Thibault Ayanides
65bdb42eb3
IMP(shellcheck): replace ls by find (SC2045)
2020-12-14 15:08:18 +01:00
Thibault Ayanides
0c16e500f5
IMP(shellcheck): replace ls in loop by glob (SC2045)
2020-12-14 14:45:38 +01:00
Thibault Ayanides
fad8e8c1f1
IMP(shellcheck): disable quoting warning for find
2020-12-14 14:28:27 +01:00
Thibault Ayanides
dee0ebc821
IMP(shellcheck): quote variables
2020-12-10 09:50:33 +01:00
Thibault Ayanides
b9e129d8fe
IMP(shellcheck): disable sed replacement (SC2001)
...
Shellcheck recommands to replace sed by shell expansions in 'simple' cases.
However, the replacement here is likely to lead to erros, so we disable this rule.
Moreover, it does'nt really add readability.
2020-12-10 08:34:57 +01:00
Thibault Ayanides
36528b55e0
IMP(shellcheck): replace deprecated egrep (SC2196)
2020-12-10 08:20:26 +01:00
Thibault Ayanides
1c56bd9930
IMP(shellcheck): remove $() in if condition (SC2091)
2020-12-10 08:16:23 +01:00
Thibault Ayanides
b09b75a51e
IMP(shellcheck): quote variables (SC2086)
2020-12-07 17:11:32 +01:00
Thibault Ayanides
6826f377e6
IMP(shellcheck): quote variables (SC2086)
2020-12-07 16:49:11 +01:00
Thibault Ayanides
e2f7426664
IMP(shellcheck): quoting variables
2020-12-07 15:53:14 +01:00
Thibault Ayanides
ac66cdacd0
IMP(shellcheck): fix quote placement in awk (SC1083)
2020-12-07 15:01:22 +01:00
Thibault Ayanides
8012234096
IMP(shellcheck): fix harmless warnings
2020-12-07 14:53:10 +01:00
Thibault Ayanides
63835dd10c
IMP(shellcheck): add curly bracket to var (SC1087)
2020-12-07 13:54:57 +01:00
Thibault Ayanides
ef800954f4
IMP(shellcheck): refactor continue (SC2104)
2020-12-07 13:32:14 +01:00
Thibault Ayanides
addd48c4dd
IMP(shellcheck): add prefix to follow scripts (SC1090)
2020-12-07 13:26:51 +01:00
Thibault Ayanides
72bb3e2b84
IMP(shellcheck): replace -a in condition by && (SC2166)
2020-12-04 15:29:19 +01:00
Thibault Ayanides
d371b8d057
IMP(shellcheck): replace ! -z by -n (SC2236)
2020-12-04 15:14:18 +01:00
Thibault Ayanides
eaf56ca25e
IMP(shellcheck): quote variables (SC2086)
2020-12-04 15:04:22 +01:00
Thibault Ayanides
3a342b784a
IMP(shfmt): add shell formatter
2020-12-04 14:08:01 +01:00
Thibault Ayanides
dba1dae963
IMP(shellcheck): quoting harmless variables (SC2086)
2020-11-27 09:29:11 +01:00
Thibault Ayanides
c17d04ecc2
IMP(shellcheck): comply with shellcheck rules
...
I added shellcheck prefixes to fix:
* SC1091 (following sourced files)
* SC2034 (unused variables)
2020-11-27 09:18:00 +01:00
Thibault Ayanides
cccc0881e9
IMP(shellcheck): add run-shellcheck prefix
2020-11-23 17:10:37 +01:00
Thibault Ayanides
f4e0aafacc
IMP(5.2.3): fix possible permissions for 5.2.3
2020-11-30 14:27:20 +01:00
Thibault Ayanides
d40a85085d
FIX: fix issue, we had to run audit twice
...
First one as root to create conf files with good owner and permissions, and then with secaudit.
Now first run with --create-config-files-only and the normally with --audit.
2020-11-20 10:05:14 +01:00
Thibault Ayanides
467e5f178c
fixup! IMP(4.5): rename to 1.6.1.2 improve test
2020-11-17 13:02:02 +01:00
Thibault Ayanides
d244a2e810
fixup! IMP(4.5): rename to 1.6.1.2 improve test
2020-11-17 12:56:10 +01:00
Thibault Ayanides
d640a467e2
fixup! IMP(4.1.x): add tests for each checks
2020-11-16 16:54:51 +01:00
Thibault Ayanides
7b8cca20d6
FIX(4.1.1.2): fix auditd apply
2020-11-09 11:48:48 +01:00
Thibault Ayanides
a6de243808
Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant
2020-11-09 09:00:34 +01:00
Thibault Ayanides
ffd5b28840
FIX: fix apt autoremove to be non interactive
...
modified: bin/hardening/2.2.10_disable_http_server.sh
modified: bin/hardening/2.2.11_disable_imap_pop.sh
modified: bin/hardening/2.2.12_disable_samba.sh
modified: bin/hardening/2.2.14_disable_snmp_server.sh
modified: bin/hardening/2.2.2_disable_xwindow_system.sh
modified: bin/hardening/2.2.3_disable_avahi_server.sh
modified: bin/hardening/2.2.4_disable_print_server.sh
modified: bin/hardening/2.2.5_disable_dhcp.sh
modified: bin/hardening/2.2.6_disable_ldap.sh
modified: bin/hardening/2.2.7_disable_nfs_rpc.sh
modified: bin/hardening/2.2.8_disable_dns_server.sh
modified: bin/hardening/2.2.9_disable_ftp.sh
modified: bin/hardening/2.3.1_disable_nis.sh
modified: bin/hardening/2.3.2_disable_rsh_client.sh
modified: bin/hardening/2.3.3_disable_talk_client.sh
modified: bin/hardening/2.3.4_telnet_client_not_installed.sh
modified: bin/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 14:51:26 +01:00
Thibault Ayanides
ce1e87b1a3
IMP(4.5): rename to 1.6.1.2 improve test
2020-11-06 11:09:22 +01:00
Thibault Ayanides
ee4b2417c2
IMP(4.1.x): add tests for each checks
2020-11-02 15:47:27 +01:00
Thibault Ayanides
17e43753b9
IMP(5.4.1.1-3): add tests and rename some variables
2020-10-30 09:39:42 +01:00
Thibault Ayanides
9aac4c3504
IMP(5.3.4): improve check
2020-10-29 16:47:34 +01:00
Thibault Ayanides
8af91dd6a8
IMP(5.3.1,5.3.2): add tests and upgrade PAM conf
2020-10-29 16:45:15 +01:00
Thibault Ayanides
feefee28e4
IMP(5.3.1): add test and config function for check
2020-10-29 15:35:56 +01:00
Thibault Ayanides
774af39a34
IMP(5.2.x): add tests and default_config
...
I added tests from 5.2.4 to 5.2.19 and default_config files in the
checks. This checks concern sshd conf (ciphers, mac, rootlogin, ...)
modifié : bin/hardening/5.2.4_sshd_protocol.sh
modifié : bin/hardening/5.2.6_disable_x11_forwarding.sh
modifié : bin/hardening/5.2.7_sshd_maxauthtries.sh
modifié : bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
modifié : bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
modifié : bin/hardening/5.2.10_disable_root_login.sh
modifié : bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
modifié : bin/hardening/5.2.12_disable_sshd_setenv.sh
modifié : bin/hardening/5.2.13_sshd_ciphers.sh
modifié : bin/hardening/5.2.16_sshd_idle_timeout.sh
modifié : bin/hardening/5.2.17_sshd_login_grace_time.sh
modifié : tests/hardening/5.2.4_sshd_protocol.sh
modifié : tests/hardening/5.2.5_sshd_loglevel.sh
modifié : tests/hardening/5.2.6_disable_x11_forwarding.sh
modifié : tests/hardening/5.2.7_sshd_maxauthtries.sh
modifié : tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
modifié : tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
modifié : tests/hardening/5.2.10_disable_root_login.sh
modifié : tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
modifié : tests/hardening/5.2.12_disable_sshd_setenv.sh
modifié : tests/hardening/5.2.13_sshd_ciphers.sh
modifié : tests/hardening/5.2.16_sshd_idle_timeout.sh
modifié : tests/hardening/5.2.17_sshd_login_grace_time.sh
modifié : tests/hardening/5.2.18_sshd_limit_access.sh
modifié : tests/hardening/5.2.19_ssh_banner.sh
2020-10-29 11:18:31 +01:00
Thibault Ayanides
fbd26ceefa
Fix race condition on /etc/passwd, /etc/shadow and /etc/group
2020-11-16 14:09:12 +01:00
Thibault Ayanides
501ce8c651
IMP(5.2.3): 640 permission is now ok for the check
2020-11-16 14:08:42 +01:00
Thibault Ayanides
829ee8631f
Revert to previous check (8.2.4 in old num)
2020-11-16 14:06:39 +01:00
Thibault
3c7a03445c
FIX(3.1.1): fix unbound variable issue
2020-11-12 10:15:41 +01:00
Thibault Ayanides
03c8e25ff3
FIX(99.5.4): fix test (permission denied on authorized_keys)
2020-11-05 15:05:12 +01:00
Thibault Ayanides
a7afb1099a
IMP(6.2.8): fix bug where /sbin/nologin was considered as a valid shell
2020-11-05 11:25:52 +01:00
Thibault Ayanides
6aae84f4b2
FIX(2.3.18): Re-add telnet server check
...
Renaming for 2.3.4 anbd 2.3.5 to have naming consistency.
nouveau fichier : bin/hardening/2.2.18_disable_telnet_server.sh
renommé : bin/hardening/2.3.4_telnet_client_not_installed.sh -> bin/hardening/2.3.4_disable_telnet_client.sh
renommé : bin/hardening/2.3.5_ldap_client_not_installed.sh -> bin/hardening/2.3.5_disable_ldap_client.sh
renommé : tests/hardening/2.3.4_telnet_client_not_installed.sh -> tests/hardening/2.2.18_disable_telnet_server.sh
renommé : tests/hardening/2.3.5_ldap_client_not_installed.sh -> tests/hardening/2.3.4_disable_telnet_client.sh
nouveau fichier : tests/hardening/2.3.5_disable_ldap_client.sh
2020-11-03 09:38:13 +01:00
Thibault Ayanides
668dc80bb8
FIX(3.1.1,3.2.1,3.2.2): don't check for IPv6 options if IPv6 is disabled
2020-11-02 17:16:11 +01:00
Thibault Ayanides
c2090b74b3
FIX(2.2.12): smbd enabling check was wrong
2020-11-02 16:53:04 +01:00
Thibault Ayanides
26c119c4a1
ADD(3.2.7): add check mysteriously deleted during renaming
2020-10-30 16:09:25 +01:00
Thibault Ayanides
aff5d708e8
ADD(3.2.6): add check mysteriously deleted during renaming
2020-10-30 16:09:21 +01:00
Thibault Ayanides
b266982a3c
ADD(6.2.7): add check mysteriously deleted during renaming
2020-10-30 16:01:18 +01:00
Thibault Ayanides
a0b025deac
Fix final printf command
...
The final printf bugs on non US system.
A fix is to truncate the percentage to 2 decimals with bc and not with
printf.
modifié : bin/hardening.sh
2020-10-30 14:56:27 +01:00
Thibault Ayanides
ccef85ebe3
IMP(4.2.4): use functions in utils
2020-10-30 14:49:16 +01:00
Thibault Ayanides
258da6b4a1
CLEAN(4.2.2): delete 4.2.2, duplicate with 4.2.3
2020-10-30 14:40:48 +01:00
Thibault Ayanides
9eb6bac993
FIX(6.2.9): fix EXCEPTIONS unbound variable error
2020-10-28 15:04:41 +01:00
Thibault Ayanides
df802b4882
Fix spelling mistakes and numbering in comments
2020-10-28 10:09:10 +01:00
Thibault Ayanides
20f432765d
FIX(5.2.2,5.2.3) find was not working properly
...
I removed the functions in utils and replace them with loops, so that
there is no more problems with the options arrays.
2020-10-27 12:47:11 +01:00
Thibault Ayanides
bb266ebe4a
IMP(6.2.6): add purposely failing tests
2020-10-27 09:17:57 +01:00
Thibault Ayanides
1e64a14299
IMP(6.2.2,6.2.3,6.2.4): add purposely failing tests
2020-10-26 14:46:42 +01:00
Thibault Ayanides
990f191111
CLEAN: rename 2.18, 2.23
2020-10-26 11:05:37 +01:00
Thibault Ayanides
f82712203d
CLEAN: rename 7.7
2020-10-26 11:00:55 +01:00
Thibault Ayanides
e2616b024d
CLEAN: Remove 13.13 (duplicate with 6.2.9)
2020-10-26 10:55:12 +01:00
Thibault Ayanides
e1846ebd4c
CLEAN: Rename 1.7.1.4, 8.2.1
2020-10-26 10:40:48 +01:00
Charles Herlin
c0e9b96ffc
FIX: change name to fit check content (cracklib -> pwquality)
...
renamed: bin/hardening/5.3.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_pwquality.sh
renamed: tests/hardening/5.3.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_pwquality.sh
2019-10-30 15:40:15 +01:00
Charles Herlin
de3da21a38
CLEAN: remove 8.2.4
2019-10-30 15:37:36 +01:00
Charles Herlin
c81cf79fea
CLEAN(12.x) remove unused checks that were merged with ownsership/perms
...
deleted: 12.4_etc_passwd_ownership.sh
deleted: 12.5_etc_shadow_ownership.sh
deleted: 12.6_etc_group_ownership.sh
2019-10-30 15:29:11 +01:00
Charles Herlin
d4bbc786a6
IMP(3.2.1-2): set sysctl params in config file
2019-10-30 15:20:30 +01:00
Charles Herlin
625a6206c7
Fix typos
...
modified: 1.7.1.4_motd_perms.sh
modified: 1.7.1.5_etc_issue_perms.sh
modified: 1.7.1.6_etc_issue_net_perms.sh
modified: 1.8_install_updates.sh
2019-10-30 15:18:52 +01:00
Charles Herlin
5074c5a8bd
FIX(2.2.12) handle smbd as a service
2019-10-25 16:03:11 +02:00
Charles Herlin
d91fdbf84b
Add missing tests CUPS, telnet and LDAP
...
new file: bin/hardening/2.2.4_disable_print_server.sh
new file: bin/hardening/2.3.4_telnet_client_not_installed.sh
new file: bin/hardening/2.3.5_ldap_client_not_installed.sh
new file: tests/hardening/2.2.4_disable_print_server.sh
new file: tests/hardening/2.3.4_telnet_client_not_installed.sh
new file: tests/hardening/2.3.5_ldap_client_not_installed.sh
2019-10-21 14:45:25 +02:00
Charles Herlin
2b60594a06
Renum 2.6.x to 1.1.x for /var/tmp
...
renamed: bin/hardening/2.6.4_var_tmp_noexec.sh -> bin/hardening/1.1.10_var_tmp_noexec.sh
renamed: bin/hardening/2.6.1_var_tmp_partition.sh -> bin/hardening/1.1.7_var_tmp_partition.sh
renamed: bin/hardening/2.6.2_var_tmp_nodev.sh -> bin/hardening/1.1.8_var_tmp_nodev.sh
renamed: bin/hardening/2.6.3_var_tmp_nosuid.sh -> bin/hardening/1.1.9_var_tmp_nosuid.sh
renamed: tests/hardening/2.6.4_var_tmp_noexec.sh -> tests/hardening/1.1.10_var_tmp_noexec.sh
renamed: tests/hardening/2.6.3_var_tmp_nosuid.sh -> tests/hardening/1.1.7_var_tmp_partition.sh
renamed: tests/hardening/2.6.2_var_tmp_nodev.sh -> tests/hardening/1.1.8_var_tmp_nodev.sh
renamed: tests/hardening/2.6.1_var_tmp_partition.sh -> tests/hardening/1.1.9_var_tmp_nosuid.sh
2019-10-21 12:21:22 +02:00
Charles Herlin
d6dae89966
Renum logrotate config 8.4 to 4.3
...
renamed: 8.4_configure_logrotate.sh -> 4.3_configure_logrotate.sh
renamed: ../../tests/hardening/8.4_configure_logrotate.sh -> ../../tests/hardening/4.3_configure_logrotate.sh
2019-10-18 17:32:41 +02:00
Charles Herlin
80b97940fa
Renumbering custom 99.* scripts as newcomers to CIS benchmark
...
renamed: bin/hardening/99.4_net_fw_default_policy_drop.sh -> bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh
renamed: bin/hardening/99.3.3_acc_pam_sha512.sh -> bin/hardening/5.3.4_acc_pam_sha512.sh
renamed: tests/hardening/99.4_net_fw_default_policy_drop.sh -> tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh
renamed: tests/hardening/99.3.3_acc_pam_sha512.sh -> tests/hardening/5.3.4_acc_pam_sha512.sh
2019-10-18 17:26:31 +02:00
Charles Herlin
609444a47f
Renum User and Groups settings 13.x to 6.2.x
...
renamed: bin/hardening/13.8_check_user_dot_file_perm.sh -> bin/hardening/6.2.10_check_user_dot_file_perm.sh
renamed: bin/hardening/13.19_find_user_forward_files.sh -> bin/hardening/6.2.11_find_user_forward_files.sh
renamed: bin/hardening/13.18_find_user_netrc_files.sh -> bin/hardening/6.2.12_find_user_netrc_files.sh
renamed: bin/hardening/13.9_set_perm_on_user_netrc.sh -> bin/hardening/6.2.13_set_perm_on_user_netrc.sh
renamed: bin/hardening/13.10_find_user_rhosts_files.sh -> bin/hardening/6.2.14_find_user_rhosts_files.sh
renamed: bin/hardening/13.11_find_passwd_group_inconsistencies.sh -> bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
renamed: bin/hardening/13.14_check_duplicate_uid.sh -> bin/hardening/6.2.16_check_duplicate_uid.sh
renamed: bin/hardening/13.15_check_duplicate_gid.sh -> bin/hardening/6.2.17_check_duplicate_gid.sh
renamed: bin/hardening/13.16_check_duplicate_username.sh -> bin/hardening/6.2.18_check_duplicate_username.sh
renamed: bin/hardening/13.17_check_duplicate_groupname.sh -> bin/hardening/6.2.19_check_duplicate_groupname.sh
renamed: bin/hardening/13.1_remove_empty_password_field.sh -> bin/hardening/6.2.1_remove_empty_password_field.sh
renamed: bin/hardening/13.20_shadow_group_empty.sh -> bin/hardening/6.2.20_shadow_group_empty.sh
renamed: bin/hardening/13.2_remove_legacy_passwd_entries.sh -> bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
renamed: bin/hardening/13.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
renamed: bin/hardening/13.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.4_remove_legacy_group_entries.sh
renamed: bin/hardening/13.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.5_find_0_uid_non_root_account.sh
renamed: bin/hardening/13.6_sanitize_root_path.sh -> bin/hardening/6.2.6_sanitize_root_path.sh
renamed: bin/hardening/13.7_check_user_dir_perm.sh -> bin/hardening/6.2.8_check_user_dir_perm.sh
renamed: bin/hardening/13.12_users_valid_homedir.sh -> bin/hardening/6.2.9_users_valid_homedir.sh
renamed: tests/hardening/13.9_set_perm_on_user_netrc.sh -> tests/hardening/6.2.10_check_user_dot_file_perm.sh
renamed: tests/hardening/13.8_check_user_dot_file_perm.sh -> tests/hardening/6.2.11_find_user_forward_files.sh
renamed: tests/hardening/13.7_check_user_dir_perm.sh -> tests/hardening/6.2.12_find_user_netrc_files.sh
renamed: tests/hardening/13.6_sanitize_root_path.sh -> tests/hardening/6.2.13_set_perm_on_user_netrc.sh
renamed: tests/hardening/13.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh
renamed: tests/hardening/13.14_check_duplicate_uid.sh -> tests/hardening/6.2.16_check_duplicate_uid.sh
renamed: tests/hardening/13.15_check_duplicate_gid.sh -> tests/hardening/6.2.17_check_duplicate_gid.sh
renamed: tests/hardening/13.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.18_check_duplicate_username.sh
renamed: tests/hardening/13.2_remove_legacy_passwd_entries.sh -> tests/hardening/6.2.19_check_duplicate_groupname.sh
renamed: tests/hardening/13.20_shadow_group_empty.sh -> tests/hardening/6.2.1_remove_empty_password_field.sh
renamed: tests/hardening/13.1_remove_empty_password_field.sh -> tests/hardening/6.2.20_shadow_group_empty.sh
renamed: tests/hardening/13.19_find_user_forward_files.sh -> tests/hardening/6.2.2_remove_legacy_passwd_entries.sh
renamed: tests/hardening/13.18_find_user_netrc_files.sh -> tests/hardening/6.2.3_remove_legacy_shadow_entries.sh
renamed: tests/hardening/13.17_check_duplicate_groupname.sh -> tests/hardening/6.2.4_remove_legacy_group_entries.sh
renamed: tests/hardening/13.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.5_find_0_uid_non_root_account.sh
renamed: tests/hardening/13.16_check_duplicate_username.sh -> tests/hardening/6.2.6_sanitize_root_path.sh
renamed: tests/hardening/13.12_users_valid_homedir.sh -> tests/hardening/6.2.8_check_user_dir_perm.sh
renamed: tests/hardening/13.11_find_passwd_group_inconsistencies.sh -> tests/hardening/6.2.9_users_valid_homedir.sh
2019-09-12 17:43:12 +02:00
Charles Herlin
440aeaf45f
Renum 12.x checks to 6.1.x Verify_System_File_Permissions
...
modified: bin/hardening/12.4_etc_passwd_ownership.sh
modified: bin/hardening/12.5_etc_shadow_ownership.sh
modified: bin/hardening/12.6_etc_group_ownership.sh
renamed: bin/hardening/12.7_find_world_writable_file.sh -> bin/hardening/6.1.10_find_world_writable_file.sh
renamed: bin/hardening/12.8_find_unowned_files.sh -> bin/hardening/6.1.11_find_unowned_files.sh
renamed: bin/hardening/12.9_find_ungrouped_files.sh -> bin/hardening/6.1.12_find_ungrouped_files.sh
renamed: bin/hardening/12.10_find_suid_files.sh -> bin/hardening/6.1.13_find_suid_files.sh
renamed: bin/hardening/12.11_find_sgid_files.sh -> bin/hardening/6.1.14_find_sgid_files.sh
renamed: bin/hardening/12.1_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
renamed: bin/hardening/12.2_etc_shadow_permissions.sh -> bin/hardening/6.1.3_etc_shadow_permissions.sh
renamed: bin/hardening/12.3_etc_group_permissions.sh -> bin/hardening/6.1.4_etc_group_permissions.sh
deleted: tests/hardening/12.1_etc_passwd_permissions.sh
deleted: tests/hardening/12.2_etc_shadow_permissions.sh
deleted: tests/hardening/12.3_etc_group_permissions.sh
renamed: tests/hardening/12.7_find_world_writable_file.sh -> tests/hardening/6.1.10_find_world_writable_file.sh
renamed: tests/hardening/12.8_find_unowned_files.sh -> tests/hardening/6.1.11_find_unowned_files.sh
renamed: tests/hardening/12.9_find_ungrouped_files.sh -> tests/hardening/6.1.12_find_ungrouped_files.sh
renamed: tests/hardening/12.10_find_suid_files.sh -> tests/hardening/6.1.13_find_suid_files.sh
renamed: tests/hardening/12.11_find_sgid_files.sh -> tests/hardening/6.1.14_find_sgid_files.sh
renamed: tests/hardening/12.6_etc_group_ownership.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
renamed: tests/hardening/12.5_etc_shadow_ownership.sh -> tests/hardening/6.1.3_etc_shadow_permissions.sh
renamed: tests/hardening/12.4_etc_passwd_ownership.sh -> tests/hardening/6.1.4_etc_group_permissions.sh
2019-09-12 16:44:45 +02:00
Charles Herlin
a085785321
Renum warning banners checks 11.x to 1.7.x
...
new file: bin/hardening/1.7.1.1_remove_os_info_motd.sh
renamed: bin/hardening/11.2_remove_os_info_warning_banners.sh -> bin/hardening/1.7.1.2_remove_os_info_issue.sh
new file: bin/hardening/1.7.1.3_remove_os_info_issue_net.sh
new file: bin/hardening/1.7.1.4_motd_perms.sh
new file: bin/hardening/1.7.1.5_etc_issue_perms.sh
new file: bin/hardening/1.7.1.6_etc_issue_net_perms.sh
renamed: bin/hardening/11.3_graphical_warning_banners.sh -> bin/hardening/1.7.2_graphical_warning_banners.sh
deleted: bin/hardening/11.1_warning_banners.sh
renamed: tests/hardening/11.3_graphical_warning_banners.sh -> tests/hardening/1.7.1.1_remove_os_info_motd.sh
renamed: tests/hardening/11.2_remove_os_info_warning_banners.sh -> tests/hardening/1.7.1.2_remove_os_info_issue.sh
renamed: tests/hardening/11.1_warning_banners.sh -> tests/hardening/1.7.1.3_remove_os_info_issue_net.sh
new file: tests/hardening/1.7.1.4_warning_banners.sh
new file: tests/hardening/1.7.2_graphical_warning_banners.sh
2019-09-12 15:42:22 +02:00
Charles Herlin
fbb73d1953
Renum 10.x to 5.4.x
...
renamed: bin/hardening/10.5_lock_inactive_user_account.sh -> bin/hardening/5.4.1.4_lock_inactive_user_account.sh
renamed: bin/hardening/10.2_disable_system_accounts.sh -> bin/hardening/5.4.2_disable_system_accounts.sh
renamed: bin/hardening/10.3_default_root_group.sh -> bin/hardening/5.4.3_default_root_group.sh
renamed: bin/hardening/10.4_default_umask.sh -> bin/hardening/5.4.4_default_umask.sh
renamed: tests/hardening/10.5_lock_inactive_user_account.sh -> tests/hardening/5.4.1.4_lock_inactive_user_account.sh
renamed: tests/hardening/10.2_disable_system_accounts.sh -> tests/hardening/5.4.2_disable_system_accounts.sh
renamed: tests/hardening/10.4_default_umask.sh -> tests/hardening/5.4.3_default_root_group.sh
renamed: tests/hardening/10.3_default_root_group.sh -> tests/hardening/5.4.4_default_umask.sh
2019-09-12 10:55:43 +02:00
Charles Herlin
47a9ffdc9c
Renum login.defs 10.1.x to 5.4.1.x
...
renamed: bin/hardening/10.1.1_set_password_exp_days.sh -> bin/hardening/5.4.1.1_set_password_exp_days.sh
renamed: bin/hardening/10.1.2_set_password_min_days_change.sh -> bin/hardening/5.4.1.2_set_password_min_days_change.sh
renamed: bin/hardening/10.1.3_set_password_exp_warning_days.sh -> bin/hardening/5.4.1.3_set_password_exp_warning_days.sh
renamed: tests/hardening/10.1.3_set_password_exp_warning_days.sh -> tests/hardening/5.4.1.1_set_password_exp_days.sh
renamed: tests/hardening/10.1.2_set_password_min_days_change.sh -> tests/hardening/5.4.1.2_set_password_min_days_change.sh
renamed: tests/hardening/10.1.1_set_password_exp_days.sh -> tests/hardening/5.4.1.3_set_password_exp_warning_days.sh
2019-09-12 10:43:48 +02:00
Charles Herlin
8a4a28a35b
Renum 9.x tty and su checks
...
renamed: bin/hardening/9.4_secure_tty.sh -> bin/hardening/5.5_secure_tty.sh
renamed: bin/hardening/9.5_restrict_su.sh -> bin/hardening/5.6_restrict_su.sh
renamed: tests/hardening/9.5_restrict_su.sh -> tests/hardening/5.5_secure_tty.sh
renamed: tests/hardening/9.4_secure_tty.sh -> tests/hardening/5.6_restrict_su.sh
2019-09-11 17:16:54 +02:00
Charles Herlin
9e61ca8367
Renum ssh config check 9.3.x to 5.2.x
...
Also renum 99.x checks that were included in CIS recommendations
renamed: bin/hardening/9.3.8_disable_root_login.sh -> bin/hardening/5.2.10_disable_root_login.sh
renamed: bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
renamed: bin/hardening/9.3.10_disable_sshd_setenv.sh -> bin/hardening/5.2.12_disable_sshd_setenv.sh
renamed: bin/hardening/9.3.11_sshd_ciphers.sh -> bin/hardening/5.2.13_sshd_ciphers.sh
renamed: bin/hardening/99.5.2.2_ssh_cry_mac.sh -> bin/hardening/5.2.14_ssh_cry_mac.sh
renamed: bin/hardening/99.5.2.1_ssh_cry_kex.sh -> bin/hardening/5.2.15_ssh_cry_kex.sh
renamed: bin/hardening/9.3.12_sshd_idle_timeout.sh -> bin/hardening/5.2.16_sshd_idle_timeout.sh
renamed: bin/hardening/9.3.13_sshd_limit_access.sh -> bin/hardening/5.2.18_sshd_limit_access.sh
renamed: bin/hardening/9.3.14_ssh_banner.sh -> bin/hardening/5.2.19_ssh_banner.sh
renamed: bin/hardening/9.3.3_sshd_conf_perm_ownership.sh -> bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
renamed: bin/hardening/9.3.1_sshd_protocol.sh -> bin/hardening/5.2.4_sshd_protocol.sh
renamed: bin/hardening/9.3.2_sshd_loglevel.sh -> bin/hardening/5.2.5_sshd_loglevel.sh
renamed: bin/hardening/9.3.4_disable_x11_forwarding.sh -> bin/hardening/5.2.6_disable_x11_forwarding.sh
renamed: bin/hardening/9.3.5_sshd_maxauthtries.sh -> bin/hardening/5.2.7_sshd_maxauthtries.sh
renamed: bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
renamed: bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
renamed: tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> tests/hardening/5.2.10_disable_root_login.sh
renamed: tests/hardening/9.3.8_disable_root_login.sh -> tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
renamed: tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> tests/hardening/5.2.12_disable_sshd_setenv.sh
renamed: tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> tests/hardening/5.2.13_sshd_ciphers.sh
renamed: tests/hardening/99.5.2.2_ssh_cry_mac.sh -> tests/hardening/5.2.14_ssh_cry_mac.sh
renamed: tests/hardening/99.5.2.1_ssh_cry_kex.sh -> tests/hardening/5.2.15_ssh_cry_kex.sh
renamed: tests/hardening/9.3.5_sshd_maxauthtries.sh -> tests/hardening/5.2.16_sshd_idle_timeout.sh
renamed: tests/hardening/9.3.4_disable_x11_forwarding.sh -> tests/hardening/5.2.18_sshd_limit_access.sh
renamed: tests/hardening/9.3.3_sshd_conf_perm_ownership.sh -> tests/hardening/5.2.19_ssh_banner.sh
renamed: tests/hardening/9.3.1_sshd_protocol.sh -> tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
renamed: tests/hardening/9.3.14_ssh_banner.sh -> tests/hardening/5.2.4_sshd_protocol.sh
renamed: tests/hardening/9.3.2_sshd_loglevel.sh -> tests/hardening/5.2.5_sshd_loglevel.sh
renamed: tests/hardening/9.3.13_sshd_limit_access.sh -> tests/hardening/5.2.6_disable_x11_forwarding.sh
renamed: tests/hardening/9.3.12_sshd_idle_timeout.sh -> tests/hardening/5.2.7_sshd_maxauthtries.sh
renamed: tests/hardening/9.3.11_sshd_ciphers.sh -> tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
renamed: tests/hardening/9.3.10_disable_sshd_setenv.sh -> tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
2019-09-11 17:12:54 +02:00
Charles Herlin
c863a01305
Renum 9.2.x to 5.3.x Pam password settings
...
renamed: bin/hardening/9.2.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_cracklib.sh
renamed: bin/hardening/9.2.2_enable_lockout_failed_password.sh -> bin/hardening/5.3.2_enable_lockout_failed_password.sh
renamed: bin/hardening/9.2.3_limit_password_reuse.sh -> bin/hardening/5.3.3_limit_password_reuse.sh
renamed: tests/hardening/9.2.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_cracklib.sh
renamed: tests/hardening/9.2.3_limit_password_reuse.sh -> tests/hardening/5.3.2_enable_lockout_failed_password.sh
renamed: tests/hardening/9.2.2_enable_lockout_failed_password.sh -> tests/hardening/5.3.3_limit_password_reuse.sh
2019-09-11 15:40:00 +02:00
Charles Herlin
124dde8254
Renum 9.1.x to 5.1.x cron checks
...
renamed: bin/hardening/9.1.1_enable_cron.sh -> bin/hardening/5.1.1_enable_cron.sh
renamed: bin/hardening/9.1.2_crontab_perm_ownership.sh -> bin/hardening/5.1.2_crontab_perm_ownership.sh
renamed: bin/hardening/9.1.3_cron_hourly_perm_ownership.sh -> bin/hardening/5.1.3_cron_hourly_perm_ownership.sh
renamed: bin/hardening/9.1.4_cron_daily_perm_ownership.sh -> bin/hardening/5.1.4_cron_daily_perm_ownership.sh
renamed: bin/hardening/9.1.5_cron_weekly_perm_ownership.sh -> bin/hardening/5.1.5_cron_weekly_perm_ownership.sh
renamed: bin/hardening/9.1.6_cron_monthly_perm_ownership.sh -> bin/hardening/5.1.6_cron_monthly_perm_ownership.sh
renamed: bin/hardening/9.1.7_cron_d_perm_ownership.sh -> bin/hardening/5.1.7_cron_d_perm_ownership.sh
renamed: bin/hardening/9.1.8_cron_users.sh -> bin/hardening/5.1.8_cron_users.sh
renamed: tests/hardening/9.1.8_cron_users.sh -> tests/hardening/5.1.1_enable_cron.sh
renamed: tests/hardening/9.1.7_cron_d_perm_ownership.sh -> tests/hardening/5.1.2_crontab_perm_ownership.sh
renamed: tests/hardening/9.1.6_cron_monthly_perm_ownership.sh -> tests/hardening/5.1.3_cron_hourly_perm_ownership.sh
renamed: tests/hardening/9.1.5_cron_weekly_perm_ownership.sh -> tests/hardening/5.1.4_cron_daily_perm_ownership.sh
renamed: tests/hardening/9.1.4_cron_daily_perm_ownership.sh -> tests/hardening/5.1.5_cron_weekly_perm_ownership.sh
renamed: tests/hardening/9.1.3_cron_hourly_perm_ownership.sh -> tests/hardening/5.1.6_cron_monthly_perm_ownership.sh
renamed: tests/hardening/9.1.2_crontab_perm_ownership.sh -> tests/hardening/5.1.7_cron_d_perm_ownership.sh
renamed: tests/hardening/9.1.1_enable_cron.sh -> tests/hardening/5.1.8_cron_users.sh
2019-09-11 12:16:50 +02:00
Charles Herlin
65f92a7556
Renum 8.2.x to 4.2.2.x for syslog-ng
...
renamed: bin/hardening/8.2.2_enable_syslog-ng.sh -> bin/hardening/4.2.2.1_enable_syslog-ng.sh
renamed: bin/hardening/8.2.3_configure_syslog-ng.sh -> bin/hardening/4.2.2.2_configure_syslog-ng.sh
new file: bin/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh
renamed: bin/hardening/8.2.5_syslog-ng_remote_host.sh -> bin/hardening/4.2.2.4_syslog-ng_remote_host.sh
renamed: bin/hardening/8.2.6_remote_syslog-ng_acl.sh -> bin/hardening/4.2.2.5_remote_syslog-ng_acl.sh
renamed: tests/hardening/8.2.6_remote_syslog-ng_acl.sh -> tests/hardening/4.2.2.1_enable_syslog-ng.sh
renamed: tests/hardening/8.2.3_configure_syslog-ng.sh -> tests/hardening/4.2.2.2_configure_syslog-ng.sh
renamed: tests/hardening/8.2.2_enable_syslog-ng.sh -> tests/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh
renamed: tests/hardening/8.2.5_syslog-ng_remote_host.sh -> tests/hardening/4.2.2.4_syslog-ng_remote_host.sh
new file: tests/hardening/4.2.2.5_remote_syslog-ng_acl.sh
2019-09-11 11:52:24 +02:00
Charles Herlin
00dd3ef591
Renum 8.1.x auditing configuration
...
renamed: bin/hardening/8.1.1.1_audit_log_storage.sh -> bin/hardening/4.1.1.1_audit_log_storage.sh
renamed: bin/hardening/8.1.1.2_halt_when_audit_log_full.sh -> bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
renamed: bin/hardening/8.1.1.3_keep_all_audit_logs.sh -> bin/hardening/4.1.1.3_keep_all_audit_logs.sh
renamed: bin/hardening/8.1.10_record_dac_edit.sh -> bin/hardening/4.1.10_record_dac_edit.sh
renamed: bin/hardening/8.1.11_record_failed_access_file.sh -> bin/hardening/4.1.11_record_failed_access_file.sh
renamed: bin/hardening/8.1.12_record_privileged_commands.sh -> bin/hardening/4.1.12_record_privileged_commands.sh
renamed: bin/hardening/8.1.13_record_successful_mount.sh -> bin/hardening/4.1.13_record_successful_mount.sh
renamed: bin/hardening/8.1.14_record_file_deletions.sh -> bin/hardening/4.1.14_record_file_deletions.sh
renamed: bin/hardening/8.1.15_record_sudoers_edit.sh -> bin/hardening/4.1.15_record_sudoers_edit.sh
renamed: bin/hardening/8.1.16_record_sudo_usage.sh -> bin/hardening/4.1.16_record_sudo_usage.sh
renamed: bin/hardening/8.1.17_record_kernel_modules.sh -> bin/hardening/4.1.17_record_kernel_modules.sh
renamed: bin/hardening/8.1.18_freeze_auditd_conf.sh -> bin/hardening/4.1.18_freeze_auditd_conf.sh
renamed: bin/hardening/8.1.2_enable_auditd.sh -> bin/hardening/4.1.2_enable_auditd.sh
renamed: bin/hardening/8.1.3_audit_bootloader.sh -> bin/hardening/4.1.3_audit_bootloader.sh
renamed: bin/hardening/8.1.4_record_date_time_edit.sh -> bin/hardening/4.1.4_record_date_time_edit.sh
renamed: bin/hardening/8.1.5_record_user_group_edit.sh -> bin/hardening/4.1.5_record_user_group_edit.sh
renamed: bin/hardening/8.1.6_record_network_edit.sh -> bin/hardening/4.1.6_record_network_edit.sh
renamed: bin/hardening/8.1.7_record_mac_edit.sh -> bin/hardening/4.1.7_record_mac_edit.sh
renamed: bin/hardening/8.1.8_record_login_logout.sh -> bin/hardening/4.1.8_record_login_logout.sh
renamed: bin/hardening/8.1.9_record_session_init.sh -> bin/hardening/4.1.9_record_session_init.sh
renamed: tests/hardening/8.1.9_record_session_init.sh -> tests/hardening/4.1.1.1_audit_log_storage.sh
renamed: tests/hardening/8.1.8_record_login_logout.sh -> tests/hardening/4.1.1.2_halt_when_audit_log_full.sh
renamed: tests/hardening/8.1.7_record_mac_edit.sh -> tests/hardening/4.1.1.3_keep_all_audit_logs.sh
renamed: tests/hardening/8.1.6_record_network_edit.sh -> tests/hardening/4.1.10_record_dac_edit.sh
renamed: tests/hardening/8.1.5_record_user_group_edit.sh -> tests/hardening/4.1.11_record_failed_access_file.sh
renamed: tests/hardening/8.1.4_record_date_time_edit.sh -> tests/hardening/4.1.12_record_privileged_commands.sh
renamed: tests/hardening/8.1.3_audit_bootloader.sh -> tests/hardening/4.1.13_record_successful_mount.sh
renamed: tests/hardening/8.1.2_enable_auditd.sh -> tests/hardening/4.1.14_record_file_deletions.sh
renamed: tests/hardening/8.1.18_freeze_auditd_conf.sh -> tests/hardening/4.1.15_record_sudoers_edit.sh
renamed: tests/hardening/8.1.17_record_kernel_modules.sh -> tests/hardening/4.1.16_record_sudo_usage.sh
renamed: tests/hardening/8.1.16_record_sudo_usage.sh -> tests/hardening/4.1.17_record_kernel_modules.sh
renamed: tests/hardening/8.1.15_record_sudoers_edit.sh -> tests/hardening/4.1.18_freeze_auditd_conf.sh
renamed: tests/hardening/8.1.14_record_file_deletions.sh -> tests/hardening/4.1.2_enable_auditd.sh
renamed: tests/hardening/8.1.13_record_successful_mount.sh -> tests/hardening/4.1.3_audit_bootloader.sh
renamed: tests/hardening/8.1.12_record_privileged_commands.sh -> tests/hardening/4.1.4_record_date_time_edit.sh
renamed: tests/hardening/8.1.11_record_failed_access_file.sh -> tests/hardening/4.1.5_record_user_group_edit.sh
renamed: tests/hardening/8.1.10_record_dac_edit.sh -> tests/hardening/4.1.6_record_network_edit.sh
renamed: tests/hardening/8.1.1.3_keep_all_audit_logs.sh -> tests/hardening/4.1.7_record_mac_edit.sh
renamed: tests/hardening/8.1.1.2_halt_when_audit_log_full.sh -> tests/hardening/4.1.8_record_login_logout.sh
renamed: tests/hardening/8.1.1.1_audit_log_storage.sh -> tests/hardening/4.1.9_record_session_init.sh
2019-09-09 16:45:54 +02:00
Charles Herlin
032aaa7c79
Renumber 7.5.x and 7.6
...
renamed: bin/hardening/7.5.1_disable_dccp.sh -> bin/hardening/3.4.1_disable_dccp.sh
renamed: bin/hardening/7.5.2_disable_sctp.sh -> bin/hardening/3.4.2_disable_sctp.sh
renamed: bin/hardening/7.5.3_disable_rds.sh -> bin/hardening/3.4.3_disable_rds.sh
renamed: bin/hardening/7.5.4_disable_tipc.sh -> bin/hardening/3.4.4_disable_tipc.sh
renamed: bin/hardening/7.6_disable_wireless.sh -> bin/hardening/3.6_disable_wireless.sh
renamed: tests/hardening/7.6_disable_wireless.sh -> tests/hardening/3.4.1_disable_dccp.sh
renamed: tests/hardening/7.5.4_disable_tipc.sh -> tests/hardening/3.4.2_disable_sctp.sh
renamed: tests/hardening/7.5.3_disable_rds.sh -> tests/hardening/3.4.3_disable_rds.sh
renamed: tests/hardening/7.5.2_disable_sctp.sh -> tests/hardening/3.4.4_disable_tipc.sh
renamed: tests/hardening/7.5.1_disable_dccp.sh -> tests/hardening/3.6_disable_wireless.sh
2019-08-30 17:18:26 +02:00
Charles Herlin
68f9f56192
Renumber 7.4.x tcp wrappers
...
renamed: bin/hardening/7.4.1_install_tcp_wrapper.sh -> bin/hardening/3.3.1_install_tcp_wrapper.sh
renamed: bin/hardening/7.4.2_hosts_allow.sh -> bin/hardening/3.3.2_hosts_allow.sh
renamed: bin/hardening/7.4.4_hosts_deny.sh -> bin/hardening/3.3.3_hosts_deny.sh
renamed: bin/hardening/7.4.3_hosts_allow_permissions.sh -> bin/hardening/3.3.4_hosts_allow_permissions.sh
renamed: bin/hardening/7.4.5_hosts_deny_permissions.sh -> bin/hardening/3.3.5_hosts_deny_permissions.sh
renamed: tests/hardening/7.4.5_hosts_deny_permissions.sh -> tests/hardening/3.3.1_install_tcp_wrapper.sh
renamed: tests/hardening/7.4.4_hosts_deny.sh -> tests/hardening/3.3.2_hosts_allow.sh
renamed: tests/hardening/7.4.3_hosts_allow_permissions.sh -> tests/hardening/3.3.3_hosts_deny.sh
renamed: tests/hardening/7.4.2_hosts_allow.sh -> tests/hardening/3.3.4_hosts_allow_permissions.sh
renamed: tests/hardening/7.4.1_install_tcp_wrapper.sh -> tests/hardening/3.3.5_hosts_deny_permissions.sh
2019-08-30 17:11:03 +02:00
Charles Herlin
c5674c3627
Renumber network params 7.1.x, 7.2.x and 7.3
...
renamed: bin/hardening/7.1.1_disable_ip_forwarding.sh -> bin/hardening/3.1.1_disable_ip_forwarding.sh
renamed: bin/hardening/7.1.2_disable_send_packet_redirects.sh -> bin/hardening/3.1.2_disable_send_packet_redirects.sh
renamed: bin/hardening/7.2.1_disable_source_routed_packets.sh -> bin/hardening/3.2.1_disable_source_routed_packets.sh
renamed: bin/hardening/7.2.2_disable_icmp_redirect.sh -> bin/hardening/3.2.2_disable_icmp_redirect.sh
renamed: bin/hardening/7.2.3_disable_secure_icmp_redirect.sh -> bin/hardening/3.2.3_disable_secure_icmp_redirect.sh
renamed: bin/hardening/7.2.4_log_martian_packets.sh -> bin/hardening/3.2.4_log_martian_packets.sh
renamed: bin/hardening/7.2.5_ignore_broadcast_requests.sh -> bin/hardening/3.2.5_ignore_broadcast_requests.sh
renamed: bin/hardening/7.2.8_enable_tcp_syn_cookies.sh -> bin/hardening/3.2.8_enable_tcp_syn_cookies.sh
renamed: bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh -> bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh
renamed: bin/hardening/7.3.3_disable_ipv6.sh -> bin/hardening/3.7_disable_ipv6.sh
deleted: bin/hardening/7.2.6_enable_bad_error_message_protection.sh
deleted: bin/hardening/7.2.7_enable_source_route_validation.sh
deleted: bin/hardening/7.3.2_disable_ipv6_redirect.sh
renamed: tests/hardening/7.3.3_disable_ipv6.sh -> tests/hardening/3.1.1_disable_ip_forwarding.sh
renamed: tests/hardening/7.3.2_disable_ipv6_redirect.sh -> tests/hardening/3.1.2_disable_send_packet_redirects.sh
renamed: tests/hardening/7.3.1_disable_ipv6_router_advertisement.sh -> tests/hardening/3.2.1_disable_source_routed_packets.sh
renamed: tests/hardening/7.2.8_enable_tcp_syn_cookies.sh -> tests/hardening/3.2.2_disable_icmp_redirect.sh
renamed: tests/hardening/7.2.7_enable_source_route_validation.sh -> tests/hardening/3.2.3_disable_secure_icmp_redirect.sh
renamed: tests/hardening/7.2.6_enable_bad_error_message_protection.sh -> tests/hardening/3.2.4_log_martian_packets.sh
renamed: tests/hardening/7.2.5_ignore_broadcast_requests.sh -> tests/hardening/3.2.5_ignore_broadcast_requests.sh
renamed: tests/hardening/7.2.4_log_martian_packets.sh -> tests/hardening/3.2.8_enable_tcp_syn_cookies.sh
renamed: tests/hardening/7.2.3_disable_secure_icmp_redirect.sh -> tests/hardening/3.2.9_disable_ipv6_router_advertisement.sh
renamed: tests/hardening/7.2.2_disable_icmp_redirect.sh -> tests/hardening/3.7_disable_ipv6.sh
deleted: tests/hardening/7.1.1_disable_ip_forwarding.sh
deleted: tests/hardening/7.1.2_disable_send_packet_redirects.sh
deleted: tests/hardening/7.2.1_disable_source_routed_packets.sh
2019-08-30 14:14:29 +02:00
Charles Herlin
e205dc7481
Renumber special purpose services 6.x
...
new file: bin/hardening/2.2.1.1_use_time_sync.sh
renamed: bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh
new file: bin/hardening/2.2.1.3_configure_chrony.sh
renamed: bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh
renamed: bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh
renamed: bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh
renamed: bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh
renamed: bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh
renamed: bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh
renamed: bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh
renamed: bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh
renamed: bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh
renamed: bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh
renamed: bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh
renamed: bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh
renamed: bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh
renamed: bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh
deleted: bin/hardening/6.3_disable_print_server.sh
new file: tests/hardening/2.2.1.1_use_time_sync.sh
renamed: tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh
renamed: tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh
renamed: tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh
renamed: tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh
renamed: tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh
renamed: tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh
renamed: tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh
renamed: tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh
renamed: tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh
renamed: tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh
renamed: tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh
renamed: tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh
renamed: tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh
renamed: tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh
renamed: tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh
renamed: tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
Charles Herlin
fbdf3b72ed
Renumbering OS services checks and removing obsolete ones
...
new file: bin/hardening/2.1.1_disable_xinetd.sh
renamed: bin/hardening/5.1.8_disable_inetd.sh -> bin/hardening/2.1.2_disable_bsd_inetd.sh
renamed: bin/hardening/5.1.1_disable_nis.sh -> bin/hardening/2.3.1_disable_nis.sh
renamed: bin/hardening/5.1.3_disable_rsh_client.sh -> bin/hardening/2.3.2_disable_rsh_client.sh
renamed: bin/hardening/5.1.5_disable_talk_client.sh -> bin/hardening/2.3.3_disable_talk_client.sh
deleted: bin/hardening/5.1.2_disable_rsh.sh
deleted: bin/hardening/5.1.4_disable_talk.sh
deleted: bin/hardening/5.1.6_disable_telnet_server.sh
deleted: bin/hardening/5.1.7_disable_tftp_server.sh
deleted: bin/hardening/5.2_disable_chargen.sh
deleted: bin/hardening/5.3_disable_daytime.sh
deleted: bin/hardening/5.4_disable_echo.sh
deleted: bin/hardening/5.5_disable_discard.sh
deleted: bin/hardening/5.6_disable_time.sh
renamed: tests/hardening/5.6_disable_time.sh -> tests/hardening/2.1.1_disable_xinetd.sh
renamed: tests/hardening/5.5_disable_discard.sh -> tests/hardening/2.3.1_disable_nis.sh
renamed: tests/hardening/5.4_disable_echo.sh -> tests/hardening/2.3.2_disable_rsh_client.sh
renamed: tests/hardening/5.3_disable_daytime.sh -> tests/hardening/2.3.3_disable_talk_client.sh
deleted: tests/hardening/5.1.1_disable_nis.sh
deleted: tests/hardening/5.1.2_disable_rsh.sh
deleted: tests/hardening/5.1.3_disable_rsh_client.sh
deleted: tests/hardening/5.1.4_disable_talk.sh
deleted: tests/hardening/5.1.5_disable_talk_client.sh
deleted: tests/hardening/5.1.6_disable_telnet_server.sh
deleted: tests/hardening/5.1.7_disable_tftp_server.sh
deleted: tests/hardening/5.1.8_disable_inetd.sh
deleted: tests/hardening/5.2_disable_chargen.sh
2019-08-29 10:33:23 +02:00
Charles Herlin
6365f58b4c
Renumbering 4.x checks
...
renamed: 4.1_restrict_core_dumps.sh -> 1.5.1_restrict_core_dumps.sh
renamed: 4.2_enable_nx_support.sh -> 1.5.2_enable_nx_support.sh
renamed: 4.3_enable_randomized_vm_placement.sh -> 1.5.3_enable_randomized_vm_placement.sh
renamed: 4.4_disable_prelink.sh -> 1.5.4_disable_prelink.sh
renamed: ../../tests/hardening/4.4_disable_prelink.sh -> ../../tests/hardening/1.5.1_restrict_core_dumps.sh
renamed: ../../tests/hardening/4.3_enable_randomized_vm_placement.sh -> ../../tests/hardening/1.5.2_enable_nx_support.sh
renamed: ../../tests/hardening/4.2_enable_nx_support.sh -> ../../tests/hardening/1.5.3_enable_randomized_vm_placement.sh
renamed: ../../tests/hardening/4.1_restrict_core_dumps.sh -> ../../tests/hardening/1.5.4_disable_prelink.sh
2019-08-28 17:26:27 +02:00
Charles Herlin
fe25b1ba38
Renumbering of bootloader checks
...
renamed: 3.1_bootloader_ownership.sh -> 1.4.1_bootloader_ownership.sh
renamed: 3.3_bootloader_password.sh -> 1.4.2_bootloader_password.sh
renamed: 3.4_root_password.sh -> 1.4.3_root_password.sh
deleted: 3.2_bootloader_permissions.sh
renamed: ../../tests/hardening/3.4_root_password.sh -> ../../tests/hardening/1.4.1_bootloader_ownership.sh
renamed: ../../tests/hardening/3.3_bootloader_password.sh -> ../../tests/hardening/1.4.2_bootloader_password.sh
renamed: ../../tests/hardening/3.1_bootloader_ownership.sh -> ../../tests/hardening/1.4.3_root_password.sh
2019-08-28 17:19:59 +02:00
Charles Herlin
0b85d16c16
First batch of renaming to comply to comply to 8v2 and 9 pdf
...
renamed: 2.19_disable_freevxfs.sh -> 1.1.1.1_disable_freevxfs.sh
renamed: 2.20_disable_jffs2.sh -> 1.1.1.2_disable_jffs2.sh
renamed: 2.21_disable_hfs.sh -> 1.1.1.3_disable_hfs.sh
renamed: 2.22_disable_hfsplus.sh -> 1.1.1.4_disable_hfsplus.sh
renamed: 2.24_disable_udf.sh -> 1.1.1.5_disable_udf.sh
renamed: 2.7_var_log_partition.sh -> 1.1.11_var_log_partition.sh
renamed: 2.8_var_log_audit_partition.sh -> 1.1.12_var_log_audit_partition.sh
renamed: 2.9_home_partition.sh -> 1.1.13_home_partition.sh
renamed: 2.10_home_nodev.sh -> 1.1.14_home_nodev.sh
renamed: 2.14_run_shm_nodev.sh -> 1.1.15_run_shm_nodev.sh
renamed: 2.15_run_shm_nosuid.sh -> 1.1.16_run_shm_nosuid.sh
renamed: 2.16_run_shm_noexec.sh -> 1.1.17_run_shm_noexec.sh
renamed: 2.11_removable_device_nodev.sh -> 1.1.18_removable_device_nodev.sh
renamed: 2.13_removable_device_nosuid.sh -> 1.1.19_removable_device_nosuid.sh
renamed: 2.12_removable_device_noexec.sh -> 1.1.20_removable_device_noexec.sh
renamed: 2.17_sticky_bit_world_writable_folder.sh -> 1.1.21_sticky_bit_world_writable_folder.sh
renamed: 2.25_disable_automounting.sh -> 1.1.22_disable_automounting.sh
renamed: 2.1_tmp_partition.sh -> 1.1.2_tmp_partition.sh
renamed: 2.2_tmp_nodev.sh -> 1.1.3_tmp_nodev.sh
renamed: 2.3_tmp_nosuid.sh -> 1.1.4_tmp_nosuid.sh
renamed: 2.4_tmp_noexec.sh -> 1.1.5_tmp_noexec.sh
renamed: 2.5_var_partition.sh -> 1.1.6_var_partition.sh
renamed: 1.1_install_updates.sh -> 1.8_install_updates.sh
2019-08-27 15:30:47 +02:00
Thibault Ayanides
88e3a515ef
5.2.17_sshd_login_grace_time
2020-10-05 17:26:13 +02:00
Thibault Ayanides
55c1cdbdde
5.2.3_ssh_host_public_keys_perm_ownership
2020-10-05 17:05:47 +02:00
Thibault Ayanides
6f5d714b55
5.2.2_ssh_host_private_keys_perm_ownership
2020-10-05 17:05:26 +02:00
Thibault Ayanides
a37c5bdc4e
Add functions utils
...
I added two functions in utils that checks perms and ownership for file
resulting for a certain find. It takes parameters to filter the results
if needed.
2020-10-05 17:01:13 +02:00
Thibault Ayanides
d6e5803252
4.2.4_logs_permissions
2020-10-05 13:17:44 +02:00
Thibault Ayanides
922f28c200
4.2.3_install_syslog-ng
2020-09-30 17:03:10 +02:00
Benjamin MONTHOUEL
70be679567
IMP(12.8,12.9,12.10,12.11): be able to exclude some paths
...
consider exclusions in apply() functions
2020-03-31 14:22:24 +02:00
Benjamin MONTHOUEL
413277d7eb
IMP(12.8,12.9): be able to exclude some paths
2020-03-30 19:11:07 +02:00
Stéphane Lesimple
ef5c00fef5
enh: 13.12_users_valid_homedir.sh: ignore /nonexistent special home folder
2019-10-22 14:14:32 +02:00
Charles Herlin
a4969e6ba6
IMP(99.3.1): improve check with disabled passwords
2019-08-28 11:49:01 +02:00