d014405e1f
FIX: add becho to send batch output to syslog too
...
becho stands for batch echo
formats the log line for syslog
Also logs audit summary into syslog (in batch mode only)
2019-02-06 17:25:16 +01:00
6cea326921
Update debian 7/8/9 in help files and remove in generic scripts
2019-02-06 15:19:14 +01:00
71b70a2b8c
FEAT: Add sudo_wrapper to catch unauthorized sudo commands
...
As for now, if a sudo command was not allowed, check might sometimes
pass, resulting compliant state even if it actually is not.
Sudo wrapper first checks wether command is allowed before running it,
otherwise issues a crit message, setting check as not compliant
Fix script to make sudo_wrapper work, split "find" lines
Fix quotes in $@ and $* when running sudo command
Fixed quotes and curly braces with shellcheck report
2018-03-16 12:06:56 +01:00
67df4da781
Adding batch mode to output just one line of text (no colors) in order to be parsed by computer tools
...
Adding DESCRIPTION field in tests and [INFO] DESCRIPTION in main
Update README with --batch mode info
Add --batch mode in hardening.sh
Change summary to make it oneliner when batch mode
AUDIT_SUMMARY PASSED_CHECKS:95 RUN_CHECKS:191 TOTAL_CHECKS_AVAIL:191 CONFORMITY_PERCENTAGE:49.74
2017-10-31 17:44:15 +01:00
b1f85d3f99
Add sudo management in main and utils
...
* perform readonly checks as a regular user
* sudo -n is used for checks requiring root privileges
* increase accountability by providing log of individual access to sensitive files
2017-11-09 15:45:42 +01:00
676b17c54f
add hardening templating and several enhancements
2017-05-18 18:40:09 +02:00
2ef500298b
Merge pull request #11 from speed47/dev/fix_does_pattern_exist_in_file
...
handle ENOENT properly in does_pattern_exist_in_file()
2017-05-19 18:30:21 +02:00
3e0187094a
handle ENOENT properly in does_pattern_exist_in_file\(\)
2017-05-18 18:31:24 +02:00
cca0310d64
set a fixed-size prefix for logger
2017-05-18 18:27:02 +02:00
53626bd926
Remove test on _logger() function
...
the original line contain test that can hide echo if we launch script with pipe or IO redirection
2016-05-14 20:39:32 +02:00
e902c9b4c8
Fixed replace in file function with proper substitution
2016-05-03 11:25:37 +02:00
1479332870
debian dependencies fix, rephrasing, revision bump 1.0-8.
2016-04-25 15:15:49 +02:00
ed410747df
Rephrase confusing messages
2016-04-21 18:32:36 +02:00
3ece442743
Added exit code to CIS_ROOT_DIR test def, optimized sed and sort
2016-04-20 11:29:44 +02:00
8d84f38c97
add --audit-all option
2016-04-19 19:26:04 +02:00
b2d3ed937e
Corrected script names, added License, Completed README and corrected bug with too long logger messages
2016-04-19 09:31:01 +02:00
b1b96cf4e3
log format correction, loglevel defaults to info
2016-04-18 14:01:03 +02:00
e79a03095c
All configuration defaults to disabled README updated
2016-04-18 13:19:46 +02:00
628fe96666
Fixed disabled features, headers and preparing main script
2016-04-17 23:19:41 +02:00
fa98efc32b
Added argument parsing and test checks
2016-04-17 23:10:47 +02:00
fb9bf542a1
13.1_remove_empty_password_field.sh 13.2_remove_legacy_passwd_entries.sh 13.3_remove_legacy_shadow_entries.sh 13.4_remove_legacy_group_entries.sh 13.5_find_0_uid_non_root_account.sh 13.6_sanitize_root_path.sh
2016-04-16 17:25:48 +02:00
82a7b05a05
10.5_lock_inactive_user_account.sh 11.1_warning_banners.sh 11.2_remove_os_info_warning_banners.sh 11.3_graphical_warning_banners.sh
2016-04-15 23:38:48 +02:00
823cd217a0
9.2.1_enable_cracklib.sh 9.2.2_enable_lockout_failed_password.sh 9.2.3_limit_password_reuse.sh 9.3.10_disable_sshd_setenv.sh 9.3.11_sshd_ciphers.sh 9.3.12_sshd_idle_timeout.sh 9.3.13_sshd_limit_access.sh 9.3.14_ssh_banner.sh 9.3.2_sshd_loglevel.sh 9.3.1_sshd_protocol.sh 9.3.3_sshd_conf_perm_ownership.sh 9.3.4_disable_x11_forwarding.sh 9.3.5_sshd_maxauthtries.sh 9.3.6_enable_sshd_ignorerhosts.sh 9.3.7_disable_sshd_hostbasedauthentication.sh 9.3.8_disable_root_login.sh 9.3.9_disable_sshd_permitemptypasswords.sh
2016-04-15 14:24:45 +02:00
d373b6f937
8.2.5_syslog-ng_remote_host.sh 8.2.6_remote_syslog-ng_acl.sh 8.3.1_install_tripwire.sh
2016-04-14 22:47:34 +02:00
f0bff32503
8.2.1_install_syslog-ng.sh 8.2.2_enable_syslog-ng.sh 8.2.3_configure_syslog-ng.sh 8.2.4_set_logfile_perm.sh
2016-04-14 17:55:14 +02:00
0ce0b23dc8
8.1.4_record_date_time_edit.sh 8.1.5_record_user_group_edit.sh
2016-04-14 14:07:00 +02:00
127d3e9124
8.1.1.3_keep_all_audit_logs.sh 8.1.3_audit_bootloader.sh
2016-04-14 13:11:56 +02:00
df51ac5bcb
7.3.1_disable_ipv6_router_advertisement.sh
2016-04-13 17:41:10 +02:00
1843d1a67b
7.1.1_disable_ip_forwarding.sh 7.1.2_disable_send_packet_redirects.sh
2016-04-13 14:54:35 +02:00
bec4ccd7da
6.16_disable_rsync.sh
2016-04-13 14:12:57 +02:00
4d5ccf1f58
6.2_disable_avahi_server.sh 6.3_disable_print_server.sh 6.4_disable_dhcp.sh 6.5_configure_ntp.sh 6.6_diable_ldap.sh 6.7_disable_nfs_rpc.sh 6.8_disable_dns_server.sh
2016-04-12 11:21:36 +02:00
db7b85ceed
4.2_enable_nx_support.sh 4.3_enable_randomized_vm_placement.sh 4.4_disable_prelink.sh 4.5_enable_apparmor.sh 5.1.1_disable_nis.sh
2016-04-11 16:53:57 +02:00
1bacb6c2ff
4.1_restrict_core_dumps.sh
2016-04-11 14:55:42 +02:00
f2a979e24c
3.2_bootloader_permissions.sh 3.3_bootloader_password.sh
2016-04-11 11:38:50 +02:00
d44a8eb440
3.1_bootloader_ownership.sh fix
2016-04-11 08:55:44 +02:00
91d6ba3fdd
3.1_bootloader_ownership.sh
2016-04-07 08:43:37 +02:00
31454e394d
2.25_disable_automounting.sh
2016-04-07 07:46:44 +02:00
a22c47c97d
2.19_disable_freevxfs.sh 2.20_disable_jffs2.sh 2.21_disable_hfs.sh 2.22_disable_hfsplus.sh 2.23_disable_squashfs.sh 2.24_disable_udf.sh
2016-04-07 07:22:04 +02:00
b87e9a6f14
2.18_disable_cramfs.sh
2016-04-07 06:56:14 +02:00
b079798e62
2.2_tmp_nodev.sh
2016-04-04 15:05:10 +02:00
5effa3335e
2.1 Tmp Partition
2016-04-04 13:32:58 +02:00
6aa74d6188
1.1 Install updates
2016-04-04 11:23:03 +02:00
1a41e2f592
skeleton
2016-04-01 16:48:31 +02:00
08da17be24
hardening : building basic configuration
2016-04-01 09:52:39 +02:00
9a5e962cd4
Added basic Configuration files and skeleton scripts
2016-04-01 09:32:17 +02:00
754cf6fd1d
Initial Commit Basic folders
2016-04-01 07:50:08 +02:00
