Commit Graph

16 Commits

Author SHA1 Message Date
Charles Herlin
c51a8ee9b8 FIX: sed that was too greedy
Used to sed 's!/usr/bin/su!!' /usr/bin/sudo leaving only "do"
that lead to misinterpreting result

Change algorithm to avoid partial sed in the result list
Now the not compliant list is built out of the find results
instead of items being removed from them.
Allow better control of grep inside this list.

Chore: apply shellcheck recommendations
2019-01-02 13:02:02 +01:00
Charles Herlin
e72c7aae15 Add missing /usr/bin/su 2019-01-03 11:21:51 +01:00
Charles Herlin
8e6618eedf FIX: add /usr/bin/* path for suid/guid allowed binaries
Debian is still migrating /bin to /usr/bin so I added both path to the
allowed ones

 * mount
 * umount
 * ping
 * ping6
 * unix_chkpwd
2019-01-02 17:03:29 +01:00
Charles Herlin
67df4da781 Adding batch mode to output just one line of text (no colors) in order to be parsed by computer tools
Adding DESCRIPTION field in tests and [INFO] DESCRIPTION in main
Update README with --batch mode info
Add --batch mode in hardening.sh

Change summary to make it oneliner when batch mode
AUDIT_SUMMARY PASSED_CHECKS:95 RUN_CHECKS:191 TOTAL_CHECKS_AVAIL:191 CONFORMITY_PERCENTAGE:49.74
2017-10-31 17:44:15 +01:00
Charles Herlin
b1f85d3f99 Add sudo management in main and utils
* perform readonly checks as a regular user
    * sudo -n is used for checks requiring root privileges
    * increase accountability by providing log of individual access to sensitive files
2017-11-09 15:45:42 +01:00
Charles Herlin
02f0e30df1 Expand tabs to 4 spaces and trim trailing spaces 2017-11-17 15:13:27 +01:00
Charles Herlin
5b2404dab8 Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management 2017-10-25 14:50:39 +02:00
Stéphane Lesimple
676b17c54f add hardening templating and several enhancements 2017-05-18 18:40:09 +02:00
thibault.dewailly
3e1df0cdf9 [Debian 8] Fixed comments for debian 8 compliance 2017-03-10 17:46:39 +01:00
kevin.tanguy
1479332870 debian dependencies fix, rephrasing, revision bump 1.0-8. 2016-04-25 15:15:49 +02:00
thibault.dewailly
cb3077e268 Fixed default file error handling and quickstart 2016-04-21 23:19:50 +02:00
thibault.dewailly
3ece442743 Added exit code to CIS_ROOT_DIR test def, optimized sed and sort 2016-04-20 11:29:44 +02:00
thibault.dewailly
6019dd9078 Corrected default file path 2016-04-18 17:39:14 +02:00
thibault.dewailly
e79a03095c All configuration defaults to disabled README updated 2016-04-18 13:19:46 +02:00
thibault.dewailly
c193bd49f5 12.11_find_sgid_files.sh 2016-04-16 12:57:24 +02:00
thibault.dewailly
ac2b994306 12.10_find_suid_files.sh 12.1_etc_passwd_permissions.sh 12.2_etc_shadow_permissions.sh 12.3_etc_group_permissions.sh 12.4_etc_passwd_ownership.sh 12.5_etc_shadow_ownership.sh 12.6_etc_group_ownership.sh 12.7_find_world_writable_file.sh 12.8_find_unowned_files.sh 12.9_find_ungrouped_files.sh 2016-04-16 00:26:19 +02:00