Sebastien BLAISOT
3d2d97a727
FIX(1.7.1.4): don't abort script in case of unconfined processes ( #130 )
2021-10-20 13:14:36 +02:00
Sebastien BLAISOT
6e2fb1570c
FIX(2.2.1.4): Validate debian default ntp config ( #118 )
2021-10-15 16:19:51 +02:00
dependabot[bot]
faf5b155e5
Bump metcalfc/changelog-generator from v0.4.4 to v1.0.0 ( #81 )
...
Bumps [metcalfc/changelog-generator](https://github.com/metcalfc/changelog-generator ) from v0.4.4 to v1.0.0.
- [Release notes](https://github.com/metcalfc/changelog-generator/releases )
- [Changelog](https://github.com/metcalfc/changelog-generator/blob/main/release-notes.png )
- [Commits](https://github.com/metcalfc/changelog-generator/compare/v0.4.4...e5306b306fa2e34f05258789e0e5c526c1bd4352 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
2021-08-10 13:57:13 +02:00
dependabot[bot]
43887d4165
Bump luizm/action-sh-checker from 0.1.13 to 0.3.0 ( #111 )
...
Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker ) from 0.1.13 to 0.3.0.
- [Release notes](https://github.com/luizm/action-sh-checker/releases )
- [Commits](https://github.com/luizm/action-sh-checker/compare/v0.1.13...v0.3.0 )
---
updated-dependencies:
- dependency-name: luizm/action-sh-checker
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-10 13:47:31 +02:00
dependabot[bot]
499ebf2f9b
Bump dev-drprasad/delete-tag-and-release from v0.1.3 to v0.2.0 ( #72 )
...
Bumps [dev-drprasad/delete-tag-and-release](https://github.com/dev-drprasad/delete-tag-and-release ) from v0.1.3 to v0.2.0.
- [Release notes](https://github.com/dev-drprasad/delete-tag-and-release/releases )
- [Commits](https://github.com/dev-drprasad/delete-tag-and-release/compare/v0.1.3...085c6969f18bad0de1b9f3fe6692a3cd01f64fe5 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
2021-08-10 10:39:53 +02:00
Thibault Ayanides
afed5a9dce
99.5.4.5.2: fix bug where sha512 option rounds provoke KO ( #112 )
2021-08-10 10:30:35 +02:00
dependabot[bot]
01c3d1b98c
Bump luizm/action-sh-checker from v0.1.12 to v0.1.13 ( #73 )
...
Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker ) from v0.1.12 to v0.1.13.
- [Release notes](https://github.com/luizm/action-sh-checker/releases )
- [Commits](https://github.com/luizm/action-sh-checker/compare/v0.1.12...164368daf52a9126460854f9c0de00abc079a350 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
2021-08-10 09:43:59 +02:00
dependabot[bot]
25e899168f
Bump actions-ecosystem/action-get-latest-tag from 1 to 1.4.1 ( #101 )
...
Bumps [actions-ecosystem/action-get-latest-tag](https://github.com/actions-ecosystem/action-get-latest-tag ) from 1 to 1.4.1.
- [Release notes](https://github.com/actions-ecosystem/action-get-latest-tag/releases )
- [Commits](https://github.com/actions-ecosystem/action-get-latest-tag/compare/v1...v1.4.1 )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Thibault Ayanides <thibault.ayanides@ovhcloud.com>
2021-08-10 09:36:28 +02:00
Thibault Ayanides
9a2e3a0e0d
Fix 5.4.5 pattern search ( #108 )
...
fix #107
2021-08-09 10:49:56 +02:00
Thibault Ayanides
334d743125
fix EXCEPTIONS management ( #104 )
...
* FIX(1.1.21, 6.1.10) fix EXCEPTIONS management
* Update changelog
* Refactor test for 6.1.10-14
2021-06-02 13:47:19 +02:00
Thibault Ayanides
4ed8adf790
Update changelog ( #103 )
2021-05-28 15:06:48 +02:00
Thibault Ayanides
f4328deeb2
Fix unbound variable ( #102 )
2021-05-28 15:00:58 +02:00
Thibault Ayanides
29505255ff
Update changelog ( #99 )
2021-05-07 09:16:15 +02:00
Thibault Ayanides
9e6c9a0d8a
Accept lower values ( #95 )
...
* IMP(5.2.23): accept lower value as valid
* IMP(5.2.7): accept lower value as valid
2021-04-27 16:04:13 +02:00
Thibault Ayanides
1cade2e375
FIX(2.2.1.2): custom func not working for systemd ( #90 )
...
fix #87
2021-04-27 13:49:05 +02:00
Thibault Ayanides
fc8a2b2561
FIX: add commands to sudoers ( #91 )
2021-04-27 13:31:59 +02:00
Thibault Ayanides
cadc25c28c
Dir exceptions ( #96 )
...
* IMP(1.1.21): add EXCEPTIONS
* IMP(6.1.10): add EXCEPTIONS
2021-04-26 17:05:22 +02:00
Thibault Ayanides
8c6c9a7571
IMP(tests): checks that stderr is empty
...
Fix #97
2021-04-26 17:01:19 +02:00
Thibault Ayanides
dd41988933
Update changelog
2021-04-13 11:00:29 +02:00
Thibault Ayanides
f6c6e6a0a8
FIX(4.1.11): add SUDO to find suid files
2021-04-13 11:00:29 +02:00
Thibault Ayanides
d26ad48416
Update changelog
2021-04-02 09:25:41 +02:00
Thibault Ayanides
d110a2aa19
Ignore case for sshd conf
...
fix #85
2021-04-02 09:25:41 +02:00
Thibault Ayanides
cbd81b8ab2
Update changelog ( #82 )
2021-03-26 12:16:50 +01:00
Thibault Ayanides
1c51e4cec4
Check that package are installed before launching check ( #69 )
...
* FIX(1.6.1,1.7.1.x): check if apparmor and grub is installed
* FIX(2.2.15): check package install
* FIX(4.2.x): check package install
* FIX(5.1.x): check crontab files exist
* FIX(5.2.1): check package install
* FIX(99.3.3.x): check conf file exist
* Remove useless SUDO_CMD
* Deal with non existant /run/shm
* Replace exit code 128 by exit code 2
fix #65
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-03-25 14:01:57 +01:00
Thibault Ayanides
f8ac58700d
FIX(4.1.1.4): bad pattern ( #67 )
...
fix #61
2021-03-25 13:50:08 +01:00
Thibault Ayanides
1c1393c7e3
Fix div function to manage 0 on numerator ( #79 )
...
fix #77
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-03-23 08:36:36 +01:00
Thibault Ayanides
c50f200c5c
FIX(5.4.5.2): explicit sha512
...
fix #74
2021-03-22 15:22:50 +01:00
Simão Gomes Viana
c0ecc9cd6f
README: fix spelling and spacing in first line
2021-03-19 08:36:31 +01:00
Thibault Ayanides
fb5be208ef
Update changelog
2021-03-15 08:25:26 +01:00
jeremydenoun
b44fb47c3a
add log details to be more comprehensive ( #49 )
...
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
2021-02-17 12:04:11 +01:00
jeremydenoun
84ac4db90f
fix incorrect path from ls ( #45 )
...
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
2021-02-17 12:00:13 +01:00
Thibault Ayanides
40fb536d4e
Add missing HARDENING_LEVEL ( #44 )
...
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-02-17 11:51:51 +01:00
Thibault Ayanides
d1b371f410
Add is_ipv6_disabled ( #57 )
...
Modify some checks to make it pass when ipv6 is diabled
fix #50
modified: bin/hardening/3.1.1_disable_ipv6.sh
modified: bin/hardening/3.3.1_disable_source_routed_packets.sh
modified: bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh
modified: lib/utils.sh
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-02-17 11:45:20 +01:00
Thibault Ayanides
6ab1cab3ce
IMP(5.1.8): allow more restrictive permissions ( #59 )
...
fix #52
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-02-17 11:40:31 +01:00
Thibault Ayanides
1a7dd5893a
Use pam_faillock instead of pam_tally for bullseye ( #56 )
...
Fix #55
See https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0
pam_tally is deprecated and replaced by pam_faillock
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-02-17 11:36:58 +01:00
Thibault Ayanides
fa111bc0d0
Update mac and kex to match debian10 CIS ( #60 )
...
fix #53
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-02-17 11:31:22 +01:00
Thibault Ayanides
460843ffb3
Fix #51 ( #58 )
2021-02-17 11:19:38 +01:00
jeremydenoun
896d277d95
fix #46 bug ( #47 )
...
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
2021-02-11 14:00:18 +01:00
Thibault Ayanides
6ae05f3fa2
Add dealing with debian 11
...
* ADD: add dockerfile for debian11
* FIX: fix crontab file not found on debian11 blank
* Add workflow for debian11
* FIX: fix debian version func to manage debian11
* Add dealing with unsupported version and distro
* Add 99.99 check that check if distro version is supported
* Use global var for debian major and distro
fix #26
2021-02-08 13:54:24 +01:00
Thibault Ayanides
449c695415
IMP: improve partition detection in container
...
fix #27
2021-02-08 09:07:09 +01:00
dependabot[bot]
2d6550fb13
Bump dev-drprasad/delete-tag-and-release from v0.1.2 to v0.1.3 ( #41 )
...
Bumps [dev-drprasad/delete-tag-and-release](https://github.com/dev-drprasad/delete-tag-and-release ) from v0.1.2 to v0.1.3.
- [Release notes](https://github.com/dev-drprasad/delete-tag-and-release/releases )
- [Commits](https://github.com/dev-drprasad/delete-tag-and-release/compare/v0.1.2...3c280cb168f9f46f0036f47c7f57bba2ec18f61c )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-04 16:23:41 +01:00
jeremydenoun
0b6ea0d97e
IMP: add multiple Improvements
...
* add new kernel module detection (enable & listing) with detection of monolithic kernel
* change way to detect if file system type is disabled
* add global IS_CONTAINER variable
* disable test for 3.4.x to be consistent with others
* add cli options to override configuration loglevel
2021-02-04 16:21:49 +01:00
dependabot[bot]
ec9e2addc2
Bump luizm/action-sh-checker from v0.1.10 to v0.1.12
...
Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker ) from v0.1.10 to v0.1.12.
- [Release notes](https://github.com/luizm/action-sh-checker/releases )
- [Commits](https://github.com/luizm/action-sh-checker/compare/v0.1.10...442951059cb22d260c6e69309ae59cb7bb2334b8 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-01 13:08:50 +01:00
Thibault Ayanides
ed1baa724e
IMP: mark some checks as useless
2021-01-25 13:02:52 +01:00
Thibault Ayanides
bd4ddfc398
ADD(3.4.x): add checks and tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
5a72d986ea
IMP(3.1-3.x): add comprehensive tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
c51513e083
IMP(1.8.1.4-6): add comprehensive tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
6127f2fe67
IMP(4.2.2.x): improve dealing with default conf
...
The default for journald is Compress=yes and ForwardToSyslog=yes
So we check that Compress=no and ForwardToSyslog=no are not in the conf file.
2021-01-25 13:02:52 +01:00
Thibault Serti
6efefa07ac
Update shellcheck workflow
...
fix #34
2021-01-22 14:45:01 +01:00
jeremydenoun
dce926a536
Add default variable to avoid unbound variable
...
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
2021-01-22 10:02:44 +01:00