diff --git a/bin/hardening/1.1.1.1_disable_freevxfs.sh b/bin/hardening/1.1.1.1_disable_freevxfs.sh index d5c1a70..0a0497d 100755 --- a/bin/hardening/1.1.1.1_disable_freevxfs.sh +++ b/bin/hardening/1.1.1.1_disable_freevxfs.sh @@ -6,7 +6,7 @@ # # -# 1.1.1.1 Disable Mounting of freevxfs Filesystems (Not Scored) +# 1.1.1.1 Ensure Mounting of freevxfs filesystems is disabled (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.1.2_disable_jffs2.sh b/bin/hardening/1.1.1.2_disable_jffs2.sh index 2ed8384..8aaea98 100755 --- a/bin/hardening/1.1.1.2_disable_jffs2.sh +++ b/bin/hardening/1.1.1.2_disable_jffs2.sh @@ -6,7 +6,7 @@ # # -# 1.1.1.2 Disable Mounting of jffs2 Filesystems (Not Scored) +# 1.1.1.2 Esnure mounting of jffs2 filesystems is disabled (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.1.3_disable_hfs.sh b/bin/hardening/1.1.1.3_disable_hfs.sh index eb8ca14..181e7b0 100755 --- a/bin/hardening/1.1.1.3_disable_hfs.sh +++ b/bin/hardening/1.1.1.3_disable_hfs.sh @@ -6,7 +6,7 @@ # # -# 1.1.1.3 Disable Mounting of hfs Filesystems (Not Scored) +# 1.1.1.3 Ensure mounting of hfs filesystems is disabled (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.1.4_disable_hfsplus.sh b/bin/hardening/1.1.1.4_disable_hfsplus.sh index 28118fc..3af05a7 100755 --- a/bin/hardening/1.1.1.4_disable_hfsplus.sh +++ b/bin/hardening/1.1.1.4_disable_hfsplus.sh @@ -6,7 +6,7 @@ # # -# 1.1.1.4 Disable Mounting of hfsplus Filesystems (Not Scored) +# 1.1.1.4 Ensure mounting of hfsplus filesystems is disabled (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.1.5_disable_squashfs.sh b/bin/hardening/1.1.1.5_disable_squashfs.sh index 8b088aa..7d67c03 100755 --- a/bin/hardening/1.1.1.5_disable_squashfs.sh +++ b/bin/hardening/1.1.1.5_disable_squashfs.sh @@ -6,7 +6,7 @@ # # -# 1.1.1.5 Disable Mounting of squashfs Filesystems (Not Scored) +# 1.1.1.5 Ensure mounting of squashfs filesystems is disabled (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.1.6_disable_udf.sh b/bin/hardening/1.1.1.6_disable_udf.sh index 913c657..ae54166 100755 --- a/bin/hardening/1.1.1.6_disable_udf.sh +++ b/bin/hardening/1.1.1.6_disable_udf.sh @@ -6,7 +6,7 @@ # # -# 1.1.1.6 Disable Mounting of udf Filesystems (Not Scored) +# 1.1.1.6 Ensure mounting of udf filesystems is disabled (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.1.7_restrict_fat.sh b/bin/hardening/1.1.1.7_restrict_fat.sh index 12071c9..955028e 100755 --- a/bin/hardening/1.1.1.7_restrict_fat.sh +++ b/bin/hardening/1.1.1.7_restrict_fat.sh @@ -6,7 +6,7 @@ # # -# 1.1.1.7 Ensure mounting of FAT filesystem is limited (Not Scored) +# 1.1.1.7 Ensure mounting of FAT filesystems is limited (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.11_var_log_partition.sh b/bin/hardening/1.1.11_var_log_partition.sh index ab048f9..8dffa6a 100755 --- a/bin/hardening/1.1.11_var_log_partition.sh +++ b/bin/hardening/1.1.11_var_log_partition.sh @@ -6,7 +6,7 @@ # # -# 1.1.11 Create Separate Partition for /var/log (Scored) +# 1.1.11 Ensure separate partition exists for /var/log (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.12_var_log_audit_partition.sh b/bin/hardening/1.1.12_var_log_audit_partition.sh index 05b2f47..ff5995c 100755 --- a/bin/hardening/1.1.12_var_log_audit_partition.sh +++ b/bin/hardening/1.1.12_var_log_audit_partition.sh @@ -6,7 +6,7 @@ # # -# 1.1.12 Create Separate Partition for /var/log/audit (Scored) +# 1.1.12 Ensure separate partition exists for /var/log/audit (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.13_home_partition.sh b/bin/hardening/1.1.13_home_partition.sh index e51559c..c6a537c 100755 --- a/bin/hardening/1.1.13_home_partition.sh +++ b/bin/hardening/1.1.13_home_partition.sh @@ -6,7 +6,7 @@ # # -# 1.1.13 Create Separate Partition for /home (Scored) +# 1.1.13 Ensure separate partition exists for /home (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.16_run_shm_nosuid.sh b/bin/hardening/1.1.16_run_shm_nosuid.sh index 6716140..ee58ad9 100755 --- a/bin/hardening/1.1.16_run_shm_nosuid.sh +++ b/bin/hardening/1.1.16_run_shm_nosuid.sh @@ -6,7 +6,7 @@ # # -# 1.1.16 Ensure nosuid Option set on /run/shm Partition (Scored) +# 1.1.16 Ensure nosuid option set on /run/shm partition (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.17_run_shm_noexec.sh b/bin/hardening/1.1.17_run_shm_noexec.sh index 0338a55..934c6d7 100755 --- a/bin/hardening/1.1.17_run_shm_noexec.sh +++ b/bin/hardening/1.1.17_run_shm_noexec.sh @@ -6,7 +6,7 @@ # # -# 1.1.17 Ensure noexec Option set on /run/shm Partition (Scored) +# 1.1.17 Ensure noexec option set on /run/shm partition (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.18_removable_device_nodev.sh b/bin/hardening/1.1.18_removable_device_nodev.sh index 36aa90b..4c4ef34 100755 --- a/bin/hardening/1.1.18_removable_device_nodev.sh +++ b/bin/hardening/1.1.18_removable_device_nodev.sh @@ -6,7 +6,7 @@ # # -# 1.1.18 Add nodev Option to Removable Media Partitions (Not Scored) +# 1.1.18 Ensure nodev option set on removable media partition (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.19_removable_device_nosuid.sh b/bin/hardening/1.1.19_removable_device_nosuid.sh index e112b56..cecdca1 100755 --- a/bin/hardening/1.1.19_removable_device_nosuid.sh +++ b/bin/hardening/1.1.19_removable_device_nosuid.sh @@ -6,7 +6,7 @@ # # -# 1.1.19 Ensure nosuid Option set on Removable Media Partitions (Not Scored) +# 1.1.19 Ensure nosuid option set on removable media partitions (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.20_removable_device_noexec.sh b/bin/hardening/1.1.20_removable_device_noexec.sh index e70d13a..4247044 100755 --- a/bin/hardening/1.1.20_removable_device_noexec.sh +++ b/bin/hardening/1.1.20_removable_device_noexec.sh @@ -6,7 +6,7 @@ # # -# 1.1.20 Ensure noexec Option set on Removable Media Partitions (Not Scored) +# 1.1.20 Ensure noexec option set on removable media partition (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh index 2f96090..f5396f6 100755 --- a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh +++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh @@ -6,7 +6,7 @@ # # -# 1.1.21 Ensure Sticky Bit set on All World-Writable Directories (Scored) +# 1.1.21 Ensure sticky bit is set on all world-writable directories (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.1.6_var_partition.sh b/bin/hardening/1.1.6_var_partition.sh index 7e5ee9c..09d4757 100755 --- a/bin/hardening/1.1.6_var_partition.sh +++ b/bin/hardening/1.1.6_var_partition.sh @@ -6,7 +6,7 @@ # # -# 1.1.6 Create Separate Partition for /var (Scored) +# 1.1.6 Ensure separate partition exists for /var (Scored) # set -e # One error, it's over diff --git a/bin/hardening/1.7.1.2_enable_apparmor.sh b/bin/hardening/1.7.1.2_enable_apparmor.sh index 06e05fb..f3bf39b 100755 --- a/bin/hardening/1.7.1.2_enable_apparmor.sh +++ b/bin/hardening/1.7.1.2_enable_apparmor.sh @@ -6,7 +6,7 @@ # # -# 1.7.2.2 Activate AppArmor (Scored) +# 1.7.2.2 Ensure AppArmor is enabled in the bootloader configuration (Scored) # set -e # One error, it's over diff --git a/bin/hardening/4.2.1.1_install_syslog-ng.sh b/bin/hardening/4.2.1.1_install_syslog-ng.sh index 5a9ec7b..3a1d8e6 100755 --- a/bin/hardening/4.2.1.1_install_syslog-ng.sh +++ b/bin/hardening/4.2.1.1_install_syslog-ng.sh @@ -6,7 +6,7 @@ # # -# 4.2.2.1 Ensure Syslog-ng is installed (Scored) +# 4.2.1.1 Ensure syslog-ng is installed (Scored) # set -e # One error, it's over diff --git a/bin/hardening/4.2.1.2_enable_syslog-ng.sh b/bin/hardening/4.2.1.2_enable_syslog-ng.sh index a73ee66..6cb2fd6 100755 --- a/bin/hardening/4.2.1.2_enable_syslog-ng.sh +++ b/bin/hardening/4.2.1.2_enable_syslog-ng.sh @@ -6,7 +6,7 @@ # # -# 4.2.2.2 Ensure syslog-ng service is enabled (Scored) +# 4.2.1.2 Ensure syslog-ng service is enabled (Scored) # set -e # One error, it's over diff --git a/bin/hardening/4.2.1.3_configure_syslog-ng.sh b/bin/hardening/4.2.1.3_configure_syslog-ng.sh index 468b2a2..715a4ed 100755 --- a/bin/hardening/4.2.1.3_configure_syslog-ng.sh +++ b/bin/hardening/4.2.1.3_configure_syslog-ng.sh @@ -6,7 +6,7 @@ # # -# 4.2.2.3 Configure /etc/syslog-ng/syslog-ng.conf (Not Scored) +# 4.2.1.3 Configure /etc/syslog-ng/syslog-ng.conf (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh b/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh index 2794093..118c911 100755 --- a/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh +++ b/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh @@ -6,7 +6,7 @@ # # -# 4.2.2.4 Create and Set Permissions on syslog-ng Log Files (Scored) +# 4.2.1.4 Create and Set Permissions on syslog-ng Log Files (Scored) # set -e # One error, it's over diff --git a/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh b/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh index ac9915d..19e305e 100755 --- a/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh +++ b/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh @@ -6,7 +6,7 @@ # # -# 4.2.2.5 Ensure syslog-ng is configured to send logs to a remote log host (Not Scored) +# 4.2.1.5 Ensure syslog-ng is configured to send logs to a remote log host (Scored) # set -e # One error, it's over diff --git a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh index 7b38f07..d587fc2 100755 --- a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh +++ b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh @@ -6,7 +6,7 @@ # # -# 4.2.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored) +# 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/4.2.2.2_journald_compress.sh b/bin/hardening/4.2.2.2_journald_compress.sh index 5541466..e02d8be 100755 --- a/bin/hardening/4.2.2.2_journald_compress.sh +++ b/bin/hardening/4.2.2.2_journald_compress.sh @@ -21,7 +21,7 @@ DESCRIPTION="Configure journald to send logs to syslog-ng." audit() { : } -rsyslog + # This function will be called if the script status is on enabled mode apply() { : diff --git a/bin/hardening/5.2.14_ssh_cry_mac.sh b/bin/hardening/5.2.14_ssh_cry_mac.sh index 0a8e431..9f3e801 100755 --- a/bin/hardening/5.2.14_ssh_cry_mac.sh +++ b/bin/hardening/5.2.14_ssh_cry_mac.sh @@ -2,7 +2,7 @@ # run-shellcheck # -# CIS Debian 7/8 Hardening +# CIS Debian Hardening # # diff --git a/bin/hardening/5.2.15_ssh_cry_kex.sh b/bin/hardening/5.2.15_ssh_cry_kex.sh index e77f960..e17d7a9 100755 --- a/bin/hardening/5.2.15_ssh_cry_kex.sh +++ b/bin/hardening/5.2.15_ssh_cry_kex.sh @@ -2,7 +2,7 @@ # run-shellcheck # -# CIS Debian 7/8 Hardening +# CIS Debian Hardening # # diff --git a/bin/hardening/5.2.16_sshd_idle_timeout.sh b/bin/hardening/5.2.16_sshd_idle_timeout.sh index c131525..2b96e4f 100755 --- a/bin/hardening/5.2.16_sshd_idle_timeout.sh +++ b/bin/hardening/5.2.16_sshd_idle_timeout.sh @@ -7,7 +7,6 @@ # # 5.2.16 Ensure SSH Idle Timeout Interval is configured (Scored) -# FIXME: the implementation of this script doesn't do what it says # set -e # One error, it's over diff --git a/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh index bdbcfd1..0dec3df 100755 --- a/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh +++ b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh @@ -6,7 +6,7 @@ # # -# 5.2.8 Set SSH IgnoreRhosts to Yes (Scored) +# 5.2.8 Ensure SSH IgnoreRhosts is enabled (Scored) # set -e # One error, it's over diff --git a/bin/hardening/5.4.1.4_lock_inactive_user_account.sh b/bin/hardening/5.4.1.4_lock_inactive_user_account.sh index 63c5af1..f85f375 100755 --- a/bin/hardening/5.4.1.4_lock_inactive_user_account.sh +++ b/bin/hardening/5.4.1.4_lock_inactive_user_account.sh @@ -6,7 +6,7 @@ # # -# 5.4.1.4 Lock Inactive User Accounts (Scored) +# 5.4.1.4 Ensure inactive password lock is 30 days or less (Scored) # set -e # One error, it's over diff --git a/bin/hardening/6.1.11_find_unowned_files.sh b/bin/hardening/6.1.11_find_unowned_files.sh index 050cb44..50652ab 100755 --- a/bin/hardening/6.1.11_find_unowned_files.sh +++ b/bin/hardening/6.1.11_find_unowned_files.sh @@ -6,7 +6,7 @@ # # -# 6.1.11 Ensure no unowned files or directories exist +# 6.1.11 Ensure no unowned files or directories exist (Scored) # set -e # One error, it's over @@ -15,7 +15,7 @@ set -u # One variable unset, it's over # shellcheck disable=2034 HARDENING_LEVEL=2 # shellcheck disable=2034 -DESCRIPTION="Ensure no unowned files or directories exist" +DESCRIPTION="Ensure no unowned files or directories exist." USER='root' EXCLUDED='' diff --git a/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh index 71bcace..6faef01 100755 --- a/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh +++ b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh @@ -6,7 +6,7 @@ # # -# 6.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored) +# 6.2.2 Ensure no legacy "+" entries exist in /etc/passwd (Scored) # set -e # One error, it's over diff --git a/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh b/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh index fe58512..f00dfcf 100755 --- a/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh +++ b/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh @@ -6,7 +6,7 @@ # # -# 6.2.4 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored) +# 6.2.4 Ensure no legacy "+" entries exist in /etc/shadow (Scored) # set -e # One error, it's over diff --git a/bin/hardening/6.2.5_remove_legacy_group_entries.sh b/bin/hardening/6.2.5_remove_legacy_group_entries.sh index 761a759..506aa61 100755 --- a/bin/hardening/6.2.5_remove_legacy_group_entries.sh +++ b/bin/hardening/6.2.5_remove_legacy_group_entries.sh @@ -6,7 +6,7 @@ # # -# 6.2.5 Verify No Legacy "+" Entries Exist in /etc/group File (Scored) +# 6.2.5 Ensure no legacy "+" entries exist in /etc/group (Scored) # set -e # One error, it's over diff --git a/bin/hardening/6.2.8_check_user_dir_perm.sh b/bin/hardening/6.2.8_check_user_dir_perm.sh index 1ebdfdd..c282f90 100755 --- a/bin/hardening/6.2.8_check_user_dir_perm.sh +++ b/bin/hardening/6.2.8_check_user_dir_perm.sh @@ -6,7 +6,7 @@ # # -# 6.2.8 Check Permissions on User Home Directories (Scored) +# 6.2.8 Ensure users' home directories permissions are 750 or more restrictive (Scored # set -e # One error, it's over diff --git a/bin/hardening/99.1.1.1_disable_cramfs.sh b/bin/hardening/99.1.1.1_disable_cramfs.sh index 053a6a8..78ba88f 100755 --- a/bin/hardening/99.1.1.1_disable_cramfs.sh +++ b/bin/hardening/99.1.1.1_disable_cramfs.sh @@ -6,7 +6,7 @@ # # -# 99.1.1.1 Disable Mounting of cramfs Filesystems (Not Scored) +# 99.1.1.1 Ensure mounting of cramfs filesystems is disabled (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/99.1.3_acc_sudoers_no_all.sh b/bin/hardening/99.1.3_acc_sudoers_no_all.sh index 53ab587..e67239f 100755 --- a/bin/hardening/99.1.3_acc_sudoers_no_all.sh +++ b/bin/hardening/99.1.3_acc_sudoers_no_all.sh @@ -6,7 +6,7 @@ # # -# 99.1.3 Checks there are no carte-blanche authorization in sudoers file(s). +# 99.1.3 Check there are no carte-blanche authorization in sudoers file(s). # set -e # One error, it's over diff --git a/bin/hardening/99.3.3.5_hosts_deny_permissions.sh b/bin/hardening/99.3.3.5_hosts_deny_permissions.sh index c862074..c0579bd 100755 --- a/bin/hardening/99.3.3.5_hosts_deny_permissions.sh +++ b/bin/hardening/99.3.3.5_hosts_deny_permissions.sh @@ -6,7 +6,7 @@ # # -# 99.3.3.5 Verify Permissions on /etc/hosts.deny (Scored) +# 99.3.3.5 Verify permissions on /etc/hosts.deny (Scored) # set -e # One error, it's over