.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.5_var_partition.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.6.1_var_tmp_partition.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.6.2_var_tmp_nodev.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.6.3_var_tmp_nosuid.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.6.4_var_tmp_noexec.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.7_var_log_partition.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.8_var_log_audit_partition.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.9_home_partition.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.10_home_nodev.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.11_removable_device_nodev.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.12_removable_device_noexec.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.13_removable_device_nosuid.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.14_run_shm_nodev.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.15_run_shm_nosuid.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.16_run_shm_noexec.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.17_sticky_bit_world_writable_folder.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.18_disable_cramfs.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.19_disable_freevxfs.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.20_disable_jffs2.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.21_disable_hfs.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.22_disable_hfsplus.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.23_disable_squashfs.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.24_disable_udf.cfg
|
||||
/opt/cis-hardening/etc/conf.d/2.25_disable_automounting.cfg
|
||||
/opt/cis-hardening/etc/conf.d/3.1_bootloader_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/3.2_bootloader_permissions.cfg
|
||||
/opt/cis-hardening/etc/conf.d/3.3_bootloader_password.cfg
|
||||
/opt/cis-hardening/etc/conf.d/3.4_root_password.cfg
|
||||
/opt/cis-hardening/etc/conf.d/4.1_restrict_core_dumps.cfg
|
||||
/opt/cis-hardening/etc/conf.d/4.2_enable_nx_support.cfg
|
||||
/opt/cis-hardening/etc/conf.d/4.3_enable_randomized_vm_placement.cfg
|
||||
/opt/cis-hardening/etc/conf.d/4.4_disable_prelink.cfg
|
||||
/opt/cis-hardening/etc/conf.d/4.5_enable_apparmor.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.1.1_disable_nis.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.1.2_disable_rsh.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.1.3_disable_rsh_client.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.1.4_disable_talk.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.1.5_disable_talk_client.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.1.6_disable_telnet_server.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.1.7_disable_tftp_server.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.1.8_disable_inetd.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.2_disable_chargen.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.3_disable_daytime.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.4_disable_echo.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.5_disable_discard.cfg
|
||||
/opt/cis-hardening/etc/conf.d/5.6_disable_time.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.1_disable_xwindow_system.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.2_disable_avahi_server.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.3_disable_print_server.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.4_disable_dhcp.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.5_configure_ntp.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.6_disable_ldap.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.7_disable_nfs_rpc.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.8_disable_dns_server.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.9_disable_ftp.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.10_disable_http_server.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.11_disable_imap_pop.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.12_disable_samba.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.13_disable_http_proxy.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.14_disable_snmp_server.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.15_mta_localhost.cfg
|
||||
/opt/cis-hardening/etc/conf.d/6.16_disable_rsync.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.1.1_disable_ip_forwarding.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.1.2_disable_send_packet_redirects.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.2.1_disable_source_routed_packets.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.2.2_disable_icmp_redirect.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.2.3_disable_secure_icmp_redirect.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.2.4_log_martian_packets.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.2.5_ignore_broadcast_requests.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.2.6_enable_bad_error_message_protection.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.2.7_enable_source_route_validation.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.2.8_enable_tcp_syn_cookies.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.3.1_disable_ipv6_router_advertisement.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.3.2_disable_ipv6_redirect.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.3.3_disable_ipv6.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.4.1_install_tcp_wrapper.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.4.2_hosts_allow.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.4.3_hosts_allow_permissions.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.4.4_hosts_deny.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.4.5_hosts_deny_permissions.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.5.1_disable_dccp.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.5.2_disable_sctp.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.5.3_disable_rds.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.5.4_disable_tipc.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.6_disable_wireless.cfg
|
||||
/opt/cis-hardening/etc/conf.d/7.7_enable_firewall.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.0_enable_auditd_kernel.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.1.1_audit_log_storage.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.1.2_halt_when_audit_log_full.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.1.3_keep_all_audit_logs.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.2_enable_auditd.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.3_audit_bootloader.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.4_record_date_time_edit.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.5_record_user_group_edit.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.6_record_network_edit.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.7_record_mac_edit.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.8_record_login_logout.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.9_record_session_init.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.10_record_dac_edit.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.11_record_failed_access_file.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.12_record_privileged_commands.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.13_record_successful_mount.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.14_record_file_deletions.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.15_record_sudoers_edit.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.16_record_sudo_usage.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.17_record_kernel_modules.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.1.18_freeze_auditd_conf.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.2.1_install_syslog-ng.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.2.2_enable_syslog-ng.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.2.3_configure_syslog-ng.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.2.4_set_logfile_perm.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.2.6_remote_syslog-ng_acl.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.3.1_install_tripwire.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.3.2_tripwire_cron.cfg
|
||||
/opt/cis-hardening/etc/conf.d/8.4_configure_logrotate.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.1.1_enable_cron.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.1.2_crontab_perm_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.1.3_cron_hourly_perm_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.1.4_cron_daily_perm_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.1.5_cron_weekly_perm_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.1.6_cron_monthly_perm_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.1.7_cron_d_perm_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.1.8_cron_users.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.2.1_enable_cracklib.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.2.2_enable_lockout_failed_password.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.2.3_limit_password_reuse.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.1_sshd_protocol.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.2_sshd_loglevel.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.3_sshd_conf_perm_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.4_disable_x11_forwarding.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.5_sshd_maxauthtries.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.6_enable_sshd_ignorerhosts.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.7_disable_sshd_hostbasedauthentication.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.8_disable_root_login.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.9_disable_sshd_permitemptypasswords.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.10_disable_sshd_setenv.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.11_sshd_ciphers.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.12_sshd_idle_timeout.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.13_sshd_limit_access.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.3.14_ssh_banner.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.4_secure_tty.cfg
|
||||
/opt/cis-hardening/etc/conf.d/9.5_restrict_su.cfg
|
||||
/opt/cis-hardening/etc/conf.d/10.1.1_set_password_exp_days.cfg
|
||||
/opt/cis-hardening/etc/conf.d/10.1.2_set_password_min_days_change.cfg
|
||||
/opt/cis-hardening/etc/conf.d/10.1.3_set_password_exp_warning_days.cfg
|
||||
/opt/cis-hardening/etc/conf.d/10.2_disable_system_accounts.cfg
|
||||
/opt/cis-hardening/etc/conf.d/10.3_default_root_group.cfg
|
||||
/opt/cis-hardening/etc/conf.d/10.4_default_umask.cfg
|
||||
/opt/cis-hardening/etc/conf.d/10.5_lock_inactive_user_account.cfg
|
||||
/opt/cis-hardening/etc/conf.d/11.1_warning_banners.cfg
|
||||
/opt/cis-hardening/etc/conf.d/11.2_remove_os_info_warning_banners.cfg
|
||||
/opt/cis-hardening/etc/conf.d/11.3_graphical_warning_banners.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.1_etc_passwd_permissions.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.2_etc_shadow_permissions.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.3_etc_group_permissions.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.4_etc_passwd_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.5_etc_shadow_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.6_etc_group_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.7_find_world_writable_file.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.8_find_unowned_files.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.9_find_ungrouped_files.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.10_find_suid_files.cfg
|
||||
/opt/cis-hardening/etc/conf.d/12.11_find_sgid_files.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.1_remove_empty_password_field.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.2_remove_legacy_passwd_entries.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.3_remove_legacy_shadow_entries.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.4_remove_legacy_group_entries.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.5_find_0_uid_non_root_account.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.6_sanitize_root_path.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.7_check_user_dir_perm.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.8_check_user_dot_file_perm.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.9_set_perm_on_user_netrc.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.10_find_user_rhosts_files.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.11_find_passwd_group_inconsistencies.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.12_users_valid_homedir.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.13_check_user_homedir_ownership.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.14_check_duplicate_uid.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.15_check_duplicate_gid.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.16_check_duplicate_username.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.17_check_duplicate_groupname.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.18_find_user_netrc_files.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.19_find_user_forward_files.cfg
|
||||
/opt/cis-hardening/etc/conf.d/13.20_shadow_group_empty.cfg
|
||||
/opt/cis-hardening/etc/conf.d/99.1_timeout_tty.cfg
|
||||
/opt/cis-hardening/etc/conf.d/99.2_disable_usb_devices.cfg
|
||||
|
||||
8
debian/control
vendored
8
debian/control
vendored
@ -1,15 +1,17 @@
|
||||
Source: cis-hardening
|
||||
Section: ovh
|
||||
Section: admin
|
||||
Priority: extra
|
||||
Maintainer: Kevin Tanguy <kevin.tanguy@ovh.net>
|
||||
Build-Depends: debhelper (>= 8.0.0)
|
||||
Standards-Version: 3.9.3
|
||||
Homepage: https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=debian7.100
|
||||
Vcs-Git: git@github.com:ovh/debian-cis.git
|
||||
Vcs-Git: https://github.com/ovh/debian-cis.git
|
||||
Vcs-Browser: https://github.com/ovh/debian-cis/
|
||||
|
||||
Package: cis-hardening
|
||||
Architecture: all
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||
Description: Suite of configurable scripts to audit or harden a Debian Wheezy.
|
||||
|
||||
Modular Debian 7 security hardening scripts based on cisecurity.org
|
||||
⟨cisecurity.org⟩ recommendations. We use it at OVH ⟨https://ovh.com⟩ to
|
||||
harden our PCI-DSS infrastructure.
|
||||
|
||||
1
debian/copyright
vendored
Symbolic link
1
debian/copyright
vendored
Symbolic link
@ -0,0 +1 @@
|
||||
../LICENSE
|
||||
1
debian/lintian-overrides
vendored
Normal file
1
debian/lintian-overrides
vendored
Normal file
@ -0,0 +1 @@
|
||||
cis-hardening binary: non-etc-file-marked-as-conffile
|
||||
1
debian/manpages
vendored
Normal file
1
debian/manpages
vendored
Normal file
@ -0,0 +1 @@
|
||||
debian/cis-hardening.8
|
||||
5
debian/rules
vendored
5
debian/rules
vendored
@ -19,7 +19,7 @@ PACKAGE = $(shell dh_listpackages)
|
||||
override_dh_install:
|
||||
dh_install
|
||||
mkdir -p $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
||||
cp README $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
||||
cp README.md $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
||||
cp -R bin $(CURDIR)/debian/$(PACKAGE)/opt/$(PACKAGE)/
|
||||
# /!\ tag /opt/$(PACKAGE)/etc/conf.d/* as configuration files in conffiles
|
||||
# (ls | sort -V | xargs -i echo opt/cis-hardening/etc/conf.d/{} -- without README)
|
||||
@ -31,6 +31,5 @@ override_dh_install:
|
||||
|
||||
override_dh_installdocs:
|
||||
dh_installdocs
|
||||
gzip -c LICENSE > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/LICENSE.gz
|
||||
gzip -c README > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/README.gz
|
||||
gzip -c AUTHORS > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/AUTHORS.gz
|
||||
gzip -c src/skel > $(CURDIR)/debian/$(PACKAGE)/usr/share/doc/$(PACKAGE)/skel.gz
|
||||
|
||||
Reference in New Issue
Block a user