Commit Graph

382 Commits

Author SHA1 Message Date
0204bb0942 IMP(shellcheck): fix docker shellcheck with new options 2020-12-21 11:43:02 +01:00
6e0b47ab8f Rename files, fix permissions of tests 2020-12-21 11:21:32 +01:00
5c40d48f85 IMP: add utils to check perm in authorized perm 2020-12-21 10:39:44 +01:00
a2adf0f15c ADD(6.1.3, 6.1.6-9): add new checks
Renamed some checks, add new checks that check permissions and ownership on /etc/passwd, /etc/shadow, ...
Add new function in utils that checks that check that the file ownership is one of the authrized ownership.

	renamed:    bin/hardening/6.1.5_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
	new file:   bin/hardening/6.1.3_etc_gshadow-_permissions.sh
	renamed:    bin/hardening/6.1.6_etc_shadow_permissions.sh -> bin/hardening/6.1.4_etc_shadow_permissions.sh
	renamed:    bin/hardening/6.1.7_etc_group_permissions.sh -> bin/hardening/6.1.5_etc_group_permissions.sh
	new file:   bin/hardening/6.1.6_etc_passwd-_permissions.sh
	new file:   bin/hardening/6.1.7_etc_shadow-_permissions.sh
	new file:   bin/hardening/6.1.8_etc_group-_permissions.sh
	new file:   bin/hardening/6.1.9_etc_gshadow_permissions.sh
	modified:   lib/utils.sh
	renamed:    tests/hardening/6.1.5_etc_passwd_permissions.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
	new file:   tests/hardening/6.1.3_etc_gshadow-_permissions.sh
	renamed:    tests/hardening/6.1.6_etc_shadow_permissions.sh -> tests/hardening/6.1.4_etc_shadow_permissions.sh
	renamed:    tests/hardening/6.1.7_etc_group_permissions.sh -> tests/hardening/6.1.5_etc_group_permissions.sh
	new file:   tests/hardening/6.1.6_etc_passwd-_permissions.sh
	new file:   tests/hardening/6.1.7_etc_shadow-_permissions.sh
	new file:   tests/hardening/6.1.8_etc_group-_permissions.sh
	new file:   tests/hardening/6.1.9_etc_gshadow_permissions.sh
2020-12-21 10:02:52 +01:00
233f75023a FIX(4.1.17): fix typo leading to false positive v2.1-6 2021-01-04 08:15:39 +01:00
3560f67e3f Update changelog v2.1-5 2020-12-14 16:56:09 +01:00
f4ba90352b IMP(shellcheck): replace ls parsing by stat 2020-12-14 16:14:37 +01:00
cdaee7786a IMP(shellcheck) refactor new line (SC1004) 2020-12-14 16:09:14 +01:00
13a070319b IMP(6.2.13): fix race condition 2020-12-14 15:11:33 +01:00
65bdb42eb3 IMP(shellcheck): replace ls by find (SC2045) 2020-12-14 15:08:18 +01:00
0c16e500f5 IMP(shellcheck): replace ls in loop by glob (SC2045) 2020-12-14 14:45:38 +01:00
fad8e8c1f1 IMP(shellcheck): disable quoting warning for find 2020-12-14 14:28:27 +01:00
2ab1bd50dc IMP(shellcheck): use $@ insetad of $* (SC2048) 2020-12-14 13:58:50 +01:00
db27cfc39c FIX: move shfmt to project root 2020-12-10 10:00:07 +01:00
dee0ebc821 IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
16cc2bef71 IMP(shellcheck): fix harmless warnings (SC2155) 2020-12-10 08:40:36 +01:00
b9e129d8fe IMP(shellcheck): disable sed replacement (SC2001)
Shellcheck recommands to replace sed by shell expansions in 'simple' cases.
However, the replacement here is likely to lead to erros, so we disable this rule.
Moreover, it does'nt really add readability.
2020-12-10 08:34:57 +01:00
36528b55e0 IMP(shellcheck): replace deprecated egrep (SC2196) 2020-12-10 08:20:26 +01:00
1c56bd9930 IMP(shellcheck): remove $() in if condition (SC2091) 2020-12-10 08:16:23 +01:00
99ac9339f4 IMP: change apt in apt-get 2020-12-07 17:16:19 +01:00
b09b75a51e IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
6826f377e6 IMP(shellcheck): quote variables (SC2086) 2020-12-07 16:49:11 +01:00
e2f7426664 IMP(shellcheck): quoting variables 2020-12-07 15:53:14 +01:00
ac66cdacd0 IMP(shellcheck): fix quote placement in awk (SC1083) 2020-12-07 15:01:22 +01:00
8012234096 IMP(shellcheck): fix harmless warnings 2020-12-07 14:53:10 +01:00
63835dd10c IMP(shellcheck): add curly bracket to var (SC1087) 2020-12-07 13:54:57 +01:00
ef800954f4 IMP(shellcheck): refactor continue (SC2104) 2020-12-07 13:32:14 +01:00
addd48c4dd IMP(shellcheck): add prefix to follow scripts (SC1090) 2020-12-07 13:26:51 +01:00
72bb3e2b84 IMP(shellcheck): replace -a in condition by && (SC2166) 2020-12-04 15:29:19 +01:00
d371b8d057 IMP(shellcheck): replace ! -z by -n (SC2236) 2020-12-04 15:14:18 +01:00
eaf56ca25e IMP(shellcheck): quote variables (SC2086) 2020-12-04 15:04:22 +01:00
106fa5fc8a Update changelog v2.1-4 2020-12-04 14:24:34 +01:00
3a342b784a IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
bc1aa65b91 IMP(shellcheck): quote variable in tests (SC2086) 2020-11-30 13:05:41 +01:00
dba1dae963 IMP(shellcheck): quoting harmless variables (SC2086) 2020-11-27 09:29:11 +01:00
4add6ddc33 IMP(shellcheck): add prefix to define shell (SC2148) 2020-11-27 09:22:47 +01:00
c17d04ecc2 IMP(shellcheck): comply with shellcheck rules
I added shellcheck prefixes to fix:
 * SC1091 (following sourced files)
 * SC2034 (unused variables)
2020-11-27 09:18:00 +01:00
cccc0881e9 IMP(shellcheck): add run-shellcheck prefix 2020-11-23 17:10:37 +01:00
9c3aa51982 Update changelog v2.1-3 2020-11-30 15:16:36 +01:00
b994ca11a7 FIX(main): fix small bug in main
The bug (introduced in 2.1-2) leaded to an error in the test that evaluates forcedstatus
2020-11-30 15:10:39 +01:00
f4e0aafacc IMP(5.2.3): fix possible permissions for 5.2.3 2020-11-30 14:27:20 +01:00
d40a85085d FIX: fix issue, we had to run audit twice
First one as root to create conf files with good owner and permissions, and then with secaudit.
Now first run with --create-config-files-only and the normally with --audit.
v2.1-2
2020-11-20 10:05:14 +01:00
467e5f178c fixup! IMP(4.5): rename to 1.6.1.2 improve test v2.1-1 2020-11-17 13:02:02 +01:00
d244a2e810 fixup! IMP(4.5): rename to 1.6.1.2 improve test 2020-11-17 12:56:10 +01:00
84bff4ac88 fixup! Move to most recent docker image for buster 2020-11-16 17:07:08 +01:00
d640a467e2 fixup! IMP(4.1.x): add tests for each checks 2020-11-16 16:54:51 +01:00
9bfb7efca1 Update changelog 2020-11-16 16:39:47 +01:00
7b8cca20d6 FIX(4.1.1.2): fix auditd apply 2020-11-09 11:48:48 +01:00
a6de243808 Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant 2020-11-09 09:00:34 +01:00
7e8c976722 Add disclaimer when checks don't require comprehensive checks
modified:   tests/hardening/1.1.1.1_disable_freevxfs.sh
	modified:   tests/hardening/1.1.1.2_disable_jffs2.sh
	modified:   tests/hardening/1.1.1.3_disable_hfs.sh
	modified:   tests/hardening/1.1.1.4_disable_hfsplus.sh
	modified:   tests/hardening/1.1.1.5_disable_udf.sh
	modified:   tests/hardening/1.1.1.6_disable_cramfs.sh
	modified:   tests/hardening/1.1.1.7_disable_squashfs.sh
	modified:   tests/hardening/1.1.10_var_tmp_noexec.sh
	modified:   tests/hardening/1.1.11_var_log_partition.sh
	modified:   tests/hardening/1.1.12_var_log_audit_partition.sh
	modified:   tests/hardening/1.1.13_home_partition.sh
	modified:   tests/hardening/1.1.14_home_nodev.sh
	modified:   tests/hardening/1.1.18_removable_device_nodev.sh
	modified:   tests/hardening/1.1.19_removable_device_nosuid.sh
	modified:   tests/hardening/1.1.20_removable_device_noexec.sh
	modified:   tests/hardening/1.1.2_tmp_partition.sh
	modified:   tests/hardening/1.1.3_tmp_nodev.sh
	modified:   tests/hardening/1.1.4_tmp_nosuid.sh
	modified:   tests/hardening/1.1.5_tmp_noexec.sh
	modified:   tests/hardening/1.1.6_var_partition.sh
	modified:   tests/hardening/1.1.7_var_tmp_partition.sh
	modified:   tests/hardening/1.1.8_var_tmp_nodev.sh
	modified:   tests/hardening/1.1.9_var_tmp_nosuid.sh
	modified:   tests/hardening/1.8_install_updates.sh
	modified:   tests/hardening/2.2.10_disable_http_server.sh
	modified:   tests/hardening/2.2.11_disable_imap_pop.sh
	modified:   tests/hardening/2.2.12_disable_samba.sh
	modified:   tests/hardening/2.2.13_disable_http_proxy.sh
	modified:   tests/hardening/2.2.14_disable_snmp_server.sh
	modified:   tests/hardening/2.2.2_disable_xwindow_system.sh
	modified:   tests/hardening/2.2.3_disable_avahi_server.sh
	modified:   tests/hardening/2.2.4_disable_print_server.sh
	modified:   tests/hardening/2.2.5_disable_dhcp.sh
	modified:   tests/hardening/2.2.6_disable_ldap.sh
	modified:   tests/hardening/2.2.7_disable_nfs_rpc.sh
	modified:   tests/hardening/2.2.8_disable_dns_server.sh
	modified:   tests/hardening/2.2.9_disable_ftp.sh
	modified:   tests/hardening/2.3.1_disable_nis.sh
	modified:   tests/hardening/2.3.2_disable_rsh_client.sh
	modified:   tests/hardening/2.3.3_disable_talk_client.sh
	modified:   tests/hardening/2.3.4_telnet_client_not_installed.sh
	modified:   tests/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 16:20:10 +01:00