elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
271 Commits 4 Branches 39 Tags 2.2 MiB
36d55a6f79
Commit Graph

271 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Charles Herlin
b2f7460977 changelog: update to 1.2-4 2019-04-04 16:27:17 +02:00
Charles Herlin
71f97062d7 FIX(99.1): remove dot in files to search 
Apply shellcheck recommendations
 2019-04-04 12:18:15 +02:00
Charles Herlin
1ec77dbb56 FIX(13.15): fix code that did not show duplicated group 
Add tests
Apply shellcheck recommendations
 2019-03-28 17:51:02 +01:00
Charles Herlin
8f87d75293 FIX(99.5.4): fix regex to allow other authkey options than "from" 2019-03-15 18:17:48 +01:00
Charles Herlin
41e3402b10 FIX(batch): sed \n to space in batch echo 2019-03-19 10:38:41 +01:00
Charles Herlin
02673826a0 FIX(8.2.x): fix grep and find in audit scripts 2019-03-18 16:19:05 +01:00
Charles Herlin
d5d5a39109 FIX(nbsp): remove nbsp for missing file 2019-03-12 10:08:28 +01:00
Charles Herlin
1bac756dcb FIX(nbsp): remove non breakable spaces that caused Puppet to warn 2019-03-12 09:58:35 +01:00
kevin.tanguy
75f6cce7f5 Debian release 1.2-3 2019-03-06 08:33:18 +01:00
Charles Herlin
be1ad3e581 IMP(99.5.4): add conf to check only listed users 2019-03-05 10:49:45 +01:00
Charles Herlin
b4b7524156 Update changelog 2019-03-01 14:41:28 +01:00
Charles Herlin
455e58899d FIX(8.2.4): script crashed when touching a logfile in subdir of /var/log 
Treating filename to check if it is in a /var/log subdirectory and
creates needed subdirectories
 2019-03-01 13:08:07 +01:00
Charles Herlin
9ada868f43 IMP(8.2.4): add exceptions in check and apply 
Apply shellcheck recommendations
 2019-03-01 12:12:42 +01:00
Charles Herlin
4bddd8ee8b IMP(8.2.5): follow symlinks in find 2019-03-01 10:00:35 +01:00
Charles Herlin
81dc308677 FIX(8.3.2): add $SUDO_CMD to find 2019-02-28 17:52:47 +01:00
Charles Herlin
db4dc4d598 FIX(8.2.5): grep: x is a directory 2019-02-28 16:41:41 +01:00
kevin.tanguy
a9af957f7a Debian release 1.2-2 2019-02-28 13:03:09 +01:00
Charles Herlin
0a6f8bdba6 FEAT(2.6.x): retrieve actual partition in case if bind mount 2019-02-28 10:14:00 +01:00
Charles Herlin
d05ffaf9d5 CHORE: replace == with = that is bash syntax 2019-02-26 15:23:23 +01:00
Charles Herlin
41ccd5655a CHORE(test 8.2.5): removed useless cleanup line 2019-02-26 15:19:05 +01:00
Charles Herlin
e46a85dc6c FIX(9.3.2): dismiss test for initial after e7d9977 
LogLevel not consistent at install time between debian versions
Easier to dismiss this check's result at the first step
 2019-02-26 15:16:06 +01:00
Charles Herlin
1caf0f489a FIX(12.1x): fix tests exception for mail after da6acb0b 
Installing syslog-ng in Dockerfile added some suid/sgid binaries that
needed to be treated as exception in test scenarii
 2019-02-26 15:08:21 +01:00
Charles Herlin
de7dfe5956 CHORE(2.1x): use "readlink -e" instead of custom func 
Removed get_partition_from_symlink()
 2019-02-26 15:06:51 +01:00
Charles Herlin
8031c388c6 IMP(9.3.2): Comply with Debian9 guide: verbose ssh loglevel 2019-02-25 15:16:02 +01:00
Charles Herlin
7b8e359590 IMP(13.13): improve exception detection 2019-02-25 10:33:15 +01:00
Charles Herlin
f7f2f614aa IMP(9.3.2): Add custom configuration management 
Add create_config to allow user to customize their conf

Improve tests
Apply shellcheck recommendations
 2019-02-22 15:40:01 +01:00
Charles Herlin
605a768fe1 IMP(13.13): Add exceptions for home directories not owned by owner 
Fill tests

Apply shellcheck recommendations
 2019-02-22 15:22:58 +01:00
Charles Herlin
80a1146af7 IMP(8.2.5): find multiline pattern in files (syslog) 
Add func to find pattern in file that spreads over multiple lines
The func will remove commented lines (that begin with '#')
and consider the file as one long line.
Thus, this is not possible to look for pattern at beginning of line
with this func ('^' and '$')

Improved pattern in 8.2.5

Add syslog-ng to installed dependencies in Dockerfiles

Fixed multifile arguments when looking for pattern that got broken
in d2bbf754 due to "nocase" and _does_pattern_exist_in_file wrapper
Please note that you can only look for pattern in ONE FILE at once
Fixed 8.2.5 and 8.3.2 with for loop on files and 'FOUND' flag
You now need to specify each and every file to look for or embed a
'find' command as follow :
`FILES="$SYSLOG_BASEDIR/syslog-ng.conf $(find $SYSLOG_BASEDIR/conf.d/)"`

Improved test files
Applied shellcheck recommendations
 2019-02-22 12:39:41 +01:00
Charles Herlin
7408216957 IMP(2.1x): Retrieve actual partition when symlink 
Add function to retrieve actual partition from symlink in lib/utils.sh
Using this func in all 3 audit scripts

Improved tests to test this func

Apply shellcheck recommendations
Trim trailing spaces
 2019-02-22 12:22:14 +01:00
Charles Herlin
217895dfe6 FIX(tests): change sed to audit in test skeleton after 81f9348 2019-02-21 18:07:21 +01:00
kevin.tanguy
bc5809f92e FIX CONFIG_AUDIT test 2019-02-21 11:15:48 +01:00
Charles Herlin
22d223fece changelog: Update to 1.2-2 2019-02-19 15:40:27 +01:00
Charles Herlin
ac76942ca7 CHORE(tests): cleanup test files 2019-02-18 18:08:19 +01:00
Charles Herlin
cf42666833 FIX(tests): change sed in conf file disabled->audit following d6172ad 
In test cases, changed in sed command "disabled" to "audit" to enable
apply part, following this commit
d6172ad Change default status disabled -> audit when no conf file

 5f28036 - Change default status to audit for file with custom
  `create_config` (Charles Herlin Thu Feb 14 14:33:21 2019 +0100)
 2019-02-15 17:42:17 +01:00
Charles Herlin
6cbe8f572f CHORE(tests): Cleanup test files 2019-02-18 18:10:22 +01:00
Charles Herlin
982301d395 FIX(tests): improve test cases and cleanup 2019-02-18 17:25:04 +01:00
Charles Herlin
d18f5edfba FIX(99.2): add missing $SUDO_CMD 2019-02-15 16:56:54 +01:00
Charles Herlin
6ede832685 FIX(sudoers): add missing test 2019-02-15 16:45:03 +01:00
Charles Herlin
0c17da012f FIX(test): catch return values when retval differs to avoid runtime error 2019-02-15 16:27:54 +01:00
Charles Herlin
6afed4eedb Add test stub for all audit checks, to tests root/sudo consistency 2019-02-14 18:10:46 +01:00
Charles Herlin
bad32f8078 Rename dismiss_test to skip_tests since test won't even run in this case 2019-02-14 17:52:45 +01:00
Charles Herlin
47a818b832 dismiss_count will still report failed root/sudo consistency failure 
Add comment to dismiss_tests
 2019-02-14 17:44:13 +01:00
kevin.tanguy
fc88194eca properly purge remaining config files on purge 2019-02-14 14:22:55 +01:00
Charles Herlin
2b2a91a564 Change default status to audit for file with custom create_config 2019-02-14 14:33:21 +01:00
Charles Herlin
5c313c8f31 Change default status disabled -> audit when no conf file 2019-02-06 15:26:41 +01:00
Charles Herlin
11305a0980 FIX package name in example-cron.d-entry 2019-02-14 12:21:17 +01:00
Charles Herlin
1586dae0c5 Improve user management in test cases 2019-02-14 11:15:51 +01:00
Charles Herlin
1281860401 IMP: enhance scripts that check duplicate UID 
Add exception handling in 13.14_check_duplicate_uid
Clarifies output message and explicitly displays found exceptions
Add tests
Apply shellcheck recommendation

modified:   bin/hardening/13.14_check_duplicate_uid.sh
modified:   bin/hardening/13.5_find_0_uid_non_root_account.sh
new file:   tests/hardening/13.14_check_duplicate_uid.sh
new file:   tests/hardening/13.5_find_0_uid_non_root_account.sh
 2019-02-13 16:07:06 +01:00
Charles Herlin
09ae131de9 FIX: usage if no RUN_MODE, fix only that used to run too many checks 
If no RUN_MODE passed as arguments, display usage and exits

Fix --only option to run only specific check
Found bug that used to run 2.2 and 2.24 when launching --only 2.24
 2019-02-13 17:11:28 +01:00
kevin.tanguy
1dd630e65b changelog: Update to 1.2-1 (go cds go) 2019-02-12 11:41:05 +01:00