elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-07-03 15:59:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Damcava35/set version (#257)

Browse Source 
* feat: add "--set-version" option

This feature will allow to chose a specific cis version to run, like debian 11 or debian 12

* chore: configure current repository as a version

And use it as default version.

To this end, the scripts in bin/hardening have been made generic by removing the associated recommendation number.
Only impact is if you are used to execute scripts directly from bin/hardening.
In this case, please use the "bin/hardening.sh" wrapper as intended.

I had to rename 2.3.1_disable_nis.sh to uninstall_nis.sh, as it was conflicting with 2.3.1_disable_nis.sh

Also, there was a doublon between 1.1.1.8_disable_cramfs.sh and 99.1.1.1_disable_cramfs.sh ; the former was kept

* chore: remove CIS recommendation numbers from bin/hardening scripts

* fix: some tests are failing

find_ungrouped_files.sh and find_unowned_files.sh tests can not be executed multiple times:
- test repository is not cleaned
- configuration is updated multiple times

Those tests are also failing, because:
- the sed to change the status in the configuration was also changing the test folder path.
- missing /proc in EXCLUDED paths
- the EXCLUDED configuration doesn't have the correct format for egrep

---------

Co-authored-by: Damien Cavagnini <damien.cavagnini@corp.ovh.com>
This commit is contained in:
damcav35
2025-07-01 08:41:55 +02:00
committed by GitHub
parent 99bc575714
commit be33848d81
734 changed files with 557 additions and 339 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
versions/README.md Normal file
View File

@ -0,0 +1,8 @@
Here, we'll add some folders to represent a specific CIS version to use.
Each folder will contains links to adequat scripts
Ex:
debian12/
1.1.1.1_disable_cramfs.sh ->../../bin/hardening/disable_cramfs.sh
1.1.1.2_disable_freevxfs.sh ->../../bin/hardening/disable_freevxfs.sh
etc.

1
versions/default Symbolic link
View File

@ -0,0 +1 @@
ovh_legacy/

1
versions/ovh_legacy/1.1.1.1_disable_freevxfs.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_freevxfs.sh

1
versions/ovh_legacy/1.1.1.2_disable_jffs2.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_jffs2.sh

1
versions/ovh_legacy/1.1.1.3_disable_hfs.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_hfs.sh

1
versions/ovh_legacy/1.1.1.4_disable_hfsplus.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_hfsplus.sh

1
versions/ovh_legacy/1.1.1.5_disable_squashfs.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_squashfs.sh

1
versions/ovh_legacy/1.1.1.6_disable_udf.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_udf.sh

1
versions/ovh_legacy/1.1.1.7_restrict_fat.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/restrict_fat.sh

1
versions/ovh_legacy/1.1.1.8_disable_cramfs.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_cramfs.sh

1
versions/ovh_legacy/1.1.10_var_tmp_noexec.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_tmp_noexec.sh

1
versions/ovh_legacy/1.1.11.1_var_log_noexec.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_log_noexec.sh

1
versions/ovh_legacy/1.1.11.2_var_log_nosuid.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_log_nosuid.sh

1
versions/ovh_legacy/1.1.11.3_var_log_nodev.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_log_nodev.sh

1
versions/ovh_legacy/1.1.11_var_log_partition.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_log_partition.sh

1
versions/ovh_legacy/1.1.12.1_var_log_audit_noexec.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_log_audit_noexec.sh

1
versions/ovh_legacy/1.1.12.2_var_log_audit_nosuid.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_log_audit_nosuid.sh

1
versions/ovh_legacy/1.1.12.3_var_log_audit_nodev.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_log_audit_nodev.sh

1
versions/ovh_legacy/1.1.12_var_log_audit_partition.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_log_audit_partition.sh

1
versions/ovh_legacy/1.1.13_home_partition.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/home_partition.sh

1
versions/ovh_legacy/1.1.14.1_home_nosuid.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/home_nosuid.sh

1
versions/ovh_legacy/1.1.14_home_nodev.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/home_nodev.sh

1
versions/ovh_legacy/1.1.15_run_shm_nodev.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/run_shm_nodev.sh

1
versions/ovh_legacy/1.1.16_run_shm_nosuid.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/run_shm_nosuid.sh

1
versions/ovh_legacy/1.1.17_run_shm_noexec.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/run_shm_noexec.sh

1
versions/ovh_legacy/1.1.18_removable_device_nodev.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/removable_device_nodev.sh

1
versions/ovh_legacy/1.1.19_removable_device_nosuid.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/removable_device_nosuid.sh

1
versions/ovh_legacy/1.1.20_removable_device_noexec.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/removable_device_noexec.sh

1
versions/ovh_legacy/1.1.21_sticky_bit_world_writable_folder.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/sticky_bit_world_writable_folder.sh

1
versions/ovh_legacy/1.1.22_disable_automounting.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_automounting.sh

1
versions/ovh_legacy/1.1.23_disable_usb_storage.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_usb_storage.sh

1
versions/ovh_legacy/1.1.2_tmp_partition.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/tmp_partition.sh

1
versions/ovh_legacy/1.1.3_tmp_nodev.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/tmp_nodev.sh

1
versions/ovh_legacy/1.1.4_tmp_nosuid.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/tmp_nosuid.sh

1
versions/ovh_legacy/1.1.5_tmp_noexec.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/tmp_noexec.sh

1
versions/ovh_legacy/1.1.6.1_var_nodev.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_nodev.sh

1
versions/ovh_legacy/1.1.6.2_var_nosuid.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_nosuid.sh

1
versions/ovh_legacy/1.1.6_var_partition.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_partition.sh

1
versions/ovh_legacy/1.1.7_var_tmp_partition.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_tmp_partition.sh

1
versions/ovh_legacy/1.1.8_var_tmp_nodev.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_tmp_nodev.sh

1
versions/ovh_legacy/1.1.9_var_tmp_nosuid.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/var_tmp_nosuid.sh

1
versions/ovh_legacy/1.3.1_install_sudo.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/install_sudo.sh

1
versions/ovh_legacy/1.3.2_pty_sudo.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/pty_sudo.sh

1
versions/ovh_legacy/1.3.3_logfile_sudo.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/logfile_sudo.sh

1
versions/ovh_legacy/1.4.1_install_tripwire.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/install_tripwire.sh

1
versions/ovh_legacy/1.4.2_tripwire_cron.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/tripwire_cron.sh

1
versions/ovh_legacy/1.5.1_bootloader_ownership.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/bootloader_ownership.sh

1
versions/ovh_legacy/1.5.2_bootloader_password.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/bootloader_password.sh

1
versions/ovh_legacy/1.5.3_root_password.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/root_password.sh

1
versions/ovh_legacy/1.6.1_enable_nx_support.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/enable_nx_support.sh

1
versions/ovh_legacy/1.6.2_enable_randomized_vm_placement.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/enable_randomized_vm_placement.sh

1
versions/ovh_legacy/1.6.3.1_disable_apport.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_apport.sh

1
versions/ovh_legacy/1.6.3_disable_prelink.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_prelink.sh

1
versions/ovh_legacy/1.6.4_restrict_core_dumps.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/restrict_core_dumps.sh

1
versions/ovh_legacy/1.7.1.1_install_apparmor.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/install_apparmor.sh

1
versions/ovh_legacy/1.7.1.2_enable_apparmor.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/enable_apparmor.sh

1
versions/ovh_legacy/1.7.1.3_enforce_or_complain_apparmor.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/enforce_or_complain_apparmor.sh

1
versions/ovh_legacy/1.7.1.4_enforcing_apparmor.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/enforcing_apparmor.sh

1
versions/ovh_legacy/1.8.1.1_remove_os_info_motd.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/remove_os_info_motd.sh

1
versions/ovh_legacy/1.8.1.2_remove_os_info_issue.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/remove_os_info_issue.sh

1
versions/ovh_legacy/1.8.1.3_remove_os_info_issue_net.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/remove_os_info_issue_net.sh

1
versions/ovh_legacy/1.8.1.4_motd_perms.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/motd_perms.sh

1
versions/ovh_legacy/1.8.1.5_etc_issue_perms.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/etc_issue_perms.sh

1
versions/ovh_legacy/1.8.1.6_etc_issue_net_perms.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/etc_issue_net_perms.sh

1
versions/ovh_legacy/1.8.2_graphical_warning_banners.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/graphical_warning_banners.sh

1
versions/ovh_legacy/1.9_install_updates.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/install_updates.sh

1
versions/ovh_legacy/2.1.1_disable_xinetd.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_xinetd.sh

1
versions/ovh_legacy/2.1.2_disable_bsd_inetd.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_bsd_inetd.sh

1
versions/ovh_legacy/2.2.1.1_use_time_sync.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/use_time_sync.sh

1
versions/ovh_legacy/2.2.1.2_configure_systemd-timesyncd.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/configure_systemd-timesyncd.sh

1
versions/ovh_legacy/2.2.1.3_configure_chrony.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/configure_chrony.sh

1
versions/ovh_legacy/2.2.1.4_configure_ntp.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/configure_ntp.sh

1
versions/ovh_legacy/2.2.10_disable_http_server.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_http_server.sh

1
versions/ovh_legacy/2.2.11_disable_imap_pop.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_imap_pop.sh

1
versions/ovh_legacy/2.2.12_disable_samba.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_samba.sh

1
versions/ovh_legacy/2.2.13_disable_http_proxy.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_http_proxy.sh

1
versions/ovh_legacy/2.2.14_disable_snmp_server.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_snmp_server.sh

1
versions/ovh_legacy/2.2.15_mta_localhost.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/mta_localhost.sh

1
versions/ovh_legacy/2.2.16_disable_rsync.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_rsync.sh

1
versions/ovh_legacy/2.2.17_disable_nis.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_nis.sh

1
versions/ovh_legacy/2.2.2_disable_xwindow_system.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_xwindow_system.sh

1
versions/ovh_legacy/2.2.3_disable_avahi_server.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_avahi_server.sh

1
versions/ovh_legacy/2.2.4_disable_print_server.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_print_server.sh

1
versions/ovh_legacy/2.2.5_disable_dhcp.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_dhcp.sh

1
versions/ovh_legacy/2.2.6_disable_ldap.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_ldap.sh

1
versions/ovh_legacy/2.2.7_disable_nfs_rpc.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_nfs_rpc.sh

1
versions/ovh_legacy/2.2.8_disable_dns_server.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_dns_server.sh

1
versions/ovh_legacy/2.2.9_disable_ftp.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_ftp.sh

1
versions/ovh_legacy/2.3.1_disable_nis.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/uninstall_nis.sh

1
versions/ovh_legacy/2.3.2_disable_rsh_client.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_rsh_client.sh

1
versions/ovh_legacy/2.3.3_disable_talk_client.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_talk_client.sh

1
versions/ovh_legacy/2.3.4_disable_telnet_client.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_telnet_client.sh

1
versions/ovh_legacy/2.3.5_disable_ldap_client.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_ldap_client.sh

1
versions/ovh_legacy/3.1.1_disable_ipv6.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_ipv6.sh

1
versions/ovh_legacy/3.1.2_disable_wireless.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_wireless.sh

1
versions/ovh_legacy/3.2.1_disable_send_packet_redirects.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_send_packet_redirects.sh

1
versions/ovh_legacy/3.2.2_disable_ip_forwarding.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_ip_forwarding.sh

1
versions/ovh_legacy/3.3.1_disable_source_routed_packets.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_source_routed_packets.sh

1
versions/ovh_legacy/3.3.2_disable_icmp_redirect.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_icmp_redirect.sh

1
versions/ovh_legacy/3.3.3_disable_secure_icmp_redirect.sh Symbolic link
View File

@ -0,0 +1 @@
../../bin/hardening/disable_secure_icmp_redirect.sh

Some files were not shown because too many files have changed in this diff Show More