debian-cis

mirror of https://github.com/ovh/debian-cis.git synced 2025-04-03 20:12:58 +02:00

Author	SHA1	Message	Date
Isma399	43fc23ee40	fix: catch cidr network in ssh keys (#236 ) Co-authored-by: Ismaël Tanguy <ismael.tanguy@ovhcloud.com>	2024-02-22 17:55:03 +01:00
lgaida	730ab47437	allow multiple users in 5.2.18 (#228 ) * allow multiple exception users for 99.5.2.4 * move clean up part of previous commit * split clean up part of previous commit * add tests for multiple allowed and denied ssh users * fix script to correctly set multiple allowed and denied ssh users * add cleanup resolved check to 5.2.18 * apply shellfmt to 5.2.18 --------- Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2024-01-10 17:07:02 +01:00
lgaida	5313799193	Allow multiple exception users to be defined for 99.5.2.4_ssh_keys_from (#221 ) * allow multiple exception users for 99.5.2.4	2023-12-27 13:42:10 +01:00
GoldenKiwi	73616af4eb	Syslog-ng fixes and enhancements (#226 ) * syslog-ng : fix remote host test and enhance Regex fixes #124 * enh: add test for 4.2.1.6	2023-12-27 10:27:06 +01:00
Stéphane Lesimple	de295b3a77	Adapt all scripts to yescrypt (#216 ) * Revert "fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215)" This reverts commit 670c8c62f512afa562f6f77279341910a7f59181. We still want to verify the preexisting hashes in /etc/shadow, even if the PAM configuration is correct for new passwords (5.3.4). * Adapt 5.3.4, 99.5.4.5.1 and 99.5.4.5.2 to yescrypt	2023-11-21 17:43:31 +01:00
GoldenKiwi	670c8c62f5	fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215 ) Fixes #209	2023-11-14 12:03:58 +01:00
GoldenKiwi	0eb2e2ffde	enh: remove ssh system sandbox check (#213 ) UsePrivilegeSeparation option is deprecated. Since the oldest supported Debian distribution is Buster (10), we can safely remove this check Fixes #212	2023-11-13 08:53:12 +01:00
P-EB	32886d3a3d	Replace CIS_ROOT_DIR by a more flexible system (#204 ) * Replace CIS_ROOT_DIR by a more flexible system * Try to adapt the logic change to the functional tests	2023-09-25 14:24:01 +02:00
GoldenKiwi	5370ec2ef6	feat: add nftables to firewall software allow list (#203 ) * feat: add nftables to firewall software allow list fixes #191 * fix: enhance 3.5.4.1.1_net_fw_default_policy_drop.sh iptables output check, disable associated test	2023-09-07 14:36:08 +02:00
Stéphane Lesimple	6135c3d0e5	fix: enhance test 99.1.3 speed for large /etc/sudoers.d folders (#188 ) Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com>	2023-07-18 17:28:35 +02:00
Tarik Megzari	a6ad528087	feat: Add experimental debian12 functionnal tests (#187 ) Signed-off-by: Tarik Megzari <tarik.megzari@ovhcloud.com> Co-authored-by: Tarik Megzari <tarik.megzari@ovhcloud.com>	2023-07-10 10:52:17 +02:00
GoldenKiwi	bd27cd0dae	fix: change auditd file rule remediation (#179 ) Fixes #165	2023-05-05 12:32:22 +02:00
GoldenKiwi	19ce790a27	fix: ensure mountpoints are properly detected (#177 ) Fixes #155 When real entries are present in fstab, system startup or runtime mountpoints are now properly detected Add a supplementary check in case of partition not present in fstab	2023-05-02 18:01:53 +02:00
GoldenKiwi	04457e7df2	feat: official Debian 11 compatibility (#176 ) Introduce Debian 11 compatibility Based on CIS_Debian_Linux_11_Benchmark_v1.0.0 After review, here are the notable changes : - Harden /var/log more (noexec,nodev,nosuid) - Harden /var/log/audit more (noexec,nodev,nosuid) - Harden /home more (nosuid) - Disable cramfs - Fix 5.3.4_acc_pam_sha512.sh - Deprecate Debian 9 and remove useless docker images NB : more audit log rules have been introduced and will be inserted in the checks later Fix #158	2023-05-02 14:16:19 +02:00
Stéphane Lesimple	dc952b90df	fix: timeout of 99.1.3 (#168 ) The 99.1.3_acc_sudoers_no_all.sh script can sometimes timeout on servers where /etc/sudoers.d/ has thousands of files. This patch makes it run roughly 5x faster, as tested on a server with 1500 files in sudoers.d/. Closes #167. Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com> Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com>	2022-12-22 09:47:35 +01:00
Tarik Megzari	82a217032d	fix(6.2.9): Start from UID 1000 for home ownership check (#164 ) Rename 6.2.3 and 6.2.9 checks to be more accurate Remove home existence check from 6.2.9 as it's handled by 6.2.3 Update tests accordingly Fixes #163 Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2022-09-30 10:28:48 +02:00
ymartin-ovh	371c23cd52	feat: add FIND_IGNORE_NOSUCHFILE_ERR flag (#159 ) This flag can be used to prevent find-related checks to fail because one part of filesystem disappear (ie. ephemeral directories or files)	2022-07-04 14:29:25 +02:00
ymartin-ovh	66ccc6316a	feat: Filter the filesystem to check when the list is built. (#156 ) * feat: Attempt to filter-out filesystem that match exclusion regex.	2022-06-24 17:45:47 +02:00
GoldenKiwi	ad5c71c3ce	fix: allow passwd-, group- and shadow- debian default permissions (#149 )	2022-03-18 16:41:49 +01:00
Jan Schmidle	a6a22084e1	missing shadowtools backup files is ok (#132 ) * missing shadowtools backup files is ok * update corresponding test cases	2022-03-02 18:05:37 +01:00
tdenof	1341622335	Fix empty fstab test (#134 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Co-authored-by: Thibault Dewailly <thibault.dewailly@corp.ovh.com>	2021-12-08 08:42:22 +01:00
Thibault Ayanides	afed5a9dce	99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112 )	2021-08-10 10:30:35 +02:00
Thibault Ayanides	334d743125	fix EXCEPTIONS management (#104 ) * FIX(1.1.21, 6.1.10) fix EXCEPTIONS management * Update changelog * Refactor test for 6.1.10-14	2021-06-02 13:47:19 +02:00
Thibault Ayanides	9e6c9a0d8a	Accept lower values (#95 ) * IMP(5.2.23): accept lower value as valid * IMP(5.2.7): accept lower value as valid	2021-04-27 16:04:13 +02:00
Thibault Ayanides	8c6c9a7571	IMP(tests): checks that stderr is empty Fix #97	2021-04-26 17:01:19 +02:00
Thibault Ayanides	c50f200c5c	FIX(5.4.5.2): explicit sha512 fix #74	2021-03-22 15:22:50 +01:00
Thibault Ayanides	1a7dd5893a	Use pam_faillock instead of pam_tally for bullseye (#56 ) Fix #55 See https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0 pam_tally is deprecated and replaced by pam_faillock Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-02-17 11:36:58 +01:00
Thibault Ayanides	fa111bc0d0	Update mac and kex to match debian10 CIS (#60 ) fix #53 Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-02-17 11:31:22 +01:00
Thibault Ayanides	6ae05f3fa2	Add dealing with debian 11 * ADD: add dockerfile for debian11 * FIX: fix crontab file not found on debian11 blank * Add workflow for debian11 * FIX: fix debian version func to manage debian11 * Add dealing with unsupported version and distro * Add 99.99 check that check if distro version is supported * Use global var for debian major and distro fix #26	2021-02-08 13:54:24 +01:00
jeremydenoun	0b6ea0d97e	IMP: add multiple Improvements * add new kernel module detection (enable & listing) with detection of monolithic kernel * change way to detect if file system type is disabled * add global IS_CONTAINER variable * disable test for 3.4.x to be consistent with others * add cli options to override configuration loglevel	2021-02-04 16:21:49 +01:00
Thibault Ayanides	ed1baa724e	IMP: mark some checks as useless	2021-01-25 13:02:52 +01:00
Thibault Ayanides	bd4ddfc398	ADD(3.4.x): add checks and tests	2021-01-25 13:02:52 +01:00
Thibault Ayanides	5a72d986ea	IMP(3.1-3.x): add comprehensive tests	2021-01-25 13:02:52 +01:00
Thibault Ayanides	c51513e083	IMP(1.8.1.4-6): add comprehensive tests	2021-01-25 13:02:52 +01:00
Thibault Ayanides	6127f2fe67	IMP(4.2.2.x): improve dealing with default conf The default for journald is Compress=yes and ForwardToSyslog=yes So we check that Compress=no and ForwardToSyslog=no are not in the conf file.	2021-01-25 13:02:52 +01:00
jeremydenoun	0edb837f80	Remove bc dependency Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>	2021-01-22 09:31:53 +01:00
Thibault Ayanides	0ca73899d3	ADD(4.2.2.x): add journald checks	2021-01-04 10:10:47 +01:00
Thibault Ayanides	a5e1cb90cd	ADD(4.1.1.4): add new check	2021-01-04 09:03:44 +01:00
Thibault Ayanides	e0c6692ff2	ADD(4.1.1.1): add auditd install	2020-12-24 16:20:02 +01:00
Thibault Ayanides	e2ad0a5dcc	ADD(4.4): add logrotate permissions checking	2020-12-24 10:31:47 +01:00
Thibault Ayanides	d0ab72dd26	ADD(5.2.20-23): add new sshd checks	2020-12-23 11:41:53 +01:00
Thibault Ayanides	8da1107532	ADD(1.7.x): add apparmor checks	2020-12-23 10:46:51 +01:00
Thibault Ayanides	9cbc3f85a9	Renum 99.x files to comply with debian10 CIS	2020-12-22 16:36:35 +01:00
Thibault Ayanides	87e242a42d	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
Thibault Ayanides	7f990b5e53	Add new checks (blank for now)	2020-12-22 14:42:45 +01:00
Thibault Ayanides	7d87619744	Renum 6.x files to comply with debian10 CIS renamed: bin/hardening/6.2.7_users_valid_homedir.sh -> bin/hardening/6.2.3_users_valid_homedir.sh renamed: bin/hardening/6.2.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.4_remove_legacy_shadow_entries.sh renamed: bin/hardening/6.2.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.5_remove_legacy_group_entries.sh renamed: bin/hardening/6.2.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.6_find_0_uid_non_root_account.sh renamed: bin/hardening/6.2.6_sanitize_root_path.sh -> bin/hardening/6.2.7_sanitize_root_path.sh renamed: tests/hardening/6.2.7_users_valid_homedir.sh -> tests/hardening/6.2.3_users_valid_homedir.sh renamed: tests/hardening/6.2.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.4_remove_legacy_shadow_entries.sh renamed: tests/hardening/6.2.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.5_remove_legacy_group_entries.sh renamed: tests/hardening/6.2.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.6_find_0_uid_non_root_account.sh renamed: tests/hardening/6.2.6_sanitize_root_path.sh -> tests/hardening/6.2.7_sanitize_root_path.sh	2020-12-22 11:43:53 +01:00
Thibault Ayanides	c9e19b51e6	Renum 4.x files to comply with debian10 CIS renamed: bin/hardening/4.1.2_enable_auditd.sh -> bin/hardening/4.1.1.2_enable_auditd.sh renamed: bin/hardening/4.1.3_audit_bootloader.sh -> bin/hardening/4.1.1.3_audit_bootloader.sh renamed: bin/hardening/4.1.11_record_failed_access_file.sh -> bin/hardening/4.1.10_record_failed_access_file.sh renamed: bin/hardening/4.1.12_record_privileged_commands.sh -> bin/hardening/4.1.11_record_privileged_commands.sh renamed: bin/hardening/4.1.13_record_successful_mount.sh -> bin/hardening/4.1.12_record_successful_mount.sh renamed: bin/hardening/4.1.14_record_file_deletions.sh -> bin/hardening/4.1.13_record_file_deletions.sh renamed: bin/hardening/4.1.15_record_sudoers_edit.sh -> bin/hardening/4.1.14_record_sudoers_edit.sh renamed: bin/hardening/4.1.16_record_sudo_usage.sh -> bin/hardening/4.1.15_record_sudo_usage.sh renamed: bin/hardening/4.1.17_record_kernel_modules.sh -> bin/hardening/4.1.16_record_kernel_modules.sh renamed: bin/hardening/4.1.18_freeze_auditd_conf.sh -> bin/hardening/4.1.17_freeze_auditd_conf.sh renamed: bin/hardening/4.1.1.1_audit_log_storage.sh -> bin/hardening/4.1.2.1_audit_log_storage.sh renamed: bin/hardening/4.1.1.2_halt_when_audit_log_full.sh -> bin/hardening/4.1.2.2_halt_when_audit_log_full.sh renamed: bin/hardening/4.1.1.3_keep_all_audit_logs.sh -> bin/hardening/4.1.2.3_keep_all_audit_logs.sh renamed: bin/hardening/4.1.4_record_date_time_edit.sh -> bin/hardening/4.1.3_record_date_time_edit.sh renamed: bin/hardening/4.1.5_record_user_group_edit.sh -> bin/hardening/4.1.4_record_user_group_edit.sh renamed: bin/hardening/4.1.6_record_network_edit.sh -> bin/hardening/4.1.5_record_network_edit.sh renamed: bin/hardening/4.1.7_record_mac_edit.sh -> bin/hardening/4.1.6_record_mac_edit.sh renamed: bin/hardening/4.1.8_record_login_logout.sh -> bin/hardening/4.1.7_record_login_logout.sh renamed: bin/hardening/4.1.9_record_session_init.sh -> bin/hardening/4.1.8_record_session_init.sh renamed: bin/hardening/4.1.10_record_dac_edit.sh -> bin/hardening/4.1.9_record_dac_edit.sh renamed: bin/hardening/4.2.3_install_syslog-ng.sh -> bin/hardening/4.2.2.1_install_syslog-ng.sh renamed: bin/hardening/4.2.2.1_enable_syslog-ng.sh -> bin/hardening/4.2.2.2_enable_syslog-ng.sh renamed: bin/hardening/4.2.2.2_configure_syslog-ng.sh -> bin/hardening/4.2.2.3_configure_syslog-ng.sh renamed: bin/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh -> bin/hardening/4.2.2.4_syslog_ng_logfiles_perm.sh renamed: bin/hardening/4.2.2.4_syslog-ng_remote_host.sh -> bin/hardening/4.2.2.5_syslog-ng_remote_host.sh renamed: bin/hardening/4.2.2.5_remote_syslog-ng_acl.sh -> bin/hardening/4.2.2.6_remote_syslog-ng_acl.sh renamed: bin/hardening/4.2.4_logs_permissions.sh -> bin/hardening/4.2.3_logs_permissions.sh renamed: tests/hardening/4.1.2_enable_auditd.sh -> tests/hardening/4.1.1.2_enable_auditd.sh renamed: tests/hardening/4.1.3_audit_bootloader.sh -> tests/hardening/4.1.1.3_audit_bootloader.sh renamed: tests/hardening/4.1.11_record_failed_access_file.sh -> tests/hardening/4.1.10_record_failed_access_file.sh renamed: tests/hardening/4.1.12_record_privileged_commands.sh -> tests/hardening/4.1.11_record_privileged_commands.sh renamed: tests/hardening/4.1.13_record_successful_mount.sh -> tests/hardening/4.1.12_record_successful_mount.sh renamed: tests/hardening/4.1.14_record_file_deletions.sh -> tests/hardening/4.1.13_record_file_deletions.sh renamed: tests/hardening/4.1.15_record_sudoers_edit.sh -> tests/hardening/4.1.14_record_sudoers_edit.sh renamed: tests/hardening/4.1.16_record_sudo_usage.sh -> tests/hardening/4.1.15_record_sudo_usage.sh renamed: tests/hardening/4.1.17_record_kernel_modules.sh -> tests/hardening/4.1.16_record_kernel_modules.sh renamed: tests/hardening/4.1.18_freeze_auditd_conf.sh -> tests/hardening/4.1.17_freeze_auditd_conf.sh renamed: tests/hardening/4.1.1.1_audit_log_storage.sh -> tests/hardening/4.1.2.1_audit_log_storage.sh renamed: tests/hardening/4.1.1.2_halt_when_audit_log_full.sh -> tests/hardening/4.1.2.2_halt_when_audit_log_full.sh renamed: tests/hardening/4.1.1.3_keep_all_audit_logs.sh -> tests/hardening/4.1.2.3_keep_all_audit_logs.sh renamed: tests/hardening/4.1.4_record_date_time_edit.sh -> tests/hardening/4.1.3_record_date_time_edit.sh renamed: tests/hardening/4.1.5_record_user_group_edit.sh -> tests/hardening/4.1.4_record_user_group_edit.sh renamed: tests/hardening/4.1.6_record_network_edit.sh -> tests/hardening/4.1.5_record_network_edit.sh renamed: tests/hardening/4.1.7_record_mac_edit.sh -> tests/hardening/4.1.6_record_mac_edit.sh renamed: tests/hardening/4.1.8_record_login_logout.sh -> tests/hardening/4.1.7_record_login_logout.sh renamed: tests/hardening/4.1.9_record_session_init.sh -> tests/hardening/4.1.8_record_session_init.sh renamed: tests/hardening/4.1.10_record_dac_edit.sh -> tests/hardening/4.1.9_record_dac_edit.sh renamed: tests/hardening/4.2.2.1_enable_syslog-ng.sh -> tests/hardening/4.2.2.1_install_syslog-ng.sh renamed: tests/hardening/4.2.2.2_configure_syslog-ng.sh -> tests/hardening/4.2.2.2_enable_syslog-ng.sh renamed: tests/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh -> tests/hardening/4.2.2.3_configure_syslog-ng.sh renamed: tests/hardening/4.2.2.5_remote_syslog-ng_acl.sh -> tests/hardening/4.2.2.4_syslog_ng_logfiles_perm.sh renamed: tests/hardening/4.2.2.4_syslog-ng_remote_host.sh -> tests/hardening/4.2.2.5_syslog-ng_remote_host.sh renamed: tests/hardening/4.2.3_install_syslog-ng.sh -> tests/hardening/4.2.2.6_remote_syslog-ng_acl.sh renamed: tests/hardening/4.2.4_logs_permissions.sh -> tests/hardening/4.2.3_logs_permissions.sh	2020-12-22 10:51:39 +01:00
Thibault Ayanides	7ce8ec8b89	Renum 2.x and 3.x files to comply with debian10 CIS renamed: bin/hardening/3.7_disable_ipv6.sh -> bin/hardening/3.1.1_disable_ipv6.sh renamed: bin/hardening/3.6_disable_wireless.sh -> bin/hardening/3.1.2_disable_wireless.sh renamed: bin/hardening/3.1.2_disable_send_packet_redirects.sh -> bin/hardening/3.2.1_disable_send_packet_redirects.sh renamed: bin/hardening/3.1.1_disable_ip_forwarding.sh -> bin/hardening/3.2.2_disable_ip_forwarding.sh renamed: bin/hardening/3.2.1_disable_source_routed_packets.sh -> bin/hardening/3.3.1_disable_source_routed_packets.sh renamed: bin/hardening/3.2.2_disable_icmp_redirect.sh -> bin/hardening/3.3.2_disable_icmp_redirect.sh renamed: bin/hardening/3.2.3_disable_secure_icmp_redirect.sh -> bin/hardening/3.3.3_disable_secure_icmp_redirect.sh renamed: bin/hardening/3.2.4_log_martian_packets.sh -> bin/hardening/3.3.4_log_martian_packets.sh renamed: bin/hardening/3.2.5_ignore_broadcast_requests.sh -> bin/hardening/3.3.5_ignore_broadcast_requests.sh renamed: bin/hardening/3.2.6_enable_bad_error_message_protection.sh -> bin/hardening/3.3.6_enable_bad_error_message_protection.sh renamed: bin/hardening/3.2.7_enable_source_route_validation.sh -> bin/hardening/3.3.7_enable_source_route_validation.sh renamed: bin/hardening/3.2.8_enable_tcp_syn_cookies.sh -> bin/hardening/3.3.8_enable_tcp_syn_cookies.sh renamed: bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh -> bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh renamed: bin/hardening/3.5_enable_firewall.sh -> bin/hardening/3.5.1.1_enable_firewall.sh renamed: bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh -> bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh renamed: bin/hardening/3.3.1_install_tcp_wrapper.sh -> bin/hardening/99.3.3.1_install_tcp_wrapper.sh renamed: bin/hardening/3.3.2_hosts_allow.sh -> bin/hardening/99.3.3.2_hosts_allow.sh renamed: bin/hardening/3.3.3_hosts_deny.sh -> bin/hardening/99.3.3.3_hosts_deny.sh renamed: bin/hardening/3.3.4_hosts_allow_permissions.sh -> bin/hardening/99.3.3.4_hosts_allow_permissions.sh renamed: bin/hardening/3.3.5_hosts_deny_permissions.sh -> bin/hardening/99.3.3.5_hosts_deny_permissions.sh renamed: tests/hardening/3.1.2_disable_send_packet_redirects.sh -> tests/hardening/3.1.1_disable_ipv6.sh renamed: tests/hardening/3.2.1_disable_source_routed_packets.sh -> tests/hardening/3.1.2_disable_wireless.sh renamed: tests/hardening/3.2.2_disable_icmp_redirect.sh -> tests/hardening/3.2.1_disable_send_packet_redirects.sh renamed: tests/hardening/3.1.1_disable_ip_forwarding.sh -> tests/hardening/3.2.2_disable_ip_forwarding.sh renamed: tests/hardening/3.2.3_disable_secure_icmp_redirect.sh -> tests/hardening/3.3.1_disable_source_routed_packets.sh renamed: tests/hardening/3.2.4_log_martian_packets.sh -> tests/hardening/3.3.2_disable_icmp_redirect.sh renamed: tests/hardening/3.2.5_ignore_broadcast_requests.sh -> tests/hardening/3.3.3_disable_secure_icmp_redirect.sh renamed: tests/hardening/3.2.6_enable_bad_error_message_protection.sh -> tests/hardening/3.3.4_log_martian_packets.sh renamed: tests/hardening/3.2.7_enable_source_route_validation.sh -> tests/hardening/3.3.5_ignore_broadcast_requests.sh renamed: tests/hardening/3.2.8_enable_tcp_syn_cookies.sh -> tests/hardening/3.3.6_enable_bad_error_message_protection.sh renamed: tests/hardening/3.2.9_disable_ipv6_router_advertisement.sh -> tests/hardening/3.3.7_enable_source_route_validation.sh renamed: tests/hardening/3.3.1_install_tcp_wrapper.sh -> tests/hardening/3.3.8_enable_tcp_syn_cookies.sh renamed: tests/hardening/3.3.2_hosts_allow.sh -> tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh renamed: tests/hardening/3.3.3_hosts_deny.sh -> tests/hardening/3.5.1.1_enable_firewall.sh renamed: tests/hardening/3.3.4_hosts_allow_permissions.sh -> tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh renamed: tests/hardening/3.3.5_hosts_deny_permissions.sh -> tests/hardening/99.3.3.1_install_tcp_wrapper.sh renamed: tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh -> tests/hardening/99.3.3.2_hosts_allow.sh renamed: tests/hardening/3.5_enable_firewall.sh -> tests/hardening/99.3.3.3_hosts_deny.sh renamed: tests/hardening/3.6_disable_wireless.sh -> tests/hardening/99.3.3.4_hosts_allow_permissions.sh renamed: tests/hardening/3.7_disable_ipv6.sh -> tests/hardening/99.3.3.5_hosts_deny_permissions.sh renamed: bin/hardening/2.2.1.2_configure_ntp.sh -> bin/hardening/2.2.1.4_configure_ntp.sh renamed: tests/hardening/2.2.1.2_configure_ntp.sh -> tests/hardening/2.2.1.4_configure_ntp.sh	2020-12-22 08:52:43 +01:00
Thibault Ayanides	2034aa7b8a	Renum 1.x files to comply with debian10 CIS renamed: bin/hardening/1.4.1_bootloader_ownership.sh -> bin/hardening/1.5.1_bootloader_ownership.sh renamed: bin/hardening/1.4.2_bootloader_password.sh -> bin/hardening/1.5.2_bootloader_password.sh renamed: bin/hardening/1.4.3_root_password.sh -> bin/hardening/1.5.3_root_password.sh renamed: bin/hardening/1.5.2_enable_nx_support.sh -> bin/hardening/1.6.1_enable_nx_support.sh renamed: bin/hardening/1.5.3_enable_randomized_vm_placement.sh -> bin/hardening/1.6.2_enable_randomized_vm_placement.sh renamed: bin/hardening/1.5.4_disable_prelink.sh -> bin/hardening/1.6.3_disable_prelink.sh renamed: bin/hardening/1.5.1_restrict_core_dumps.sh -> bin/hardening/1.6.4_restrict_core_dumps.sh renamed: bin/hardening/1.6.2.1_enable_apparmor.sh -> bin/hardening/1.7.2.2_enable_apparmor.sh renamed: bin/hardening/1.7.1.1_remove_os_info_motd.sh -> bin/hardening/1.8.1.1_remove_os_info_motd.sh renamed: bin/hardening/1.7.1.2_remove_os_info_issue.sh -> bin/hardening/1.8.1.2_remove_os_info_issue.sh renamed: bin/hardening/1.7.1.3_remove_os_info_issue_net.sh -> bin/hardening/1.8.1.3_remove_os_info_issue_net.sh renamed: bin/hardening/1.7.1.4_motd_perms.sh -> bin/hardening/1.8.1.4_motd_perms.sh renamed: bin/hardening/1.7.1.5_etc_issue_perms.sh -> bin/hardening/1.8.1.5_etc_issue_perms.sh renamed: bin/hardening/1.7.1.6_etc_issue_net_perms.sh -> bin/hardening/1.8.1.6_etc_issue_net_perms.sh renamed: bin/hardening/1.7.2_graphical_warning_banners.sh -> bin/hardening/1.8.2_graphical_warning_banners.sh renamed: bin/hardening/1.8_install_updates.sh -> bin/hardening/1.9_install_updates.sh renamed: tests/hardening/1.4.1_bootloader_ownership.sh -> tests/hardening/1.5.1_bootloader_ownership.sh renamed: tests/hardening/1.4.2_bootloader_password.sh -> tests/hardening/1.5.2_bootloader_password.sh renamed: tests/hardening/1.4.3_root_password.sh -> tests/hardening/1.5.3_root_password.sh renamed: tests/hardening/1.5.2_enable_nx_support.sh -> tests/hardening/1.6.1_enable_nx_support.sh renamed: tests/hardening/1.5.3_enable_randomized_vm_placement.sh -> tests/hardening/1.6.2_enable_randomized_vm_placement.sh renamed: tests/hardening/1.5.4_disable_prelink.sh -> tests/hardening/1.6.3_disable_prelink.sh renamed: tests/hardening/1.5.1_restrict_core_dumps.sh -> tests/hardening/1.6.4_restrict_core_dumps.sh renamed: tests/hardening/1.6.2.1_enable_apparmor.sh -> tests/hardening/1.7.2.2_enable_apparmor.sh renamed: tests/hardening/1.7.1.1_remove_os_info_motd.sh -> tests/hardening/1.8.1.1_remove_os_info_motd.sh renamed: tests/hardening/1.7.1.2_remove_os_info_issue.sh -> tests/hardening/1.8.1.2_remove_os_info_issue.sh renamed: tests/hardening/1.7.1.3_remove_os_info_issue_net.sh -> tests/hardening/1.8.1.3_remove_os_info_issue_net.sh renamed: tests/hardening/1.7.1.4_motd_perms.sh -> tests/hardening/1.8.1.4_motd_perms.sh new file: tests/hardening/1.8.1.5_etc_issue_perms.sh new file: tests/hardening/1.8.1.6_etc_issue_net_perms.sh renamed: tests/hardening/1.7.2_graphical_warning_banners.sh -> tests/hardening/1.8.2_graphical_warning_banners.sh renamed: tests/hardening/1.8_install_updates.sh -> tests/hardening/1.9_install_updates.sh	2020-12-21 16:09:27 +01:00
Thibault Ayanides	87bf29b5fe	ADD(1.3.x): add new scripts for debian10	2020-12-21 15:52:47 +01:00

1 2 3 4

178 Commits