0204bb0942
IMP(shellcheck): fix docker shellcheck with new options
2020-12-21 11:43:02 +01:00
6e0b47ab8f
Rename files, fix permissions of tests
2020-12-21 11:21:32 +01:00
5c40d48f85
IMP: add utils to check perm in authorized perm
2020-12-21 10:39:44 +01:00
a2adf0f15c
ADD(6.1.3, 6.1.6-9): add new checks
...
Renamed some checks, add new checks that check permissions and ownership on /etc/passwd, /etc/shadow, ...
Add new function in utils that checks that check that the file ownership is one of the authrized ownership.
renamed: bin/hardening/6.1.5_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
new file: bin/hardening/6.1.3_etc_gshadow-_permissions.sh
renamed: bin/hardening/6.1.6_etc_shadow_permissions.sh -> bin/hardening/6.1.4_etc_shadow_permissions.sh
renamed: bin/hardening/6.1.7_etc_group_permissions.sh -> bin/hardening/6.1.5_etc_group_permissions.sh
new file: bin/hardening/6.1.6_etc_passwd-_permissions.sh
new file: bin/hardening/6.1.7_etc_shadow-_permissions.sh
new file: bin/hardening/6.1.8_etc_group-_permissions.sh
new file: bin/hardening/6.1.9_etc_gshadow_permissions.sh
modified: lib/utils.sh
renamed: tests/hardening/6.1.5_etc_passwd_permissions.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
new file: tests/hardening/6.1.3_etc_gshadow-_permissions.sh
renamed: tests/hardening/6.1.6_etc_shadow_permissions.sh -> tests/hardening/6.1.4_etc_shadow_permissions.sh
renamed: tests/hardening/6.1.7_etc_group_permissions.sh -> tests/hardening/6.1.5_etc_group_permissions.sh
new file: tests/hardening/6.1.6_etc_passwd-_permissions.sh
new file: tests/hardening/6.1.7_etc_shadow-_permissions.sh
new file: tests/hardening/6.1.8_etc_group-_permissions.sh
new file: tests/hardening/6.1.9_etc_gshadow_permissions.sh
2020-12-21 10:02:52 +01:00
233f75023a
FIX(4.1.17): fix typo leading to false positive
v2.1-6
2021-01-04 08:15:39 +01:00
3560f67e3f
Update changelog
v2.1-5
2020-12-14 16:56:09 +01:00
f4ba90352b
IMP(shellcheck): replace ls parsing by stat
2020-12-14 16:14:37 +01:00
cdaee7786a
IMP(shellcheck) refactor new line (SC1004)
2020-12-14 16:09:14 +01:00
13a070319b
IMP(6.2.13): fix race condition
2020-12-14 15:11:33 +01:00
65bdb42eb3
IMP(shellcheck): replace ls by find (SC2045)
2020-12-14 15:08:18 +01:00
0c16e500f5
IMP(shellcheck): replace ls in loop by glob (SC2045)
2020-12-14 14:45:38 +01:00
fad8e8c1f1
IMP(shellcheck): disable quoting warning for find
2020-12-14 14:28:27 +01:00
2ab1bd50dc
IMP(shellcheck): use $@ insetad of $* (SC2048)
2020-12-14 13:58:50 +01:00
db27cfc39c
FIX: move shfmt to project root
2020-12-10 10:00:07 +01:00
dee0ebc821
IMP(shellcheck): quote variables
2020-12-10 09:50:33 +01:00
16cc2bef71
IMP(shellcheck): fix harmless warnings (SC2155)
2020-12-10 08:40:36 +01:00
b9e129d8fe
IMP(shellcheck): disable sed replacement (SC2001)
...
Shellcheck recommands to replace sed by shell expansions in 'simple' cases.
However, the replacement here is likely to lead to erros, so we disable this rule.
Moreover, it does'nt really add readability.
2020-12-10 08:34:57 +01:00
36528b55e0
IMP(shellcheck): replace deprecated egrep (SC2196)
2020-12-10 08:20:26 +01:00
1c56bd9930
IMP(shellcheck): remove $() in if condition (SC2091)
2020-12-10 08:16:23 +01:00
99ac9339f4
IMP: change apt in apt-get
2020-12-07 17:16:19 +01:00
b09b75a51e
IMP(shellcheck): quote variables (SC2086)
2020-12-07 17:11:32 +01:00
6826f377e6
IMP(shellcheck): quote variables (SC2086)
2020-12-07 16:49:11 +01:00
e2f7426664
IMP(shellcheck): quoting variables
2020-12-07 15:53:14 +01:00
ac66cdacd0
IMP(shellcheck): fix quote placement in awk (SC1083)
2020-12-07 15:01:22 +01:00
8012234096
IMP(shellcheck): fix harmless warnings
2020-12-07 14:53:10 +01:00
63835dd10c
IMP(shellcheck): add curly bracket to var (SC1087)
2020-12-07 13:54:57 +01:00
ef800954f4
IMP(shellcheck): refactor continue (SC2104)
2020-12-07 13:32:14 +01:00
addd48c4dd
IMP(shellcheck): add prefix to follow scripts (SC1090)
2020-12-07 13:26:51 +01:00
72bb3e2b84
IMP(shellcheck): replace -a in condition by && (SC2166)
2020-12-04 15:29:19 +01:00
d371b8d057
IMP(shellcheck): replace ! -z by -n (SC2236)
2020-12-04 15:14:18 +01:00
eaf56ca25e
IMP(shellcheck): quote variables (SC2086)
2020-12-04 15:04:22 +01:00
106fa5fc8a
Update changelog
v2.1-4
2020-12-04 14:24:34 +01:00
3a342b784a
IMP(shfmt): add shell formatter
2020-12-04 14:08:01 +01:00
bc1aa65b91
IMP(shellcheck): quote variable in tests (SC2086)
2020-11-30 13:05:41 +01:00
dba1dae963
IMP(shellcheck): quoting harmless variables (SC2086)
2020-11-27 09:29:11 +01:00
4add6ddc33
IMP(shellcheck): add prefix to define shell (SC2148)
2020-11-27 09:22:47 +01:00
c17d04ecc2
IMP(shellcheck): comply with shellcheck rules
...
I added shellcheck prefixes to fix:
* SC1091 (following sourced files)
* SC2034 (unused variables)
2020-11-27 09:18:00 +01:00
cccc0881e9
IMP(shellcheck): add run-shellcheck prefix
2020-11-23 17:10:37 +01:00
9c3aa51982
Update changelog
v2.1-3
2020-11-30 15:16:36 +01:00
b994ca11a7
FIX(main): fix small bug in main
...
The bug (introduced in 2.1-2) leaded to an error in the test that evaluates forcedstatus
2020-11-30 15:10:39 +01:00
f4e0aafacc
IMP(5.2.3): fix possible permissions for 5.2.3
2020-11-30 14:27:20 +01:00
d40a85085d
FIX: fix issue, we had to run audit twice
...
First one as root to create conf files with good owner and permissions, and then with secaudit.
Now first run with --create-config-files-only and the normally with --audit.
v2.1-2
2020-11-20 10:05:14 +01:00
467e5f178c
fixup! IMP(4.5): rename to 1.6.1.2 improve test
v2.1-1
2020-11-17 13:02:02 +01:00
d244a2e810
fixup! IMP(4.5): rename to 1.6.1.2 improve test
2020-11-17 12:56:10 +01:00
84bff4ac88
fixup! Move to most recent docker image for buster
2020-11-16 17:07:08 +01:00
d640a467e2
fixup! IMP(4.1.x): add tests for each checks
2020-11-16 16:54:51 +01:00
9bfb7efca1
Update changelog
2020-11-16 16:39:47 +01:00
7b8cca20d6
FIX(4.1.1.2): fix auditd apply
2020-11-09 11:48:48 +01:00
a6de243808
Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant
2020-11-09 09:00:34 +01:00
7e8c976722
Add disclaimer when checks don't require comprehensive checks
...
modified: tests/hardening/1.1.1.1_disable_freevxfs.sh
modified: tests/hardening/1.1.1.2_disable_jffs2.sh
modified: tests/hardening/1.1.1.3_disable_hfs.sh
modified: tests/hardening/1.1.1.4_disable_hfsplus.sh
modified: tests/hardening/1.1.1.5_disable_udf.sh
modified: tests/hardening/1.1.1.6_disable_cramfs.sh
modified: tests/hardening/1.1.1.7_disable_squashfs.sh
modified: tests/hardening/1.1.10_var_tmp_noexec.sh
modified: tests/hardening/1.1.11_var_log_partition.sh
modified: tests/hardening/1.1.12_var_log_audit_partition.sh
modified: tests/hardening/1.1.13_home_partition.sh
modified: tests/hardening/1.1.14_home_nodev.sh
modified: tests/hardening/1.1.18_removable_device_nodev.sh
modified: tests/hardening/1.1.19_removable_device_nosuid.sh
modified: tests/hardening/1.1.20_removable_device_noexec.sh
modified: tests/hardening/1.1.2_tmp_partition.sh
modified: tests/hardening/1.1.3_tmp_nodev.sh
modified: tests/hardening/1.1.4_tmp_nosuid.sh
modified: tests/hardening/1.1.5_tmp_noexec.sh
modified: tests/hardening/1.1.6_var_partition.sh
modified: tests/hardening/1.1.7_var_tmp_partition.sh
modified: tests/hardening/1.1.8_var_tmp_nodev.sh
modified: tests/hardening/1.1.9_var_tmp_nosuid.sh
modified: tests/hardening/1.8_install_updates.sh
modified: tests/hardening/2.2.10_disable_http_server.sh
modified: tests/hardening/2.2.11_disable_imap_pop.sh
modified: tests/hardening/2.2.12_disable_samba.sh
modified: tests/hardening/2.2.13_disable_http_proxy.sh
modified: tests/hardening/2.2.14_disable_snmp_server.sh
modified: tests/hardening/2.2.2_disable_xwindow_system.sh
modified: tests/hardening/2.2.3_disable_avahi_server.sh
modified: tests/hardening/2.2.4_disable_print_server.sh
modified: tests/hardening/2.2.5_disable_dhcp.sh
modified: tests/hardening/2.2.6_disable_ldap.sh
modified: tests/hardening/2.2.7_disable_nfs_rpc.sh
modified: tests/hardening/2.2.8_disable_dns_server.sh
modified: tests/hardening/2.2.9_disable_ftp.sh
modified: tests/hardening/2.3.1_disable_nis.sh
modified: tests/hardening/2.3.2_disable_rsh_client.sh
modified: tests/hardening/2.3.3_disable_talk_client.sh
modified: tests/hardening/2.3.4_telnet_client_not_installed.sh
modified: tests/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 16:20:10 +01:00