mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-22 22:15:24 +01:00
Renum 99.x files to comply with debian10 CIS
This commit is contained in:
parent
87e242a42d
commit
9cbc3f85a9
@ -6,25 +6,93 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 5.4.5 Ensure default user shell timeout is 900 seconds or less (Scored)
|
||||
# 5.4.4 Ensure default usershell timeout is 900 seconds or less
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
set -u # One variable unset, it's over
|
||||
|
||||
# shellcheck disable=2034
|
||||
HARDENING_LEVEL=3
|
||||
USER='root'
|
||||
# shellcheck disable=2034
|
||||
DESCRIPTION="Configure the default user shell timeout."
|
||||
DESCRIPTION="Timeout 600 seconds on tty."
|
||||
|
||||
PATTERN='TMOUT='
|
||||
VALUE='600'
|
||||
FILES_TO_SEARCH='/etc/bash.bashrc /etc/profile.d /etc/profile'
|
||||
FILE='/etc/profile.d/CIS_99.1_timeout.sh'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit() {
|
||||
:
|
||||
SEARCH_RES=0
|
||||
for FILE_SEARCHED in $FILES_TO_SEARCH; do
|
||||
if [ "$SEARCH_RES" = 1 ]; then break; fi
|
||||
if test -d "$FILE_SEARCHED"; then
|
||||
debug "$FILE_SEARCHED is a directory"
|
||||
# shellcheck disable=2044
|
||||
for file_in_dir in $(find "$FILE_SEARCHED" -type f); do
|
||||
does_pattern_exist_in_file "$file_in_dir" "^$PATTERN"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
debug "$PATTERN is not present in $FILE_SEARCHED/$file_in_dir"
|
||||
else
|
||||
ok "$PATTERN is present in $FILE_SEARCHED/$file_in_dir"
|
||||
SEARCH_RES=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
else
|
||||
does_pattern_exist_in_file "$FILE_SEARCHED" "^$PATTERN"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
debug "$PATTERN is not present in $FILE_SEARCHED"
|
||||
else
|
||||
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||
SEARCH_RES=1
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
crit "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply() {
|
||||
:
|
||||
SEARCH_RES=0
|
||||
for FILE_SEARCHED in $FILES_TO_SEARCH; do
|
||||
if [ "$SEARCH_RES" = 1 ]; then break; fi
|
||||
if test -d "$FILE_SEARCHED"; then
|
||||
debug "$FILE_SEARCHED is a directory"
|
||||
# shellcheck disable=2044
|
||||
for file_in_dir in $(find "$FILE_SEARCHED" -type f); do
|
||||
does_pattern_exist_in_file "$FILE_SEARCHED/$file_in_dir" "^$PATTERN"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
debug "$PATTERN is not present in $FILE_SEARCHED/$file_in_dir"
|
||||
else
|
||||
ok "$PATTERN is present in $FILE_SEARCHED/$file_in_dir"
|
||||
SEARCH_RES=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
else
|
||||
does_pattern_exist_in_file "$FILE_SEARCHED" "^$PATTERN"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
debug "$PATTERN is not present in $FILE_SEARCHED"
|
||||
else
|
||||
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||
SEARCH_RES=1
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
warn "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
touch "$FILE"
|
||||
chmod 644 "$FILE"
|
||||
add_end_of_file "$FILE" "$PATTERN$VALUE"
|
||||
add_end_of_file "$FILE" "readonly TMOUT"
|
||||
add_end_of_file "$FILE" "export TMOUT"
|
||||
else
|
||||
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian Hardening /!\ Not in the Guide
|
||||
# CIS Debian Hardening Bonus Check
|
||||
#
|
||||
|
||||
#
|
||||
# 99.2 Disable USB Devices
|
||||
# 99.1.1.23 Disable USB Devices
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Checks there are no carte-blanche authorization in sudoers file(s).
|
||||
# 99.1.3 Checks there are no carte-blanche authorization in sudoers file(s).
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -1,121 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian Hardening /!\ Not in the Guide
|
||||
#
|
||||
|
||||
#
|
||||
# 99.1 Set Timeout on ttys
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
set -u # One variable unset, it's over
|
||||
|
||||
# shellcheck disable=2034
|
||||
USER='root'
|
||||
# shellcheck disable=2034
|
||||
DESCRIPTION="Timeout 600 seconds on tty."
|
||||
|
||||
PATTERN='TMOUT='
|
||||
VALUE='600'
|
||||
FILES_TO_SEARCH='/etc/bash.bashrc /etc/profile.d /etc/profile'
|
||||
FILE='/etc/profile.d/CIS_99.1_timeout.sh'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit() {
|
||||
SEARCH_RES=0
|
||||
for FILE_SEARCHED in $FILES_TO_SEARCH; do
|
||||
if [ "$SEARCH_RES" = 1 ]; then break; fi
|
||||
if test -d "$FILE_SEARCHED"; then
|
||||
debug "$FILE_SEARCHED is a directory"
|
||||
# shellcheck disable=2044
|
||||
for file_in_dir in $(find "$FILE_SEARCHED" -type f); do
|
||||
does_pattern_exist_in_file "$file_in_dir" "^$PATTERN"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
debug "$PATTERN is not present in $FILE_SEARCHED/$file_in_dir"
|
||||
else
|
||||
ok "$PATTERN is present in $FILE_SEARCHED/$file_in_dir"
|
||||
SEARCH_RES=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
else
|
||||
does_pattern_exist_in_file "$FILE_SEARCHED" "^$PATTERN"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
debug "$PATTERN is not present in $FILE_SEARCHED"
|
||||
else
|
||||
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||
SEARCH_RES=1
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
crit "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply() {
|
||||
SEARCH_RES=0
|
||||
for FILE_SEARCHED in $FILES_TO_SEARCH; do
|
||||
if [ "$SEARCH_RES" = 1 ]; then break; fi
|
||||
if test -d "$FILE_SEARCHED"; then
|
||||
debug "$FILE_SEARCHED is a directory"
|
||||
# shellcheck disable=2044
|
||||
for file_in_dir in $(find "$FILE_SEARCHED" -type f); do
|
||||
does_pattern_exist_in_file "$FILE_SEARCHED/$file_in_dir" "^$PATTERN"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
debug "$PATTERN is not present in $FILE_SEARCHED/$file_in_dir"
|
||||
else
|
||||
ok "$PATTERN is present in $FILE_SEARCHED/$file_in_dir"
|
||||
SEARCH_RES=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
else
|
||||
does_pattern_exist_in_file "$FILE_SEARCHED" "^$PATTERN"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
debug "$PATTERN is not present in $FILE_SEARCHED"
|
||||
else
|
||||
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||
SEARCH_RES=1
|
||||
fi
|
||||
fi
|
||||
done
|
||||
if [ "$SEARCH_RES" = 0 ]; then
|
||||
warn "$PATTERN is not present in $FILES_TO_SEARCH"
|
||||
touch "$FILE"
|
||||
chmod 644 "$FILE"
|
||||
add_end_of_file "$FILE" "$PATTERN$VALUE"
|
||||
add_end_of_file "$FILE" "readonly TMOUT"
|
||||
add_end_of_file "$FILE" "export TMOUT"
|
||||
else
|
||||
ok "$PATTERN is present in $FILES_TO_SEARCH"
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
}
|
||||
|
||||
# Source Root Dir Parameter
|
||||
if [ -r /etc/default/cis-hardening ]; then
|
||||
# shellcheck source=../../debian/default
|
||||
. /etc/default/cis-hardening
|
||||
fi
|
||||
if [ -z "$CIS_ROOT_DIR" ]; then
|
||||
echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
|
||||
echo "Cannot source CIS_ROOT_DIR variable, aborting."
|
||||
exit 128
|
||||
fi
|
||||
|
||||
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
|
||||
if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
|
||||
# shellcheck source=../../lib/main.sh
|
||||
. "$CIS_ROOT_DIR"/lib/main.sh
|
||||
else
|
||||
echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
|
||||
exit 128
|
||||
fi
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# 2.2.18 Ensure telnet server is not enabled (Scored)
|
||||
# 99.2.2 Ensure telnet server is not enabled (Scored)
|
||||
#
|
||||
|
||||
# Note: this check is not anymore in CIS hardening but we decided to keep it anyway
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian Hardening
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian Hardening
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian Hardening
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian Hardening
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian Hardening
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian Hardening
|
||||
# CIS Debian Hardening Bonus Check
|
||||
#
|
||||
|
||||
#
|
||||
# 8.0 Ensure CONFIG_AUDIT is enabled in your running kernel
|
||||
# 99.4.0 Ensure CONFIG_AUDIT is enabled in your running kernel
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Ensure that sshd only allows authentication through public key.
|
||||
# 99.5.2.1 Ensure that sshd only allows authentication through public key.
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -3,11 +3,11 @@
|
||||
# run-shellcheck
|
||||
|
||||
#
|
||||
# CIS Debian 7/8 Hardening
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
# Checking rekey limit for time (6 hours) or volume (512Mio) whichever comes first.
|
||||
# 99.5.2.2 Checking rekey limit for time (6 hours) or volume (512Mio) whichever comes first.
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Check all special features in sshd_config are disabled
|
||||
# 99.5.2.3 Check all special features in sshd_config are disabled
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Check <from> field in ssh authorized keys files for users with login shell, and bastions IP if available.
|
||||
# 99.5.2.4 Check <from> field in ssh authorized keys files for users with login shell, and bastions IP if available.
|
||||
#
|
||||
|
||||
set -e # One error, it is over
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Ensure home directory and ssh sensitive files are verified (not publicly readable) before connecting.
|
||||
# 99.5.2.5 Ensure home directory and ssh sensitive files are verified (not publicly readable) before connecting.
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -2,11 +2,11 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian 7/8 Hardening
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
# Restrict which user's variables are accepted by ssh daemon
|
||||
# 99.5.2.6 Restrict which user's variables are accepted by ssh daemon
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -1,12 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
# run-shellcheck
|
||||
# CIS Debian 7 Hardening
|
||||
#
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
# Ensure that legacy services rlogin, rlogind and rcp are disabled and not installed
|
||||
# 99.5.2.7 Ensure that legacy services rlogin, rlogind and rcp are disabled and not installed
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
set -u # One variable unset, it's over
|
||||
|
@ -2,11 +2,11 @@
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian 7/8 Hardening
|
||||
# Legacy CIS Debian Hardening
|
||||
#
|
||||
|
||||
#
|
||||
# Check UsePrivilegeSeparation set to sandbox.
|
||||
# 99.5.2.8 Check UsePrivilegeSeparation set to sandbox.
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Check that any password that may exist in /etc/shadow is SHA512 hashed and salted
|
||||
# 99.5.4.5.1 Check that any password that may exist in /etc/shadow is SHA512 hashed and salted
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
#
|
||||
# Check that any password that may exist in /etc/shadow is SHA512 hashed and salted
|
||||
# 99.5.4.5.2 Check that any password that may exist in /etc/shadow is SHA512 hashed and salted
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
@ -1,98 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# run-shellcheck
|
||||
#
|
||||
# CIS Debian 7/8 Hardening
|
||||
#
|
||||
|
||||
#
|
||||
# SSH log level is set to VERBOSE
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
set -u # One variable unset, it's over
|
||||
|
||||
# shellcheck disable=2034
|
||||
DESCRIPTION="SSH log level is set to VERBOSE"
|
||||
# shellcheck disable=2034
|
||||
HARDENING_LEVEL=2
|
||||
|
||||
PACKAGE='openssh-server'
|
||||
OPTIONS='LogLevel=VERBOSE'
|
||||
FILE='/etc/ssh/sshd_config'
|
||||
|
||||
# This function will be called if the script status is on enabled / audit mode
|
||||
audit() {
|
||||
is_pkg_installed "$PACKAGE"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
crit "$PACKAGE is not installed!"
|
||||
else
|
||||
ok "$PACKAGE is installed"
|
||||
for SSH_OPTION in $OPTIONS; do
|
||||
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
|
||||
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
|
||||
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
|
||||
does_pattern_exist_in_file_nocase "$FILE" "$PATTERN"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$PATTERN is present in $FILE"
|
||||
else
|
||||
crit "$PATTERN is not present in $FILE"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
# This function will be called if the script status is on enabled mode
|
||||
apply() {
|
||||
is_pkg_installed "$PACKAGE"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$PACKAGE is installed"
|
||||
else
|
||||
crit "$PACKAGE is absent, installing it"
|
||||
apt_install "$PACKAGE"
|
||||
fi
|
||||
for SSH_OPTION in $OPTIONS; do
|
||||
SSH_PARAM=$(echo "$SSH_OPTION" | cut -d= -f 1)
|
||||
SSH_VALUE=$(echo "$SSH_OPTION" | cut -d= -f 2)
|
||||
PATTERN="^${SSH_PARAM}[[:space:]]*$SSH_VALUE"
|
||||
does_pattern_exist_in_file_nocase "$FILE" "$PATTERN"
|
||||
if [ "$FNRET" = 0 ]; then
|
||||
ok "$PATTERN is present in $FILE"
|
||||
else
|
||||
warn "$PATTERN is not present in $FILE, adding it"
|
||||
does_pattern_exist_in_file_nocase "$FILE" "^${SSH_PARAM}"
|
||||
if [ "$FNRET" != 0 ]; then
|
||||
add_end_of_file "$FILE" "$SSH_PARAM $SSH_VALUE"
|
||||
else
|
||||
info "Parameter $SSH_PARAM is present but with the wrong value -- Fixing"
|
||||
replace_in_file "$FILE" "^${SSH_PARAM}[[:space:]]*.*" "$SSH_PARAM $SSH_VALUE"
|
||||
fi
|
||||
/etc/init.d/ssh reload >/dev/null 2>&1
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# This function will check config parameters required
|
||||
check_config() {
|
||||
:
|
||||
}
|
||||
|
||||
# Source Root Dir Parameter
|
||||
if [ -r /etc/default/cis-hardening ]; then
|
||||
# shellcheck source=../../debian/default
|
||||
. /etc/default/cis-hardening
|
||||
fi
|
||||
if [ -z "$CIS_ROOT_DIR" ]; then
|
||||
echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
|
||||
echo "Cannot source CIS_ROOT_DIR variable, aborting."
|
||||
exit 128
|
||||
fi
|
||||
|
||||
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
|
||||
if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then
|
||||
# shellcheck source=../../lib/main.sh
|
||||
. "$CIS_ROOT_DIR"/lib/main.sh
|
||||
else
|
||||
echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
|
||||
exit 128
|
||||
fi
|
@ -7,5 +7,14 @@ test_audit() {
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
echo "TMOUT=600" >/etc/profile.d/CIS_99.1_timeout.sh
|
||||
|
||||
describe compliant
|
||||
register_test retvalshouldbe 0
|
||||
run compliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
|
||||
# Cleanup
|
||||
rm /etc/profile.d/CIS_99.1_timeout.sh
|
||||
}
|
||||
|
@ -1,20 +0,0 @@
|
||||
# shellcheck shell=bash
|
||||
# run-shellcheck
|
||||
test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
echo "TMOUT=600" >/etc/profile.d/CIS_99.1_timeout.sh
|
||||
|
||||
describe compliant
|
||||
register_test retvalshouldbe 0
|
||||
run compliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
|
||||
# Cleanup
|
||||
rm /etc/profile.d/CIS_99.1_timeout.sh
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
# shellcheck shell=bash
|
||||
# run-shellcheck
|
||||
test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "openssh-server is installed"
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
describe Correcting situation
|
||||
# `apply` performs a service reload after each change in the config file
|
||||
# the service needs to be started for the reload to succeed
|
||||
service ssh start
|
||||
# if the audit script provides "apply" option, enable and run it
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "[ OK ] ^LogLevel[[:space:]]*VERBOSE is present in /etc/ssh/sshd_config"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
}
|
Loading…
Reference in New Issue
Block a user