Update documentation

2024-11-22 13:37:02 +01:00 · 2020-12-22 17:01:41 +01:00 · 2020-12-22 17:01:41 +01:00 · 936b84c0f2
commit 936b84c0f2
parent 9cbc3f85a9
38 changed files with 38 additions and 39 deletions
--- a/bin/hardening/1.1.1.1_disable_freevxfs.sh
+++ b/bin/hardening/1.1.1.1_disable_freevxfs.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.1.1 Disable Mounting of freevxfs Filesystems (Not Scored)
+# 1.1.1.1 Ensure Mounting of freevxfs filesystems is disabled (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.1.2_disable_jffs2.sh
+++ b/bin/hardening/1.1.1.2_disable_jffs2.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.1.2 Disable Mounting of jffs2 Filesystems (Not Scored)
+# 1.1.1.2 Esnure mounting of jffs2 filesystems is disabled (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.1.3_disable_hfs.sh
+++ b/bin/hardening/1.1.1.3_disable_hfs.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.1.3 Disable Mounting of hfs Filesystems (Not Scored)
+# 1.1.1.3 Ensure mounting of hfs filesystems is disabled (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.1.4_disable_hfsplus.sh
+++ b/bin/hardening/1.1.1.4_disable_hfsplus.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.1.4 Disable Mounting of hfsplus Filesystems (Not Scored)
+# 1.1.1.4 Ensure mounting of hfsplus filesystems is disabled (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.1.5_disable_squashfs.sh
+++ b/bin/hardening/1.1.1.5_disable_squashfs.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.1.5 Disable Mounting of squashfs Filesystems (Not Scored)
+# 1.1.1.5 Ensure mounting of squashfs filesystems is disabled (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.1.6_disable_udf.sh
+++ b/bin/hardening/1.1.1.6_disable_udf.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.1.6 Disable Mounting of udf Filesystems (Not Scored)
+# 1.1.1.6 Ensure mounting of udf filesystems is disabled (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.1.7_restrict_fat.sh
+++ b/bin/hardening/1.1.1.7_restrict_fat.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.1.7 Ensure mounting of FAT filesystem is limited (Not Scored)
+# 1.1.1.7 Ensure mounting of FAT filesystems is limited (Not Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.11_var_log_partition.sh
+++ b/bin/hardening/1.1.11_var_log_partition.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.11 Create Separate Partition for /var/log (Scored)
+# 1.1.11 Ensure separate partition exists for /var/log (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.12_var_log_audit_partition.sh
+++ b/bin/hardening/1.1.12_var_log_audit_partition.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.12 Create Separate Partition for /var/log/audit (Scored)
+# 1.1.12 Ensure separate partition exists for /var/log/audit (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.13_home_partition.sh
+++ b/bin/hardening/1.1.13_home_partition.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.13 Create Separate Partition for /home (Scored)
+# 1.1.13 Ensure separate partition exists for /home (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.16_run_shm_nosuid.sh
+++ b/bin/hardening/1.1.16_run_shm_nosuid.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.16 Ensure nosuid Option set on /run/shm Partition (Scored)
+# 1.1.16 Ensure nosuid option set on /run/shm partition (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.17_run_shm_noexec.sh
+++ b/bin/hardening/1.1.17_run_shm_noexec.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.17 Ensure noexec Option set on /run/shm Partition (Scored)
+# 1.1.17 Ensure noexec option set on /run/shm partition (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.18_removable_device_nodev.sh
+++ b/bin/hardening/1.1.18_removable_device_nodev.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.18 Add nodev Option to Removable Media Partitions (Not Scored)
+# 1.1.18 Ensure nodev option set on removable media partition (Not Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.19_removable_device_nosuid.sh
+++ b/bin/hardening/1.1.19_removable_device_nosuid.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.19 Ensure nosuid Option set on Removable Media Partitions (Not Scored)
+# 1.1.19 Ensure nosuid option set on removable media partitions (Not Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.20_removable_device_noexec.sh
+++ b/bin/hardening/1.1.20_removable_device_noexec.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.20 Ensure noexec Option set on Removable Media Partitions (Not Scored)
+# 1.1.20 Ensure noexec option set on removable media partition (Not Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh
+++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.21 Ensure Sticky Bit set on All World-Writable Directories (Scored)
+# 1.1.21 Ensure sticky bit is set on all world-writable directories (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.1.6_var_partition.sh
+++ b/bin/hardening/1.1.6_var_partition.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.1.6 Create Separate Partition for /var (Scored)
+# 1.1.6 Ensure separate partition exists for /var (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/1.7.1.2_enable_apparmor.sh
+++ b/bin/hardening/1.7.1.2_enable_apparmor.sh
@ -6,7 +6,7 @@
 #

 #
-# 1.7.2.2 Activate AppArmor (Scored)
+# 1.7.2.2 Ensure AppArmor is enabled in the bootloader configuration (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/4.2.1.1_install_syslog-ng.sh
+++ b/bin/hardening/4.2.1.1_install_syslog-ng.sh
@ -6,7 +6,7 @@
 #

 #
-# 4.2.2.1 Ensure Syslog-ng is installed (Scored)
+# 4.2.1.1 Ensure syslog-ng is installed (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/4.2.1.2_enable_syslog-ng.sh
+++ b/bin/hardening/4.2.1.2_enable_syslog-ng.sh
@ -6,7 +6,7 @@
 #

 #
-# 4.2.2.2 Ensure syslog-ng service is enabled (Scored)
+# 4.2.1.2 Ensure syslog-ng service is enabled (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/4.2.1.3_configure_syslog-ng.sh
+++ b/bin/hardening/4.2.1.3_configure_syslog-ng.sh
@ -6,7 +6,7 @@
 #

 #
-# 4.2.2.3 Configure /etc/syslog-ng/syslog-ng.conf (Not Scored)
+# 4.2.1.3 Configure /etc/syslog-ng/syslog-ng.conf (Not Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh
+++ b/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh
@ -6,7 +6,7 @@
 #

 #
-# 4.2.2.4 Create and Set Permissions on syslog-ng Log Files (Scored)
+# 4.2.1.4 Create and Set Permissions on syslog-ng Log Files (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh
+++ b/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh
@ -6,7 +6,7 @@
 #

 #
-# 4.2.2.5 Ensure syslog-ng is configured to send logs to a remote log host (Not Scored)
+# 4.2.1.5 Ensure syslog-ng is configured to send logs to a remote log host (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh
+++ b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh
@ -6,7 +6,7 @@
 #

 #
-# 4.2.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts (Not Scored)
+# 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts. (Not Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/4.2.2.2_journald_compress.sh
+++ b/bin/hardening/4.2.2.2_journald_compress.sh
@ -21,7 +21,7 @@ DESCRIPTION="Configure journald to send logs to syslog-ng."
 audit() {
    :
 }
-rsyslog
+
 # This function will be called if the script status is on enabled mode
 apply() {
    :
--- a/bin/hardening/5.2.14_ssh_cry_mac.sh
+++ b/bin/hardening/5.2.14_ssh_cry_mac.sh
@ -2,7 +2,7 @@

 # run-shellcheck
 #
-# CIS Debian 7/8 Hardening
+# CIS Debian Hardening
 #

 #
--- a/bin/hardening/5.2.15_ssh_cry_kex.sh
+++ b/bin/hardening/5.2.15_ssh_cry_kex.sh
@ -2,7 +2,7 @@

 # run-shellcheck
 #
-# CIS Debian 7/8 Hardening
+# CIS Debian Hardening
 #

 #
--- a/bin/hardening/5.2.16_sshd_idle_timeout.sh
+++ b/bin/hardening/5.2.16_sshd_idle_timeout.sh
@ -7,7 +7,6 @@

 #
 # 5.2.16 Ensure SSH Idle Timeout Interval is configured (Scored)
-# FIXME: the implementation of this script doesn't do what it says
 #

 set -e # One error, it's over
--- a/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
+++ b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
@ -6,7 +6,7 @@
 #

 #
-# 5.2.8 Set SSH IgnoreRhosts to Yes (Scored)
+# 5.2.8 Ensure SSH IgnoreRhosts is enabled (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/5.4.1.4_lock_inactive_user_account.sh
+++ b/bin/hardening/5.4.1.4_lock_inactive_user_account.sh
@ -6,7 +6,7 @@
 #

 #
-# 5.4.1.4 Lock Inactive User Accounts (Scored)
+# 5.4.1.4 Ensure inactive password lock is 30 days or less (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/6.1.11_find_unowned_files.sh
+++ b/bin/hardening/6.1.11_find_unowned_files.sh
@ -6,7 +6,7 @@
 #

 #
-# 6.1.11 Ensure no unowned files or directories exist
+# 6.1.11 Ensure no unowned files or directories exist (Scored)
 #

 set -e # One error, it's over
@ -15,7 +15,7 @@ set -u # One variable unset, it's over
 # shellcheck disable=2034
 HARDENING_LEVEL=2
 # shellcheck disable=2034
-DESCRIPTION="Ensure no unowned files or directories exist"
+DESCRIPTION="Ensure no unowned files or directories exist."

 USER='root'
 EXCLUDED=''
--- a/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
+++ b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
@ -6,7 +6,7 @@
 #

 #
-# 6.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File (Scored)
+# 6.2.2 Ensure no legacy "+" entries exist in /etc/passwd (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh
+++ b/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh
@ -6,7 +6,7 @@
 #

 #
-# 6.2.4 Verify No Legacy "+" Entries Exist in /etc/shadow File (Scored)
+# 6.2.4 Ensure no legacy "+" entries exist in /etc/shadow (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/6.2.5_remove_legacy_group_entries.sh
+++ b/bin/hardening/6.2.5_remove_legacy_group_entries.sh
@ -6,7 +6,7 @@
 #

 #
-# 6.2.5 Verify No Legacy "+" Entries Exist in /etc/group File (Scored)
+# 6.2.5 Ensure no legacy "+" entries exist in /etc/group (Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/6.2.8_check_user_dir_perm.sh
+++ b/bin/hardening/6.2.8_check_user_dir_perm.sh
@ -6,7 +6,7 @@
 #

 #
-# 6.2.8 Check Permissions on User Home Directories (Scored)
+# 6.2.8 Ensure users' home directories permissions are 750 or more restrictive (Scored
 #

 set -e # One error, it's over
--- a/bin/hardening/99.1.1.1_disable_cramfs.sh
+++ b/bin/hardening/99.1.1.1_disable_cramfs.sh
@ -6,7 +6,7 @@
 #

 #
-# 99.1.1.1 Disable Mounting of cramfs Filesystems (Not Scored)
+# 99.1.1.1 Ensure mounting of cramfs filesystems is disabled (Not Scored)
 #

 set -e # One error, it's over
--- a/bin/hardening/99.1.3_acc_sudoers_no_all.sh
+++ b/bin/hardening/99.1.3_acc_sudoers_no_all.sh
@ -6,7 +6,7 @@
 #

 #
-# 99.1.3 Checks there are no carte-blanche authorization in sudoers file(s).
+# 99.1.3 Check there are no carte-blanche authorization in sudoers file(s).
 #

 set -e # One error, it's over
--- a/bin/hardening/99.3.3.5_hosts_deny_permissions.sh
+++ b/bin/hardening/99.3.3.5_hosts_deny_permissions.sh
@ -6,7 +6,7 @@
 #

 #
-# 99.3.3.5 Verify Permissions on /etc/hosts.deny (Scored)
+# 99.3.3.5 Verify permissions on /etc/hosts.deny (Scored)
 #

 set -e # One error, it's over