From 8b8547dc7de9e91c481e43f7cc0ae8055e6d57a1 Mon Sep 17 00:00:00 2001 From: "thibault.dewailly" Date: Wed, 13 Apr 2016 14:12:57 +0200 Subject: [PATCH] 6.16_disable_rsync.sh --- bin/hardening/1.1_install_updates.sh | 1 + bin/hardening/2.10_home_nodev.sh | 1 + bin/hardening/2.11_removable_device_nodev.sh | 1 + bin/hardening/2.12_removable_device_noexec.sh | 1 + bin/hardening/2.13_removable_device_nosuid.sh | 1 + bin/hardening/2.14_run_shm_nodev.sh | 1 + bin/hardening/2.15_run_shm_nosuid.sh | 1 + bin/hardening/2.16_run_shm_noexec.sh | 1 + .../2.17_sticky_bit_world_writable_folder.sh | 1 + bin/hardening/2.18_disable_cramfs.sh | 1 + bin/hardening/2.19_disable_freevxfs.sh | 1 + bin/hardening/2.1_tmp_partition.sh | 1 + bin/hardening/2.20_disable_jffs2.sh | 1 + bin/hardening/2.21_disable_hfs.sh | 1 + bin/hardening/2.22_disable_hfsplus.sh | 1 + bin/hardening/2.23_disable_squashfs.sh | 1 + bin/hardening/2.24_disable_udf.sh | 1 + bin/hardening/2.25_disable_automounting.sh | 1 + bin/hardening/2.2_tmp_nodev.sh | 1 + bin/hardening/2.3_tmp_nosuid.sh | 1 + bin/hardening/2.4_tmp_noexec.sh | 1 + bin/hardening/2.5_var_partition.sh | 1 + bin/hardening/2.6.1_var_tmp_partition.sh | 1 + bin/hardening/2.6.2_var_tmp_nodev.sh | 1 + bin/hardening/2.6.3_var_tmp_nosuid.sh | 1 + bin/hardening/2.6.4_var_tmp_noexec.sh | 1 + bin/hardening/2.7_var_log_partition.sh | 1 + bin/hardening/2.8_var_log_audit_partition.sh | 1 + bin/hardening/2.9_home_partition.sh | 1 + bin/hardening/3.1_bootloader_ownership.sh | 1 + bin/hardening/3.2_bootloader_permissions.sh | 1 + bin/hardening/3.3_bootloader_password.sh | 1 + bin/hardening/3.4_root_password.sh | 1 + bin/hardening/4.1_restrict_core_dumps.sh | 1 + bin/hardening/4.2_enable_nx_support.sh | 1 + .../4.3_enable_randomized_vm_placement.sh | 1 + bin/hardening/4.4_disable_prelink.sh | 1 + bin/hardening/4.5_enable_apparmor.sh | 1 + bin/hardening/5.1.1_disable_nis.sh | 1 + bin/hardening/5.1.2_disable_rsh.sh | 1 + bin/hardening/5.1.3_disable_rsh_client.sh | 1 + bin/hardening/5.1.4_disable_talk.sh | 1 + bin/hardening/5.1.5_disable_talk_client.sh | 1 + bin/hardening/5.1.6_disable_telnet_server.sh | 1 + bin/hardening/5.1.7_disable_tftp_server.sh | 1 + bin/hardening/5.1.8_disable_inetd.sh | 1 + bin/hardening/5.2_disable_chargen.sh | 1 + bin/hardening/5.3_disable_daytime.sh | 1 + bin/hardening/5.4_disable_echo.sh | 1 + bin/hardening/5.5_disable_discard.sh | 1 + bin/hardening/5.6_disable_time.sh | 1 + bin/hardening/6.10_disable_http_server.sh | 1 + bin/hardening/6.11_disable_imap_pop.sh | 1 + bin/hardening/6.12_disable_samba.sh | 1 + bin/hardening/6.13_diable_http_proxy.sh | 1 + bin/hardening/6.14_disable_snmp_server.sh | 1 + bin/hardening/6.15_mta_localhost.sh | 1 + bin/hardening/6.16_disable_rsync.sh | 71 +++++++++++++++++++ bin/hardening/6.1_disable_xwindow_system.sh | 1 + bin/hardening/6.2_disable_avahi_server.sh | 1 + bin/hardening/6.3_disable_print_server.sh | 1 + bin/hardening/6.4_disable_dhcp.sh | 1 + bin/hardening/6.5_configure_ntp.sh | 1 + bin/hardening/6.6_diable_ldap.sh | 1 + bin/hardening/6.7_disable_nfs_rpc.sh | 1 + bin/hardening/6.8_disable_dns_server.sh | 1 + bin/hardening/6.9_disable_ftp.sh | 1 + etc/conf.d/6.16_disable_rsync.cfg | 2 + lib/utils.sh | 12 ++++ 69 files changed, 151 insertions(+) create mode 100755 bin/hardening/6.16_disable_rsync.sh create mode 100644 etc/conf.d/6.16_disable_rsync.cfg diff --git a/bin/hardening/1.1_install_updates.sh b/bin/hardening/1.1_install_updates.sh index 70f720f..3dd2bb7 100755 --- a/bin/hardening/1.1_install_updates.sh +++ b/bin/hardening/1.1_install_updates.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.10_home_nodev.sh b/bin/hardening/2.10_home_nodev.sh index 1c8a414..75a36ed 100755 --- a/bin/hardening/2.10_home_nodev.sh +++ b/bin/hardening/2.10_home_nodev.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.11_removable_device_nodev.sh b/bin/hardening/2.11_removable_device_nodev.sh index 010a432..6015175 100755 --- a/bin/hardening/2.11_removable_device_nodev.sh +++ b/bin/hardening/2.11_removable_device_nodev.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.12_removable_device_noexec.sh b/bin/hardening/2.12_removable_device_noexec.sh index 1258880..15d64db 100755 --- a/bin/hardening/2.12_removable_device_noexec.sh +++ b/bin/hardening/2.12_removable_device_noexec.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.13_removable_device_nosuid.sh b/bin/hardening/2.13_removable_device_nosuid.sh index 351d94b..6c64b41 100755 --- a/bin/hardening/2.13_removable_device_nosuid.sh +++ b/bin/hardening/2.13_removable_device_nosuid.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.14_run_shm_nodev.sh b/bin/hardening/2.14_run_shm_nodev.sh index d58d354..5759c2d 100755 --- a/bin/hardening/2.14_run_shm_nodev.sh +++ b/bin/hardening/2.14_run_shm_nodev.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.15_run_shm_nosuid.sh b/bin/hardening/2.15_run_shm_nosuid.sh index 451944a..d5944eb 100755 --- a/bin/hardening/2.15_run_shm_nosuid.sh +++ b/bin/hardening/2.15_run_shm_nosuid.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.16_run_shm_noexec.sh b/bin/hardening/2.16_run_shm_noexec.sh index 9f111b5..3f94baf 100755 --- a/bin/hardening/2.16_run_shm_noexec.sh +++ b/bin/hardening/2.16_run_shm_noexec.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh b/bin/hardening/2.17_sticky_bit_world_writable_folder.sh index 0183a36..6fbf176 100755 --- a/bin/hardening/2.17_sticky_bit_world_writable_folder.sh +++ b/bin/hardening/2.17_sticky_bit_world_writable_folder.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.18_disable_cramfs.sh b/bin/hardening/2.18_disable_cramfs.sh index e9df2c1..c937dd8 100755 --- a/bin/hardening/2.18_disable_cramfs.sh +++ b/bin/hardening/2.18_disable_cramfs.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.19_disable_freevxfs.sh b/bin/hardening/2.19_disable_freevxfs.sh index 0d43421..a662581 100755 --- a/bin/hardening/2.19_disable_freevxfs.sh +++ b/bin/hardening/2.19_disable_freevxfs.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.1_tmp_partition.sh b/bin/hardening/2.1_tmp_partition.sh index f2b5469..5161cec 100755 --- a/bin/hardening/2.1_tmp_partition.sh +++ b/bin/hardening/2.1_tmp_partition.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.20_disable_jffs2.sh b/bin/hardening/2.20_disable_jffs2.sh index c892e96..128ed16 100755 --- a/bin/hardening/2.20_disable_jffs2.sh +++ b/bin/hardening/2.20_disable_jffs2.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.21_disable_hfs.sh b/bin/hardening/2.21_disable_hfs.sh index 073e539..dc1c1d3 100755 --- a/bin/hardening/2.21_disable_hfs.sh +++ b/bin/hardening/2.21_disable_hfs.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.22_disable_hfsplus.sh b/bin/hardening/2.22_disable_hfsplus.sh index 81d47bf..3daea0d 100755 --- a/bin/hardening/2.22_disable_hfsplus.sh +++ b/bin/hardening/2.22_disable_hfsplus.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.23_disable_squashfs.sh b/bin/hardening/2.23_disable_squashfs.sh index e5a059d..5b0f089 100755 --- a/bin/hardening/2.23_disable_squashfs.sh +++ b/bin/hardening/2.23_disable_squashfs.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.24_disable_udf.sh b/bin/hardening/2.24_disable_udf.sh index e49469c..e102bdc 100755 --- a/bin/hardening/2.24_disable_udf.sh +++ b/bin/hardening/2.24_disable_udf.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.25_disable_automounting.sh b/bin/hardening/2.25_disable_automounting.sh index e6bf641..2abd21f 100755 --- a/bin/hardening/2.25_disable_automounting.sh +++ b/bin/hardening/2.25_disable_automounting.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.2_tmp_nodev.sh b/bin/hardening/2.2_tmp_nodev.sh index 6b34d0f..cd089a1 100755 --- a/bin/hardening/2.2_tmp_nodev.sh +++ b/bin/hardening/2.2_tmp_nodev.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.3_tmp_nosuid.sh b/bin/hardening/2.3_tmp_nosuid.sh index a361ca7..824eb34 100755 --- a/bin/hardening/2.3_tmp_nosuid.sh +++ b/bin/hardening/2.3_tmp_nosuid.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.4_tmp_noexec.sh b/bin/hardening/2.4_tmp_noexec.sh index 9d61da1..3971c4d 100755 --- a/bin/hardening/2.4_tmp_noexec.sh +++ b/bin/hardening/2.4_tmp_noexec.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.5_var_partition.sh b/bin/hardening/2.5_var_partition.sh index 3a0fed6..bba19c3 100755 --- a/bin/hardening/2.5_var_partition.sh +++ b/bin/hardening/2.5_var_partition.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.6.1_var_tmp_partition.sh b/bin/hardening/2.6.1_var_tmp_partition.sh index 1a1348b..57dc4e2 100755 --- a/bin/hardening/2.6.1_var_tmp_partition.sh +++ b/bin/hardening/2.6.1_var_tmp_partition.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.6.2_var_tmp_nodev.sh b/bin/hardening/2.6.2_var_tmp_nodev.sh index 2be7322..13df7e8 100755 --- a/bin/hardening/2.6.2_var_tmp_nodev.sh +++ b/bin/hardening/2.6.2_var_tmp_nodev.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.6.3_var_tmp_nosuid.sh b/bin/hardening/2.6.3_var_tmp_nosuid.sh index 992d8e6..8e745af 100755 --- a/bin/hardening/2.6.3_var_tmp_nosuid.sh +++ b/bin/hardening/2.6.3_var_tmp_nosuid.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.6.4_var_tmp_noexec.sh b/bin/hardening/2.6.4_var_tmp_noexec.sh index 223477f..6f6cf4b 100755 --- a/bin/hardening/2.6.4_var_tmp_noexec.sh +++ b/bin/hardening/2.6.4_var_tmp_noexec.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.7_var_log_partition.sh b/bin/hardening/2.7_var_log_partition.sh index 32b2c74..b05593a 100755 --- a/bin/hardening/2.7_var_log_partition.sh +++ b/bin/hardening/2.7_var_log_partition.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.8_var_log_audit_partition.sh b/bin/hardening/2.8_var_log_audit_partition.sh index 9c7bf92..721d49a 100755 --- a/bin/hardening/2.8_var_log_audit_partition.sh +++ b/bin/hardening/2.8_var_log_audit_partition.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/2.9_home_partition.sh b/bin/hardening/2.9_home_partition.sh index 04270db..3d3c2c5 100755 --- a/bin/hardening/2.9_home_partition.sh +++ b/bin/hardening/2.9_home_partition.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/3.1_bootloader_ownership.sh b/bin/hardening/3.1_bootloader_ownership.sh index 044d2b0..b5f8ef2 100755 --- a/bin/hardening/3.1_bootloader_ownership.sh +++ b/bin/hardening/3.1_bootloader_ownership.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/3.2_bootloader_permissions.sh b/bin/hardening/3.2_bootloader_permissions.sh index 1cadd62..2967579 100755 --- a/bin/hardening/3.2_bootloader_permissions.sh +++ b/bin/hardening/3.2_bootloader_permissions.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/3.3_bootloader_password.sh b/bin/hardening/3.3_bootloader_password.sh index 05a9ab0..8443de7 100755 --- a/bin/hardening/3.3_bootloader_password.sh +++ b/bin/hardening/3.3_bootloader_password.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/3.4_root_password.sh b/bin/hardening/3.4_root_password.sh index f37bfb0..9bef628 100755 --- a/bin/hardening/3.4_root_password.sh +++ b/bin/hardening/3.4_root_password.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/4.1_restrict_core_dumps.sh b/bin/hardening/4.1_restrict_core_dumps.sh index 7f6a4b6..c59526d 100755 --- a/bin/hardening/4.1_restrict_core_dumps.sh +++ b/bin/hardening/4.1_restrict_core_dumps.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/4.2_enable_nx_support.sh b/bin/hardening/4.2_enable_nx_support.sh index d5c4962..1a86838 100755 --- a/bin/hardening/4.2_enable_nx_support.sh +++ b/bin/hardening/4.2_enable_nx_support.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/4.3_enable_randomized_vm_placement.sh b/bin/hardening/4.3_enable_randomized_vm_placement.sh index ded11c1..03a7f71 100755 --- a/bin/hardening/4.3_enable_randomized_vm_placement.sh +++ b/bin/hardening/4.3_enable_randomized_vm_placement.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/4.4_disable_prelink.sh b/bin/hardening/4.4_disable_prelink.sh index 3770a6b..a0b9549 100755 --- a/bin/hardening/4.4_disable_prelink.sh +++ b/bin/hardening/4.4_disable_prelink.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/4.5_enable_apparmor.sh b/bin/hardening/4.5_enable_apparmor.sh index 88b7bbc..4714fbf 100755 --- a/bin/hardening/4.5_enable_apparmor.sh +++ b/bin/hardening/4.5_enable_apparmor.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.1.1_disable_nis.sh b/bin/hardening/5.1.1_disable_nis.sh index ddabc5b..01cf8d7 100755 --- a/bin/hardening/5.1.1_disable_nis.sh +++ b/bin/hardening/5.1.1_disable_nis.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.1.2_disable_rsh.sh b/bin/hardening/5.1.2_disable_rsh.sh index 802ab4b..3b6d3e5 100755 --- a/bin/hardening/5.1.2_disable_rsh.sh +++ b/bin/hardening/5.1.2_disable_rsh.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.1.3_disable_rsh_client.sh b/bin/hardening/5.1.3_disable_rsh_client.sh index 679093a..15d0b6d 100755 --- a/bin/hardening/5.1.3_disable_rsh_client.sh +++ b/bin/hardening/5.1.3_disable_rsh_client.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.1.4_disable_talk.sh b/bin/hardening/5.1.4_disable_talk.sh index ffd320b..e283fec 100755 --- a/bin/hardening/5.1.4_disable_talk.sh +++ b/bin/hardening/5.1.4_disable_talk.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.1.5_disable_talk_client.sh b/bin/hardening/5.1.5_disable_talk_client.sh index 3e5c927..c6f4b10 100755 --- a/bin/hardening/5.1.5_disable_talk_client.sh +++ b/bin/hardening/5.1.5_disable_talk_client.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.1.6_disable_telnet_server.sh b/bin/hardening/5.1.6_disable_telnet_server.sh index 9d7b3f6..61b19eb 100755 --- a/bin/hardening/5.1.6_disable_telnet_server.sh +++ b/bin/hardening/5.1.6_disable_telnet_server.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.1.7_disable_tftp_server.sh b/bin/hardening/5.1.7_disable_tftp_server.sh index 0c39f26..ae17ef1 100755 --- a/bin/hardening/5.1.7_disable_tftp_server.sh +++ b/bin/hardening/5.1.7_disable_tftp_server.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.1.8_disable_inetd.sh b/bin/hardening/5.1.8_disable_inetd.sh index bad5b8c..9a1bd52 100755 --- a/bin/hardening/5.1.8_disable_inetd.sh +++ b/bin/hardening/5.1.8_disable_inetd.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.2_disable_chargen.sh b/bin/hardening/5.2_disable_chargen.sh index 2ce2870..9fdc3c1 100755 --- a/bin/hardening/5.2_disable_chargen.sh +++ b/bin/hardening/5.2_disable_chargen.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.3_disable_daytime.sh b/bin/hardening/5.3_disable_daytime.sh index cb12750..8509fd1 100755 --- a/bin/hardening/5.3_disable_daytime.sh +++ b/bin/hardening/5.3_disable_daytime.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.4_disable_echo.sh b/bin/hardening/5.4_disable_echo.sh index d899e8f..0113670 100755 --- a/bin/hardening/5.4_disable_echo.sh +++ b/bin/hardening/5.4_disable_echo.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.5_disable_discard.sh b/bin/hardening/5.5_disable_discard.sh index 0fce91d..77601fa 100755 --- a/bin/hardening/5.5_disable_discard.sh +++ b/bin/hardening/5.5_disable_discard.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/5.6_disable_time.sh b/bin/hardening/5.6_disable_time.sh index 0267904..106dc69 100755 --- a/bin/hardening/5.6_disable_time.sh +++ b/bin/hardening/5.6_disable_time.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.10_disable_http_server.sh b/bin/hardening/6.10_disable_http_server.sh index 72d3076..8909daa 100755 --- a/bin/hardening/6.10_disable_http_server.sh +++ b/bin/hardening/6.10_disable_http_server.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.11_disable_imap_pop.sh b/bin/hardening/6.11_disable_imap_pop.sh index 9d4b82d..a7dec19 100755 --- a/bin/hardening/6.11_disable_imap_pop.sh +++ b/bin/hardening/6.11_disable_imap_pop.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.12_disable_samba.sh b/bin/hardening/6.12_disable_samba.sh index d635a34..b696c4e 100755 --- a/bin/hardening/6.12_disable_samba.sh +++ b/bin/hardening/6.12_disable_samba.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.13_diable_http_proxy.sh b/bin/hardening/6.13_diable_http_proxy.sh index b1a4b29..c923be9 100755 --- a/bin/hardening/6.13_diable_http_proxy.sh +++ b/bin/hardening/6.13_diable_http_proxy.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.14_disable_snmp_server.sh b/bin/hardening/6.14_disable_snmp_server.sh index 6eceacb..6754f73 100755 --- a/bin/hardening/6.14_disable_snmp_server.sh +++ b/bin/hardening/6.14_disable_snmp_server.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.15_mta_localhost.sh b/bin/hardening/6.15_mta_localhost.sh index e08325c..4651471 100755 --- a/bin/hardening/6.15_mta_localhost.sh +++ b/bin/hardening/6.15_mta_localhost.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.16_disable_rsync.sh b/bin/hardening/6.16_disable_rsync.sh new file mode 100755 index 0000000..5007e13 --- /dev/null +++ b/bin/hardening/6.16_disable_rsync.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH +# + +# +# 6.16 Ensure rsync service is not enabled (Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +PACKAGE='rsync' +RSYNC_DEFAULT_PATTERN='RSYNC_ENABLE=false' +RSYNC_DEFAULT_FILE='/etc/default/rsync' +RSYNC_DEFAULT_PATTERN_TO_SEARCH='RSYNC_ENABLE=true' + +# This function will be called if the script status is on enabled / audit mode +audit () { + is_pkg_installed $PACKAGE + if [ $FNRET != 0 ]; then + ok "$PACKAGE is not installed" + else + ok "$PACKAGE is installed, checking configuration" + does_pattern_exists_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN" + if [ $FNRET != 0 ]; then + crit "$RSYNC_DEFAULT_PATTERN not found in $RSYNC_DEFAULT_FILE" + else + ok "$RSYNC_DEFAULT_PATTERN found in $RSYNC_DEFAULT_FILE" + fi + fi +} + +# This function will be called if the script status is on enabled mode +apply () { + is_pkg_installed $PACKAGE + if [ $FNRET != 0 ]; then + ok "$PACKAGE is not installed" + else + ok "$PACKAGE is installed, checking configuration" + does_pattern_exists_in_file $RSYNC_DEFAULT_FILE "^$RSYNC_DEFAULT_PATTERN" + if [ $FNRET != 0 ]; then + warn "$RSYNC_DEFAULT_PATTERN not found in $RSYNC_DEFAULT_FILE, adding it" + backup_file $RSYNC_DEFAULT_FILE + replace_in_file $RSYNC_DEFAULT_FILE $RSYNC_DEFAULT_PATTERN_TO_SEARCH $RSYNC_DEFAULT_PATTERN + else + ok "$RSYNC_DEFAULT_PATTERN found in $RSYNC_DEFAULT_FILE" + fi + fi +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/bin/hardening/6.1_disable_xwindow_system.sh b/bin/hardening/6.1_disable_xwindow_system.sh index bd30e09..65ae917 100755 --- a/bin/hardening/6.1_disable_xwindow_system.sh +++ b/bin/hardening/6.1_disable_xwindow_system.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.2_disable_avahi_server.sh b/bin/hardening/6.2_disable_avahi_server.sh index 7a4a13a..d548b90 100755 --- a/bin/hardening/6.2_disable_avahi_server.sh +++ b/bin/hardening/6.2_disable_avahi_server.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.3_disable_print_server.sh b/bin/hardening/6.3_disable_print_server.sh index 2a606f9..80224a4 100755 --- a/bin/hardening/6.3_disable_print_server.sh +++ b/bin/hardening/6.3_disable_print_server.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.4_disable_dhcp.sh b/bin/hardening/6.4_disable_dhcp.sh index dcf76d9..4cd9d48 100755 --- a/bin/hardening/6.4_disable_dhcp.sh +++ b/bin/hardening/6.4_disable_dhcp.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.5_configure_ntp.sh b/bin/hardening/6.5_configure_ntp.sh index df3c861..cad9deb 100755 --- a/bin/hardening/6.5_configure_ntp.sh +++ b/bin/hardening/6.5_configure_ntp.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.6_diable_ldap.sh b/bin/hardening/6.6_diable_ldap.sh index 9fb4f35..75bf546 100755 --- a/bin/hardening/6.6_diable_ldap.sh +++ b/bin/hardening/6.6_diable_ldap.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.7_disable_nfs_rpc.sh b/bin/hardening/6.7_disable_nfs_rpc.sh index d1f0d00..2c0a0d0 100755 --- a/bin/hardening/6.7_disable_nfs_rpc.sh +++ b/bin/hardening/6.7_disable_nfs_rpc.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.8_disable_dns_server.sh b/bin/hardening/6.8_disable_dns_server.sh index 492a9bb..a2bcbac 100755 --- a/bin/hardening/6.8_disable_dns_server.sh +++ b/bin/hardening/6.8_disable_dns_server.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/bin/hardening/6.9_disable_ftp.sh b/bin/hardening/6.9_disable_ftp.sh index 579f933..ea58eaf 100755 --- a/bin/hardening/6.9_disable_ftp.sh +++ b/bin/hardening/6.9_disable_ftp.sh @@ -2,6 +2,7 @@ # # CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH # # diff --git a/etc/conf.d/6.16_disable_rsync.cfg b/etc/conf.d/6.16_disable_rsync.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/6.16_disable_rsync.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled diff --git a/lib/utils.sh b/lib/utils.sh index 50a750d..781e045 100644 --- a/lib/utils.sh +++ b/lib/utils.sh @@ -117,6 +117,18 @@ add_line_file_before_pattern() { sed -i "/$PATTERN/i $LINE" $FILE FNRET=0 } + +replace_in_file() { + local FILE=$1 + local SOURCE=$2 + local DESTINATION=$3 + + debug "Replacing $SOURCE to $DESTINATION in $FILE" + debug "sed -i 's/$SOURCE/$DESTINATION/g' $FILE" + sed -i "s/$SOURCE/$DESTINATION/g" $FILE + FNRET=0 +} + # # User manipulation #