mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-22 13:37:02 +01:00
Update documentation
This commit is contained in:
Thibault Ayanides
parent
9cbc3f85a9
commit
936b84c0f2
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.1.1 Disable Mounting of freevxfs Filesystems (Not Scored)
|
# 1.1.1.1 Ensure Mounting of freevxfs filesystems is disabled (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.1.2 Disable Mounting of jffs2 Filesystems (Not Scored)
|
# 1.1.1.2 Esnure mounting of jffs2 filesystems is disabled (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.1.3 Disable Mounting of hfs Filesystems (Not Scored)
|
# 1.1.1.3 Ensure mounting of hfs filesystems is disabled (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.1.4 Disable Mounting of hfsplus Filesystems (Not Scored)
|
# 1.1.1.4 Ensure mounting of hfsplus filesystems is disabled (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.1.5 Disable Mounting of squashfs Filesystems (Not Scored)
|
# 1.1.1.5 Ensure mounting of squashfs filesystems is disabled (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.1.6 Disable Mounting of udf Filesystems (Not Scored)
|
# 1.1.1.6 Ensure mounting of udf filesystems is disabled (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.1.7 Ensure mounting of FAT filesystem is limited (Not Scored)
|
# 1.1.1.7 Ensure mounting of FAT filesystems is limited (Not Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.11 Create Separate Partition for /var/log (Scored)
|
# 1.1.11 Ensure separate partition exists for /var/log (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.12 Create Separate Partition for /var/log/audit (Scored)
|
# 1.1.12 Ensure separate partition exists for /var/log/audit (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.13 Create Separate Partition for /home (Scored)
|
# 1.1.13 Ensure separate partition exists for /home (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.16 Ensure nosuid Option set on /run/shm Partition (Scored)
|
# 1.1.16 Ensure nosuid option set on /run/shm partition (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.17 Ensure noexec Option set on /run/shm Partition (Scored)
|
# 1.1.17 Ensure noexec option set on /run/shm partition (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.18 Add nodev Option to Removable Media Partitions (Not Scored)
|
# 1.1.18 Ensure nodev option set on removable media partition (Not Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.19 Ensure nosuid Option set on Removable Media Partitions (Not Scored)
|
# 1.1.19 Ensure nosuid option set on removable media partitions (Not Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.20 Ensure noexec Option set on Removable Media Partitions (Not Scored)
|
# 1.1.20 Ensure noexec option set on removable media partition (Not Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.21 Ensure Sticky Bit set on All World-Writable Directories (Scored)
|
# 1.1.21 Ensure sticky bit is set on all world-writable directories (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.1.6 Create Separate Partition for /var (Scored)
|
# 1.1.6 Ensure separate partition exists for /var (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 1.7.2.2 Activate AppArmor (Scored)
|
# 1.7.2.2 Ensure AppArmor is enabled in the bootloader configuration (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 4.2.2.1 Ensure Syslog-ng is installed (Scored)
|
# 4.2.1.1 Ensure syslog-ng is installed (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 4.2.2.2 Ensure syslog-ng service is enabled (Scored)
|
# 4.2.1.2 Ensure syslog-ng service is enabled (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 4.2.2.3 Configure /etc/syslog-ng/syslog-ng.conf (Not Scored)
|
# 4.2.1.3 Configure /etc/syslog-ng/syslog-ng.conf (Not Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 4.2.2.4 Create and Set Permissions on syslog-ng Log Files (Scored)
|
# 4.2.1.4 Create and Set Permissions on syslog-ng Log Files (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 4.2.2.5 Ensure syslog-ng is configured to send logs to a remote log host (Not Scored)
|
# 4.2.1.5 Ensure syslog-ng is configured to send logs to a remote log host (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 4.2.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored)
|
# 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. (Not Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -21,7 +21,7 @@ DESCRIPTION="Configure journald to send logs to syslog-ng."
|
|||||||
audit() {
|
audit() {
|
||||||
:
|
:
|
||||||
}
|
}
|
||||||
rsyslog
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
:
|
:
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
# run-shellcheck
|
# run-shellcheck
|
||||||
#
|
#
|
||||||
# CIS Debian 7/8 Hardening
|
# CIS Debian Hardening
|
||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
# run-shellcheck
|
# run-shellcheck
|
||||||
#
|
#
|
||||||
# CIS Debian 7/8 Hardening
|
# CIS Debian Hardening
|
||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|||||||
@ -7,7 +7,6 @@
|
|||||||
|
|
||||||
#
|
#
|
||||||
# 5.2.16 Ensure SSH Idle Timeout Interval is configured (Scored)
|
# 5.2.16 Ensure SSH Idle Timeout Interval is configured (Scored)
|
||||||
# FIXME: the implementation of this script doesn't do what it says
|
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 5.2.8 Set SSH IgnoreRhosts to Yes (Scored)
|
# 5.2.8 Ensure SSH IgnoreRhosts is enabled (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 5.4.1.4 Lock Inactive User Accounts (Scored)
|
# 5.4.1.4 Ensure inactive password lock is 30 days or less (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 6.1.11 Ensure no unowned files or directories exist
|
# 6.1.11 Ensure no unowned files or directories exist (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
@ -15,7 +15,7 @@ set -u # One variable unset, it's over
|
|||||||
# shellcheck disable=2034
|
# shellcheck disable=2034
|
||||||
HARDENING_LEVEL=2
|
HARDENING_LEVEL=2
|
||||||
# shellcheck disable=2034
|
# shellcheck disable=2034
|
||||||
DESCRIPTION="Ensure no unowned files or directories exist"
|
DESCRIPTION="Ensure no unowned files or directories exist."
|
||||||
|
|
||||||
USER='root'
|
USER='root'
|
||||||
EXCLUDED=''
|
EXCLUDED=''
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 6.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored)
|
# 6.2.2 Ensure no legacy "+" entries exist in /etc/passwd (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 6.2.4 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored)
|
# 6.2.4 Ensure no legacy "+" entries exist in /etc/shadow (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 6.2.5 Verify No Legacy "+" Entries Exist in /etc/group File (Scored)
|
# 6.2.5 Ensure no legacy "+" entries exist in /etc/group (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 6.2.8 Check Permissions on User Home Directories (Scored)
|
# 6.2.8 Ensure users' home directories permissions are 750 or more restrictive (Scored
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 99.1.1.1 Disable Mounting of cramfs Filesystems (Not Scored)
|
# 99.1.1.1 Ensure mounting of cramfs filesystems is disabled (Not Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 99.1.3 Checks there are no carte-blanche authorization in sudoers file(s).
|
# 99.1.3 Check there are no carte-blanche authorization in sudoers file(s).
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
#
|
#
|
||||||
# 99.3.3.5 Verify Permissions on /etc/hosts.deny (Scored)
|
# 99.3.3.5 Verify permissions on /etc/hosts.deny (Scored)
|
||||||
#
|
#
|
||||||
|
|
||||||
set -e # One error, it's over
|
set -e # One error, it's over
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user