Commit Graph

178 Commits

Author SHA1 Message Date
Thibault Ayanides
0204bb0942 IMP(shellcheck): fix docker shellcheck with new options 2020-12-21 11:43:02 +01:00
Thibault Ayanides
6e0b47ab8f Rename files, fix permissions of tests 2020-12-21 11:21:32 +01:00
Thibault Ayanides
a2adf0f15c ADD(6.1.3, 6.1.6-9): add new checks
Renamed some checks, add new checks that check permissions and ownership on /etc/passwd, /etc/shadow, ...
Add new function in utils that checks that check that the file ownership is one of the authrized ownership.

	renamed:    bin/hardening/6.1.5_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
	new file:   bin/hardening/6.1.3_etc_gshadow-_permissions.sh
	renamed:    bin/hardening/6.1.6_etc_shadow_permissions.sh -> bin/hardening/6.1.4_etc_shadow_permissions.sh
	renamed:    bin/hardening/6.1.7_etc_group_permissions.sh -> bin/hardening/6.1.5_etc_group_permissions.sh
	new file:   bin/hardening/6.1.6_etc_passwd-_permissions.sh
	new file:   bin/hardening/6.1.7_etc_shadow-_permissions.sh
	new file:   bin/hardening/6.1.8_etc_group-_permissions.sh
	new file:   bin/hardening/6.1.9_etc_gshadow_permissions.sh
	modified:   lib/utils.sh
	renamed:    tests/hardening/6.1.5_etc_passwd_permissions.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
	new file:   tests/hardening/6.1.3_etc_gshadow-_permissions.sh
	renamed:    tests/hardening/6.1.6_etc_shadow_permissions.sh -> tests/hardening/6.1.4_etc_shadow_permissions.sh
	renamed:    tests/hardening/6.1.7_etc_group_permissions.sh -> tests/hardening/6.1.5_etc_group_permissions.sh
	new file:   tests/hardening/6.1.6_etc_passwd-_permissions.sh
	new file:   tests/hardening/6.1.7_etc_shadow-_permissions.sh
	new file:   tests/hardening/6.1.8_etc_group-_permissions.sh
	new file:   tests/hardening/6.1.9_etc_gshadow_permissions.sh
2020-12-21 10:02:52 +01:00
Thibault Ayanides
99ac9339f4 IMP: change apt in apt-get 2020-12-07 17:16:19 +01:00
Thibault Ayanides
8012234096 IMP(shellcheck): fix harmless warnings 2020-12-07 14:53:10 +01:00
Thibault Ayanides
addd48c4dd IMP(shellcheck): add prefix to follow scripts (SC1090) 2020-12-07 13:26:51 +01:00
Thibault Ayanides
d371b8d057 IMP(shellcheck): replace ! -z by -n (SC2236) 2020-12-04 15:14:18 +01:00
Thibault Ayanides
3a342b784a IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
Thibault Ayanides
bc1aa65b91 IMP(shellcheck): quote variable in tests (SC2086) 2020-11-30 13:05:41 +01:00
Thibault Ayanides
4add6ddc33 IMP(shellcheck): add prefix to define shell (SC2148) 2020-11-27 09:22:47 +01:00
Thibault Ayanides
d244a2e810 fixup! IMP(4.5): rename to 1.6.1.2 improve test 2020-11-17 12:56:10 +01:00
Thibault Ayanides
84bff4ac88 fixup! Move to most recent docker image for buster 2020-11-16 17:07:08 +01:00
Thibault Ayanides
d640a467e2 fixup! IMP(4.1.x): add tests for each checks 2020-11-16 16:54:51 +01:00
Thibault Ayanides
7b8cca20d6 FIX(4.1.1.2): fix auditd apply 2020-11-09 11:48:48 +01:00
Thibault Ayanides
a6de243808 Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant 2020-11-09 09:00:34 +01:00
Thibault Ayanides
7e8c976722 Add disclaimer when checks don't require comprehensive checks
modified:   tests/hardening/1.1.1.1_disable_freevxfs.sh
	modified:   tests/hardening/1.1.1.2_disable_jffs2.sh
	modified:   tests/hardening/1.1.1.3_disable_hfs.sh
	modified:   tests/hardening/1.1.1.4_disable_hfsplus.sh
	modified:   tests/hardening/1.1.1.5_disable_udf.sh
	modified:   tests/hardening/1.1.1.6_disable_cramfs.sh
	modified:   tests/hardening/1.1.1.7_disable_squashfs.sh
	modified:   tests/hardening/1.1.10_var_tmp_noexec.sh
	modified:   tests/hardening/1.1.11_var_log_partition.sh
	modified:   tests/hardening/1.1.12_var_log_audit_partition.sh
	modified:   tests/hardening/1.1.13_home_partition.sh
	modified:   tests/hardening/1.1.14_home_nodev.sh
	modified:   tests/hardening/1.1.18_removable_device_nodev.sh
	modified:   tests/hardening/1.1.19_removable_device_nosuid.sh
	modified:   tests/hardening/1.1.20_removable_device_noexec.sh
	modified:   tests/hardening/1.1.2_tmp_partition.sh
	modified:   tests/hardening/1.1.3_tmp_nodev.sh
	modified:   tests/hardening/1.1.4_tmp_nosuid.sh
	modified:   tests/hardening/1.1.5_tmp_noexec.sh
	modified:   tests/hardening/1.1.6_var_partition.sh
	modified:   tests/hardening/1.1.7_var_tmp_partition.sh
	modified:   tests/hardening/1.1.8_var_tmp_nodev.sh
	modified:   tests/hardening/1.1.9_var_tmp_nosuid.sh
	modified:   tests/hardening/1.8_install_updates.sh
	modified:   tests/hardening/2.2.10_disable_http_server.sh
	modified:   tests/hardening/2.2.11_disable_imap_pop.sh
	modified:   tests/hardening/2.2.12_disable_samba.sh
	modified:   tests/hardening/2.2.13_disable_http_proxy.sh
	modified:   tests/hardening/2.2.14_disable_snmp_server.sh
	modified:   tests/hardening/2.2.2_disable_xwindow_system.sh
	modified:   tests/hardening/2.2.3_disable_avahi_server.sh
	modified:   tests/hardening/2.2.4_disable_print_server.sh
	modified:   tests/hardening/2.2.5_disable_dhcp.sh
	modified:   tests/hardening/2.2.6_disable_ldap.sh
	modified:   tests/hardening/2.2.7_disable_nfs_rpc.sh
	modified:   tests/hardening/2.2.8_disable_dns_server.sh
	modified:   tests/hardening/2.2.9_disable_ftp.sh
	modified:   tests/hardening/2.3.1_disable_nis.sh
	modified:   tests/hardening/2.3.2_disable_rsh_client.sh
	modified:   tests/hardening/2.3.3_disable_talk_client.sh
	modified:   tests/hardening/2.3.4_telnet_client_not_installed.sh
	modified:   tests/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 16:20:10 +01:00
Thibault Ayanides
ce1e87b1a3 IMP(4.5): rename to 1.6.1.2 improve test 2020-11-06 11:09:22 +01:00
Thibault Ayanides
b5865947ba Move to most recent docker image for buster 2020-11-06 10:11:46 +01:00
Thibault Ayanides
ee4b2417c2 IMP(4.1.x): add tests for each checks 2020-11-02 15:47:27 +01:00
Thibault Ayanides
5568065c35 IMP(4.1.3): skip on docker (bootloader) 2020-11-02 15:46:45 +01:00
Thibault Ayanides
91a2824246 IMP(5.6): add test 2020-10-30 09:48:36 +01:00
Thibault Ayanides
47f8b7b677 IMP(5.4.4): add test 2020-10-30 09:48:27 +01:00
Thibault Ayanides
728011f846 IMP(5.4.3): add purposely failing test 2020-10-30 09:40:28 +01:00
Thibault Ayanides
17e43753b9 IMP(5.4.1.1-3): add tests and rename some variables 2020-10-30 09:39:42 +01:00
Thibault Ayanides
8af91dd6a8 IMP(5.3.1,5.3.2): add tests and upgrade PAM conf 2020-10-29 16:45:15 +01:00
Thibault Ayanides
feefee28e4 IMP(5.3.1): add test and config function for check 2020-10-29 15:35:56 +01:00
Thibault Ayanides
774af39a34 IMP(5.2.x): add tests and default_config
I added tests from 5.2.4 to 5.2.19 and default_config files in the
checks. This checks concern sshd conf (ciphers, mac, rootlogin, ...)

	modifié :         bin/hardening/5.2.4_sshd_protocol.sh
	modifié :         bin/hardening/5.2.6_disable_x11_forwarding.sh
	modifié :         bin/hardening/5.2.7_sshd_maxauthtries.sh
	modifié :         bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	modifié :         bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	modifié :         bin/hardening/5.2.10_disable_root_login.sh
	modifié :         bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	modifié :         bin/hardening/5.2.12_disable_sshd_setenv.sh
	modifié :         bin/hardening/5.2.13_sshd_ciphers.sh
	modifié :         bin/hardening/5.2.16_sshd_idle_timeout.sh
	modifié :         bin/hardening/5.2.17_sshd_login_grace_time.sh
	modifié :         tests/hardening/5.2.4_sshd_protocol.sh
	modifié :         tests/hardening/5.2.5_sshd_loglevel.sh
	modifié :         tests/hardening/5.2.6_disable_x11_forwarding.sh
	modifié :         tests/hardening/5.2.7_sshd_maxauthtries.sh
	modifié :         tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	modifié :         tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	modifié :         tests/hardening/5.2.10_disable_root_login.sh
	modifié :         tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	modifié :         tests/hardening/5.2.12_disable_sshd_setenv.sh
	modifié :         tests/hardening/5.2.13_sshd_ciphers.sh
	modifié :         tests/hardening/5.2.16_sshd_idle_timeout.sh
	modifié :         tests/hardening/5.2.17_sshd_login_grace_time.sh
	modifié :         tests/hardening/5.2.18_sshd_limit_access.sh
	modifié :         tests/hardening/5.2.19_ssh_banner.sh
2020-10-29 11:18:31 +01:00
Thibault
3c7a03445c FIX(3.1.1): fix unbound variable issue 2020-11-12 10:15:41 +01:00
Thibault Ayanides
03c8e25ff3 FIX(99.5.4): fix test (permission denied on authorized_keys) 2020-11-05 15:05:12 +01:00
Thibault Ayanides
7b73eac6d6 FIX: fix test for CDS 2020-11-05 14:24:57 +01:00
Thibault Ayanides
67649ec407 IMP: dismiss for count some tests on blank host 2020-11-05 12:06:14 +01:00
Thibault Ayanides
fe568561bf IMP: Better cleanup after tests 2020-11-05 10:13:14 +01:00
Thibault Ayanides
6aae84f4b2 FIX(2.3.18): Re-add telnet server check
Renaming for 2.3.4 anbd 2.3.5 to have naming consistency.

	nouveau fichier : bin/hardening/2.2.18_disable_telnet_server.sh
	renommé :         bin/hardening/2.3.4_telnet_client_not_installed.sh -> bin/hardening/2.3.4_disable_telnet_client.sh
	renommé :         bin/hardening/2.3.5_ldap_client_not_installed.sh -> bin/hardening/2.3.5_disable_ldap_client.sh
	renommé :         tests/hardening/2.3.4_telnet_client_not_installed.sh -> tests/hardening/2.2.18_disable_telnet_server.sh
	renommé :         tests/hardening/2.3.5_ldap_client_not_installed.sh -> tests/hardening/2.3.4_disable_telnet_client.sh
	nouveau fichier : tests/hardening/2.3.5_disable_ldap_client.sh
2020-11-03 09:38:13 +01:00
Thibault Ayanides
26c119c4a1 ADD(3.2.7): add check mysteriously deleted during renaming 2020-10-30 16:09:25 +01:00
Thibault Ayanides
aff5d708e8 ADD(3.2.6): add check mysteriously deleted during renaming 2020-10-30 16:09:21 +01:00
Thibault Ayanides
b266982a3c ADD(6.2.7): add check mysteriously deleted during renaming 2020-10-30 16:01:18 +01:00
Thibault Ayanides
258da6b4a1 CLEAN(4.2.2): delete 4.2.2, duplicate with 4.2.3 2020-10-30 14:40:48 +01:00
Thibault Ayanides
ab712b4a6c IMP(5.2.1,5.2.2,5.2.3): add purposely failing tests 2020-10-28 09:09:30 +01:00
Thibault Ayanides
2559dd82cb IMP(5.1.8): add purposely failing tests 2020-10-27 16:44:14 +01:00
Thibault Ayanides
b33ab3d9bf IMP(5.1.2-5.1.7): add purposely failing tests 2020-10-27 16:16:23 +01:00
Thibault Ayanides
67badc0ed1 FIX(2.2.15): add netstat docker images 2020-10-27 16:01:20 +01:00
Thibault Ayanides
7a09e0fb9a IMP(99.2): skip on docker 2020-10-27 16:00:02 +01:00
Thibault Ayanides
5d16ee5c98 IMP(1.1.21): skip on docker 2020-10-27 15:34:32 +01:00
Thibault Ayanides
4680465095 IMP(1.4.1,1.4.2,1.4.3): skip on docker 2020-10-27 15:12:09 +01:00
Thibault Ayanides
027552f364 IMP(8.0): skip on docker 2020-10-27 15:07:32 +01:00
Thibault Ayanides
a0df6837ea IMP(1.5.1): skip this test on docker 2020-10-27 14:29:13 +01:00
Thibault Ayanides
97bb1927c3 IMP(1.1.1.X): skip this tests on docker 2020-10-27 11:25:18 +01:00
Thibault Ayanides
fec0ac159c IMP(6.2.18,6.2.19,6.2.20): add purposely failing tests 2020-10-27 11:24:40 +01:00
Thibault Ayanides
f89a864b33 IMP(6.2.15): add purposely failing tests 2020-10-27 11:06:27 +01:00
Thibault Ayanides
5ea053a502 IMP(6.2.12,6.2.13): add purposely failing tests 2020-10-27 11:04:55 +01:00
Thibault Ayanides
58277716c7 IMP(6.2.11,6.2.14): add purposely failing tests 2020-10-27 11:04:33 +01:00
Thibault Ayanides
912718a014 IMP(6.2.10): add purposely failing tests 2020-10-27 10:01:29 +01:00
Thibault Ayanides
01d02b5d5c IMP(6.2.8): add purposely failing tests 2020-10-27 09:34:06 +01:00
Thibault Ayanides
bb266ebe4a IMP(6.2.6): add purposely failing tests 2020-10-27 09:17:57 +01:00
Thibault Ayanides
1e64a14299 IMP(6.2.2,6.2.3,6.2.4): add purposely failing tests 2020-10-26 14:46:42 +01:00
Thibault Ayanides
7ab41f7b88 IMP(6.2.1): add purposely failing tests 2020-10-26 12:52:29 +01:00
Thibault Ayanides
a0796af547 IMP(6.1.2,6.1.3,6.1.4): add purposely failing tests 2020-10-26 11:48:02 +01:00
Thibault Ayanides
990f191111 CLEAN: rename 2.18, 2.23 2020-10-26 11:05:37 +01:00
Thibault Ayanides
f82712203d CLEAN: rename 7.7 2020-10-26 11:00:55 +01:00
Thibault Ayanides
e2616b024d CLEAN: Remove 13.13 (duplicate with 6.2.9) 2020-10-26 10:55:12 +01:00
Thibault Ayanides
36d55a6f79 CLEAN: Remove old checks (3.2, 8.2.4) 2020-10-26 10:48:08 +01:00
Thibault Ayanides
e1846ebd4c CLEAN: Rename 1.7.1.4, 8.2.1 2020-10-26 10:40:48 +01:00
Thibault Ayanides
bb9f60a939 IMP(12.7): test is automatically skipped on docker 2020-10-26 08:51:50 +01:00
Charles Herlin
c0e9b96ffc FIX: change name to fit check content (cracklib -> pwquality)
renamed:    bin/hardening/5.3.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_pwquality.sh
	renamed:    tests/hardening/5.3.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_pwquality.sh
2019-10-30 15:40:15 +01:00
Charles Herlin
d91fdbf84b Add missing tests CUPS, telnet and LDAP
new file:   bin/hardening/2.2.4_disable_print_server.sh
	new file:   bin/hardening/2.3.4_telnet_client_not_installed.sh
	new file:   bin/hardening/2.3.5_ldap_client_not_installed.sh
	new file:   tests/hardening/2.2.4_disable_print_server.sh
	new file:   tests/hardening/2.3.4_telnet_client_not_installed.sh
	new file:   tests/hardening/2.3.5_ldap_client_not_installed.sh
2019-10-21 14:45:25 +02:00
Charles Herlin
2b60594a06 Renum 2.6.x to 1.1.x for /var/tmp
renamed:    bin/hardening/2.6.4_var_tmp_noexec.sh -> bin/hardening/1.1.10_var_tmp_noexec.sh
	renamed:    bin/hardening/2.6.1_var_tmp_partition.sh -> bin/hardening/1.1.7_var_tmp_partition.sh
	renamed:    bin/hardening/2.6.2_var_tmp_nodev.sh -> bin/hardening/1.1.8_var_tmp_nodev.sh
	renamed:    bin/hardening/2.6.3_var_tmp_nosuid.sh -> bin/hardening/1.1.9_var_tmp_nosuid.sh
	renamed:    tests/hardening/2.6.4_var_tmp_noexec.sh -> tests/hardening/1.1.10_var_tmp_noexec.sh
	renamed:    tests/hardening/2.6.3_var_tmp_nosuid.sh -> tests/hardening/1.1.7_var_tmp_partition.sh
	renamed:    tests/hardening/2.6.2_var_tmp_nodev.sh -> tests/hardening/1.1.8_var_tmp_nodev.sh
	renamed:    tests/hardening/2.6.1_var_tmp_partition.sh -> tests/hardening/1.1.9_var_tmp_nosuid.sh
2019-10-21 12:21:22 +02:00
Charles Herlin
d6dae89966 Renum logrotate config 8.4 to 4.3
renamed:    8.4_configure_logrotate.sh -> 4.3_configure_logrotate.sh
	renamed:    ../../tests/hardening/8.4_configure_logrotate.sh -> ../../tests/hardening/4.3_configure_logrotate.sh
2019-10-18 17:32:41 +02:00
Charles Herlin
80b97940fa Renumbering custom 99.* scripts as newcomers to CIS benchmark
renamed:    bin/hardening/99.4_net_fw_default_policy_drop.sh -> bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh
	renamed:    bin/hardening/99.3.3_acc_pam_sha512.sh -> bin/hardening/5.3.4_acc_pam_sha512.sh
	renamed:    tests/hardening/99.4_net_fw_default_policy_drop.sh -> tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh
	renamed:    tests/hardening/99.3.3_acc_pam_sha512.sh -> tests/hardening/5.3.4_acc_pam_sha512.sh
2019-10-18 17:26:31 +02:00
Charles Herlin
609444a47f Renum User and Groups settings 13.x to 6.2.x
renamed:    bin/hardening/13.8_check_user_dot_file_perm.sh -> bin/hardening/6.2.10_check_user_dot_file_perm.sh
	renamed:    bin/hardening/13.19_find_user_forward_files.sh -> bin/hardening/6.2.11_find_user_forward_files.sh
	renamed:    bin/hardening/13.18_find_user_netrc_files.sh -> bin/hardening/6.2.12_find_user_netrc_files.sh
	renamed:    bin/hardening/13.9_set_perm_on_user_netrc.sh -> bin/hardening/6.2.13_set_perm_on_user_netrc.sh
	renamed:    bin/hardening/13.10_find_user_rhosts_files.sh -> bin/hardening/6.2.14_find_user_rhosts_files.sh
	renamed:    bin/hardening/13.11_find_passwd_group_inconsistencies.sh -> bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
	renamed:    bin/hardening/13.14_check_duplicate_uid.sh -> bin/hardening/6.2.16_check_duplicate_uid.sh
	renamed:    bin/hardening/13.15_check_duplicate_gid.sh -> bin/hardening/6.2.17_check_duplicate_gid.sh
	renamed:    bin/hardening/13.16_check_duplicate_username.sh -> bin/hardening/6.2.18_check_duplicate_username.sh
	renamed:    bin/hardening/13.17_check_duplicate_groupname.sh -> bin/hardening/6.2.19_check_duplicate_groupname.sh
	renamed:    bin/hardening/13.1_remove_empty_password_field.sh -> bin/hardening/6.2.1_remove_empty_password_field.sh
	renamed:    bin/hardening/13.20_shadow_group_empty.sh -> bin/hardening/6.2.20_shadow_group_empty.sh
	renamed:    bin/hardening/13.2_remove_legacy_passwd_entries.sh -> bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
	renamed:    bin/hardening/13.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
	renamed:    bin/hardening/13.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.4_remove_legacy_group_entries.sh
	renamed:    bin/hardening/13.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.5_find_0_uid_non_root_account.sh
	renamed:    bin/hardening/13.6_sanitize_root_path.sh -> bin/hardening/6.2.6_sanitize_root_path.sh
	renamed:    bin/hardening/13.7_check_user_dir_perm.sh -> bin/hardening/6.2.8_check_user_dir_perm.sh
	renamed:    bin/hardening/13.12_users_valid_homedir.sh -> bin/hardening/6.2.9_users_valid_homedir.sh
	renamed:    tests/hardening/13.9_set_perm_on_user_netrc.sh -> tests/hardening/6.2.10_check_user_dot_file_perm.sh
	renamed:    tests/hardening/13.8_check_user_dot_file_perm.sh -> tests/hardening/6.2.11_find_user_forward_files.sh
	renamed:    tests/hardening/13.7_check_user_dir_perm.sh -> tests/hardening/6.2.12_find_user_netrc_files.sh
	renamed:    tests/hardening/13.6_sanitize_root_path.sh -> tests/hardening/6.2.13_set_perm_on_user_netrc.sh
	renamed:    tests/hardening/13.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh
	renamed:    tests/hardening/13.14_check_duplicate_uid.sh -> tests/hardening/6.2.16_check_duplicate_uid.sh
	renamed:    tests/hardening/13.15_check_duplicate_gid.sh -> tests/hardening/6.2.17_check_duplicate_gid.sh
	renamed:    tests/hardening/13.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.18_check_duplicate_username.sh
	renamed:    tests/hardening/13.2_remove_legacy_passwd_entries.sh -> tests/hardening/6.2.19_check_duplicate_groupname.sh
	renamed:    tests/hardening/13.20_shadow_group_empty.sh -> tests/hardening/6.2.1_remove_empty_password_field.sh
	renamed:    tests/hardening/13.1_remove_empty_password_field.sh -> tests/hardening/6.2.20_shadow_group_empty.sh
	renamed:    tests/hardening/13.19_find_user_forward_files.sh -> tests/hardening/6.2.2_remove_legacy_passwd_entries.sh
	renamed:    tests/hardening/13.18_find_user_netrc_files.sh -> tests/hardening/6.2.3_remove_legacy_shadow_entries.sh
	renamed:    tests/hardening/13.17_check_duplicate_groupname.sh -> tests/hardening/6.2.4_remove_legacy_group_entries.sh
	renamed:    tests/hardening/13.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.5_find_0_uid_non_root_account.sh
	renamed:    tests/hardening/13.16_check_duplicate_username.sh -> tests/hardening/6.2.6_sanitize_root_path.sh
	renamed:    tests/hardening/13.12_users_valid_homedir.sh -> tests/hardening/6.2.8_check_user_dir_perm.sh
	renamed:    tests/hardening/13.11_find_passwd_group_inconsistencies.sh -> tests/hardening/6.2.9_users_valid_homedir.sh
2019-09-12 17:43:12 +02:00
Charles Herlin
440aeaf45f Renum 12.x checks to 6.1.x Verify_System_File_Permissions
modified:   bin/hardening/12.4_etc_passwd_ownership.sh
	modified:   bin/hardening/12.5_etc_shadow_ownership.sh
	modified:   bin/hardening/12.6_etc_group_ownership.sh
	renamed:    bin/hardening/12.7_find_world_writable_file.sh -> bin/hardening/6.1.10_find_world_writable_file.sh
	renamed:    bin/hardening/12.8_find_unowned_files.sh -> bin/hardening/6.1.11_find_unowned_files.sh
	renamed:    bin/hardening/12.9_find_ungrouped_files.sh -> bin/hardening/6.1.12_find_ungrouped_files.sh
	renamed:    bin/hardening/12.10_find_suid_files.sh -> bin/hardening/6.1.13_find_suid_files.sh
	renamed:    bin/hardening/12.11_find_sgid_files.sh -> bin/hardening/6.1.14_find_sgid_files.sh
	renamed:    bin/hardening/12.1_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
	renamed:    bin/hardening/12.2_etc_shadow_permissions.sh -> bin/hardening/6.1.3_etc_shadow_permissions.sh
	renamed:    bin/hardening/12.3_etc_group_permissions.sh -> bin/hardening/6.1.4_etc_group_permissions.sh
	deleted:    tests/hardening/12.1_etc_passwd_permissions.sh
	deleted:    tests/hardening/12.2_etc_shadow_permissions.sh
	deleted:    tests/hardening/12.3_etc_group_permissions.sh
	renamed:    tests/hardening/12.7_find_world_writable_file.sh -> tests/hardening/6.1.10_find_world_writable_file.sh
	renamed:    tests/hardening/12.8_find_unowned_files.sh -> tests/hardening/6.1.11_find_unowned_files.sh
	renamed:    tests/hardening/12.9_find_ungrouped_files.sh -> tests/hardening/6.1.12_find_ungrouped_files.sh
	renamed:    tests/hardening/12.10_find_suid_files.sh -> tests/hardening/6.1.13_find_suid_files.sh
	renamed:    tests/hardening/12.11_find_sgid_files.sh -> tests/hardening/6.1.14_find_sgid_files.sh
	renamed:    tests/hardening/12.6_etc_group_ownership.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
	renamed:    tests/hardening/12.5_etc_shadow_ownership.sh -> tests/hardening/6.1.3_etc_shadow_permissions.sh
	renamed:    tests/hardening/12.4_etc_passwd_ownership.sh -> tests/hardening/6.1.4_etc_group_permissions.sh
2019-09-12 16:44:45 +02:00
Charles Herlin
a085785321 Renum warning banners checks 11.x to 1.7.x
new file:   bin/hardening/1.7.1.1_remove_os_info_motd.sh
	renamed:    bin/hardening/11.2_remove_os_info_warning_banners.sh -> bin/hardening/1.7.1.2_remove_os_info_issue.sh
	new file:   bin/hardening/1.7.1.3_remove_os_info_issue_net.sh
	new file:   bin/hardening/1.7.1.4_motd_perms.sh
	new file:   bin/hardening/1.7.1.5_etc_issue_perms.sh
	new file:   bin/hardening/1.7.1.6_etc_issue_net_perms.sh
	renamed:    bin/hardening/11.3_graphical_warning_banners.sh -> bin/hardening/1.7.2_graphical_warning_banners.sh
	deleted:    bin/hardening/11.1_warning_banners.sh
	renamed:    tests/hardening/11.3_graphical_warning_banners.sh -> tests/hardening/1.7.1.1_remove_os_info_motd.sh
	renamed:    tests/hardening/11.2_remove_os_info_warning_banners.sh -> tests/hardening/1.7.1.2_remove_os_info_issue.sh
	renamed:    tests/hardening/11.1_warning_banners.sh -> tests/hardening/1.7.1.3_remove_os_info_issue_net.sh
	new file:   tests/hardening/1.7.1.4_warning_banners.sh
	new file:   tests/hardening/1.7.2_graphical_warning_banners.sh
2019-09-12 15:42:22 +02:00
Charles Herlin
fbb73d1953 Renum 10.x to 5.4.x
renamed:    bin/hardening/10.5_lock_inactive_user_account.sh -> bin/hardening/5.4.1.4_lock_inactive_user_account.sh
	renamed:    bin/hardening/10.2_disable_system_accounts.sh -> bin/hardening/5.4.2_disable_system_accounts.sh
	renamed:    bin/hardening/10.3_default_root_group.sh -> bin/hardening/5.4.3_default_root_group.sh
	renamed:    bin/hardening/10.4_default_umask.sh -> bin/hardening/5.4.4_default_umask.sh
	renamed:    tests/hardening/10.5_lock_inactive_user_account.sh -> tests/hardening/5.4.1.4_lock_inactive_user_account.sh
	renamed:    tests/hardening/10.2_disable_system_accounts.sh -> tests/hardening/5.4.2_disable_system_accounts.sh
	renamed:    tests/hardening/10.4_default_umask.sh -> tests/hardening/5.4.3_default_root_group.sh
	renamed:    tests/hardening/10.3_default_root_group.sh -> tests/hardening/5.4.4_default_umask.sh
2019-09-12 10:55:43 +02:00
Charles Herlin
47a9ffdc9c Renum login.defs 10.1.x to 5.4.1.x
renamed:    bin/hardening/10.1.1_set_password_exp_days.sh -> bin/hardening/5.4.1.1_set_password_exp_days.sh
	renamed:    bin/hardening/10.1.2_set_password_min_days_change.sh -> bin/hardening/5.4.1.2_set_password_min_days_change.sh
	renamed:    bin/hardening/10.1.3_set_password_exp_warning_days.sh -> bin/hardening/5.4.1.3_set_password_exp_warning_days.sh
	renamed:    tests/hardening/10.1.3_set_password_exp_warning_days.sh -> tests/hardening/5.4.1.1_set_password_exp_days.sh
	renamed:    tests/hardening/10.1.2_set_password_min_days_change.sh -> tests/hardening/5.4.1.2_set_password_min_days_change.sh
	renamed:    tests/hardening/10.1.1_set_password_exp_days.sh -> tests/hardening/5.4.1.3_set_password_exp_warning_days.sh
2019-09-12 10:43:48 +02:00
Charles Herlin
8a4a28a35b Renum 9.x tty and su checks
renamed:    bin/hardening/9.4_secure_tty.sh -> bin/hardening/5.5_secure_tty.sh
	renamed:    bin/hardening/9.5_restrict_su.sh -> bin/hardening/5.6_restrict_su.sh
	renamed:    tests/hardening/9.5_restrict_su.sh -> tests/hardening/5.5_secure_tty.sh
	renamed:    tests/hardening/9.4_secure_tty.sh -> tests/hardening/5.6_restrict_su.sh
2019-09-11 17:16:54 +02:00
Charles Herlin
9e61ca8367 Renum ssh config check 9.3.x to 5.2.x
Also renum 99.x checks that were included in CIS recommendations

	renamed:    bin/hardening/9.3.8_disable_root_login.sh -> bin/hardening/5.2.10_disable_root_login.sh
	renamed:    bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	renamed:    bin/hardening/9.3.10_disable_sshd_setenv.sh -> bin/hardening/5.2.12_disable_sshd_setenv.sh
	renamed:    bin/hardening/9.3.11_sshd_ciphers.sh -> bin/hardening/5.2.13_sshd_ciphers.sh
	renamed:    bin/hardening/99.5.2.2_ssh_cry_mac.sh -> bin/hardening/5.2.14_ssh_cry_mac.sh
	renamed:    bin/hardening/99.5.2.1_ssh_cry_kex.sh -> bin/hardening/5.2.15_ssh_cry_kex.sh
	renamed:    bin/hardening/9.3.12_sshd_idle_timeout.sh -> bin/hardening/5.2.16_sshd_idle_timeout.sh
	renamed:    bin/hardening/9.3.13_sshd_limit_access.sh -> bin/hardening/5.2.18_sshd_limit_access.sh
	renamed:    bin/hardening/9.3.14_ssh_banner.sh -> bin/hardening/5.2.19_ssh_banner.sh
	renamed:    bin/hardening/9.3.3_sshd_conf_perm_ownership.sh -> bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
	renamed:    bin/hardening/9.3.1_sshd_protocol.sh -> bin/hardening/5.2.4_sshd_protocol.sh
	renamed:    bin/hardening/9.3.2_sshd_loglevel.sh -> bin/hardening/5.2.5_sshd_loglevel.sh
	renamed:    bin/hardening/9.3.4_disable_x11_forwarding.sh -> bin/hardening/5.2.6_disable_x11_forwarding.sh
	renamed:    bin/hardening/9.3.5_sshd_maxauthtries.sh -> bin/hardening/5.2.7_sshd_maxauthtries.sh
	renamed:    bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	renamed:    bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	renamed:    tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> tests/hardening/5.2.10_disable_root_login.sh
	renamed:    tests/hardening/9.3.8_disable_root_login.sh -> tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	renamed:    tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> tests/hardening/5.2.12_disable_sshd_setenv.sh
	renamed:    tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> tests/hardening/5.2.13_sshd_ciphers.sh
	renamed:    tests/hardening/99.5.2.2_ssh_cry_mac.sh -> tests/hardening/5.2.14_ssh_cry_mac.sh
	renamed:    tests/hardening/99.5.2.1_ssh_cry_kex.sh -> tests/hardening/5.2.15_ssh_cry_kex.sh
	renamed:    tests/hardening/9.3.5_sshd_maxauthtries.sh -> tests/hardening/5.2.16_sshd_idle_timeout.sh
	renamed:    tests/hardening/9.3.4_disable_x11_forwarding.sh -> tests/hardening/5.2.18_sshd_limit_access.sh
	renamed:    tests/hardening/9.3.3_sshd_conf_perm_ownership.sh -> tests/hardening/5.2.19_ssh_banner.sh
	renamed:    tests/hardening/9.3.1_sshd_protocol.sh -> tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
	renamed:    tests/hardening/9.3.14_ssh_banner.sh -> tests/hardening/5.2.4_sshd_protocol.sh
	renamed:    tests/hardening/9.3.2_sshd_loglevel.sh -> tests/hardening/5.2.5_sshd_loglevel.sh
	renamed:    tests/hardening/9.3.13_sshd_limit_access.sh -> tests/hardening/5.2.6_disable_x11_forwarding.sh
	renamed:    tests/hardening/9.3.12_sshd_idle_timeout.sh -> tests/hardening/5.2.7_sshd_maxauthtries.sh
	renamed:    tests/hardening/9.3.11_sshd_ciphers.sh -> tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	renamed:    tests/hardening/9.3.10_disable_sshd_setenv.sh -> tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
2019-09-11 17:12:54 +02:00
Charles Herlin
c863a01305 Renum 9.2.x to 5.3.x Pam password settings
renamed:    bin/hardening/9.2.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_cracklib.sh
	renamed:    bin/hardening/9.2.2_enable_lockout_failed_password.sh -> bin/hardening/5.3.2_enable_lockout_failed_password.sh
	renamed:    bin/hardening/9.2.3_limit_password_reuse.sh -> bin/hardening/5.3.3_limit_password_reuse.sh
	renamed:    tests/hardening/9.2.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_cracklib.sh
	renamed:    tests/hardening/9.2.3_limit_password_reuse.sh -> tests/hardening/5.3.2_enable_lockout_failed_password.sh
	renamed:    tests/hardening/9.2.2_enable_lockout_failed_password.sh -> tests/hardening/5.3.3_limit_password_reuse.sh
2019-09-11 15:40:00 +02:00
Charles Herlin
124dde8254 Renum 9.1.x to 5.1.x cron checks
renamed:    bin/hardening/9.1.1_enable_cron.sh -> bin/hardening/5.1.1_enable_cron.sh
	renamed:    bin/hardening/9.1.2_crontab_perm_ownership.sh -> bin/hardening/5.1.2_crontab_perm_ownership.sh
	renamed:    bin/hardening/9.1.3_cron_hourly_perm_ownership.sh -> bin/hardening/5.1.3_cron_hourly_perm_ownership.sh
	renamed:    bin/hardening/9.1.4_cron_daily_perm_ownership.sh -> bin/hardening/5.1.4_cron_daily_perm_ownership.sh
	renamed:    bin/hardening/9.1.5_cron_weekly_perm_ownership.sh -> bin/hardening/5.1.5_cron_weekly_perm_ownership.sh
	renamed:    bin/hardening/9.1.6_cron_monthly_perm_ownership.sh -> bin/hardening/5.1.6_cron_monthly_perm_ownership.sh
	renamed:    bin/hardening/9.1.7_cron_d_perm_ownership.sh -> bin/hardening/5.1.7_cron_d_perm_ownership.sh
	renamed:    bin/hardening/9.1.8_cron_users.sh -> bin/hardening/5.1.8_cron_users.sh
	renamed:    tests/hardening/9.1.8_cron_users.sh -> tests/hardening/5.1.1_enable_cron.sh
	renamed:    tests/hardening/9.1.7_cron_d_perm_ownership.sh -> tests/hardening/5.1.2_crontab_perm_ownership.sh
	renamed:    tests/hardening/9.1.6_cron_monthly_perm_ownership.sh -> tests/hardening/5.1.3_cron_hourly_perm_ownership.sh
	renamed:    tests/hardening/9.1.5_cron_weekly_perm_ownership.sh -> tests/hardening/5.1.4_cron_daily_perm_ownership.sh
	renamed:    tests/hardening/9.1.4_cron_daily_perm_ownership.sh -> tests/hardening/5.1.5_cron_weekly_perm_ownership.sh
	renamed:    tests/hardening/9.1.3_cron_hourly_perm_ownership.sh -> tests/hardening/5.1.6_cron_monthly_perm_ownership.sh
	renamed:    tests/hardening/9.1.2_crontab_perm_ownership.sh -> tests/hardening/5.1.7_cron_d_perm_ownership.sh
	renamed:    tests/hardening/9.1.1_enable_cron.sh -> tests/hardening/5.1.8_cron_users.sh
2019-09-11 12:16:50 +02:00
Charles Herlin
65f92a7556 Renum 8.2.x to 4.2.2.x for syslog-ng
renamed:    bin/hardening/8.2.2_enable_syslog-ng.sh -> bin/hardening/4.2.2.1_enable_syslog-ng.sh
	renamed:    bin/hardening/8.2.3_configure_syslog-ng.sh -> bin/hardening/4.2.2.2_configure_syslog-ng.sh
	new file:   bin/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh
	renamed:    bin/hardening/8.2.5_syslog-ng_remote_host.sh -> bin/hardening/4.2.2.4_syslog-ng_remote_host.sh
	renamed:    bin/hardening/8.2.6_remote_syslog-ng_acl.sh -> bin/hardening/4.2.2.5_remote_syslog-ng_acl.sh
	renamed:    tests/hardening/8.2.6_remote_syslog-ng_acl.sh -> tests/hardening/4.2.2.1_enable_syslog-ng.sh
	renamed:    tests/hardening/8.2.3_configure_syslog-ng.sh -> tests/hardening/4.2.2.2_configure_syslog-ng.sh
	renamed:    tests/hardening/8.2.2_enable_syslog-ng.sh -> tests/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh
	renamed:    tests/hardening/8.2.5_syslog-ng_remote_host.sh -> tests/hardening/4.2.2.4_syslog-ng_remote_host.sh
	new file:   tests/hardening/4.2.2.5_remote_syslog-ng_acl.sh
2019-09-11 11:52:24 +02:00
Charles Herlin
00dd3ef591 Renum 8.1.x auditing configuration
renamed:    bin/hardening/8.1.1.1_audit_log_storage.sh -> bin/hardening/4.1.1.1_audit_log_storage.sh
	renamed:    bin/hardening/8.1.1.2_halt_when_audit_log_full.sh -> bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
	renamed:    bin/hardening/8.1.1.3_keep_all_audit_logs.sh -> bin/hardening/4.1.1.3_keep_all_audit_logs.sh
	renamed:    bin/hardening/8.1.10_record_dac_edit.sh -> bin/hardening/4.1.10_record_dac_edit.sh
	renamed:    bin/hardening/8.1.11_record_failed_access_file.sh -> bin/hardening/4.1.11_record_failed_access_file.sh
	renamed:    bin/hardening/8.1.12_record_privileged_commands.sh -> bin/hardening/4.1.12_record_privileged_commands.sh
	renamed:    bin/hardening/8.1.13_record_successful_mount.sh -> bin/hardening/4.1.13_record_successful_mount.sh
	renamed:    bin/hardening/8.1.14_record_file_deletions.sh -> bin/hardening/4.1.14_record_file_deletions.sh
	renamed:    bin/hardening/8.1.15_record_sudoers_edit.sh -> bin/hardening/4.1.15_record_sudoers_edit.sh
	renamed:    bin/hardening/8.1.16_record_sudo_usage.sh -> bin/hardening/4.1.16_record_sudo_usage.sh
	renamed:    bin/hardening/8.1.17_record_kernel_modules.sh -> bin/hardening/4.1.17_record_kernel_modules.sh
	renamed:    bin/hardening/8.1.18_freeze_auditd_conf.sh -> bin/hardening/4.1.18_freeze_auditd_conf.sh
	renamed:    bin/hardening/8.1.2_enable_auditd.sh -> bin/hardening/4.1.2_enable_auditd.sh
	renamed:    bin/hardening/8.1.3_audit_bootloader.sh -> bin/hardening/4.1.3_audit_bootloader.sh
	renamed:    bin/hardening/8.1.4_record_date_time_edit.sh -> bin/hardening/4.1.4_record_date_time_edit.sh
	renamed:    bin/hardening/8.1.5_record_user_group_edit.sh -> bin/hardening/4.1.5_record_user_group_edit.sh
	renamed:    bin/hardening/8.1.6_record_network_edit.sh -> bin/hardening/4.1.6_record_network_edit.sh
	renamed:    bin/hardening/8.1.7_record_mac_edit.sh -> bin/hardening/4.1.7_record_mac_edit.sh
	renamed:    bin/hardening/8.1.8_record_login_logout.sh -> bin/hardening/4.1.8_record_login_logout.sh
	renamed:    bin/hardening/8.1.9_record_session_init.sh -> bin/hardening/4.1.9_record_session_init.sh
	renamed:    tests/hardening/8.1.9_record_session_init.sh -> tests/hardening/4.1.1.1_audit_log_storage.sh
	renamed:    tests/hardening/8.1.8_record_login_logout.sh -> tests/hardening/4.1.1.2_halt_when_audit_log_full.sh
	renamed:    tests/hardening/8.1.7_record_mac_edit.sh -> tests/hardening/4.1.1.3_keep_all_audit_logs.sh
	renamed:    tests/hardening/8.1.6_record_network_edit.sh -> tests/hardening/4.1.10_record_dac_edit.sh
	renamed:    tests/hardening/8.1.5_record_user_group_edit.sh -> tests/hardening/4.1.11_record_failed_access_file.sh
	renamed:    tests/hardening/8.1.4_record_date_time_edit.sh -> tests/hardening/4.1.12_record_privileged_commands.sh
	renamed:    tests/hardening/8.1.3_audit_bootloader.sh -> tests/hardening/4.1.13_record_successful_mount.sh
	renamed:    tests/hardening/8.1.2_enable_auditd.sh -> tests/hardening/4.1.14_record_file_deletions.sh
	renamed:    tests/hardening/8.1.18_freeze_auditd_conf.sh -> tests/hardening/4.1.15_record_sudoers_edit.sh
	renamed:    tests/hardening/8.1.17_record_kernel_modules.sh -> tests/hardening/4.1.16_record_sudo_usage.sh
	renamed:    tests/hardening/8.1.16_record_sudo_usage.sh -> tests/hardening/4.1.17_record_kernel_modules.sh
	renamed:    tests/hardening/8.1.15_record_sudoers_edit.sh -> tests/hardening/4.1.18_freeze_auditd_conf.sh
	renamed:    tests/hardening/8.1.14_record_file_deletions.sh -> tests/hardening/4.1.2_enable_auditd.sh
	renamed:    tests/hardening/8.1.13_record_successful_mount.sh -> tests/hardening/4.1.3_audit_bootloader.sh
	renamed:    tests/hardening/8.1.12_record_privileged_commands.sh -> tests/hardening/4.1.4_record_date_time_edit.sh
	renamed:    tests/hardening/8.1.11_record_failed_access_file.sh -> tests/hardening/4.1.5_record_user_group_edit.sh
	renamed:    tests/hardening/8.1.10_record_dac_edit.sh -> tests/hardening/4.1.6_record_network_edit.sh
	renamed:    tests/hardening/8.1.1.3_keep_all_audit_logs.sh -> tests/hardening/4.1.7_record_mac_edit.sh
	renamed:    tests/hardening/8.1.1.2_halt_when_audit_log_full.sh -> tests/hardening/4.1.8_record_login_logout.sh
	renamed:    tests/hardening/8.1.1.1_audit_log_storage.sh -> tests/hardening/4.1.9_record_session_init.sh
2019-09-09 16:45:54 +02:00
Charles Herlin
032aaa7c79 Renumber 7.5.x and 7.6
renamed:    bin/hardening/7.5.1_disable_dccp.sh -> bin/hardening/3.4.1_disable_dccp.sh
	renamed:    bin/hardening/7.5.2_disable_sctp.sh -> bin/hardening/3.4.2_disable_sctp.sh
	renamed:    bin/hardening/7.5.3_disable_rds.sh -> bin/hardening/3.4.3_disable_rds.sh
	renamed:    bin/hardening/7.5.4_disable_tipc.sh -> bin/hardening/3.4.4_disable_tipc.sh
	renamed:    bin/hardening/7.6_disable_wireless.sh -> bin/hardening/3.6_disable_wireless.sh
	renamed:    tests/hardening/7.6_disable_wireless.sh -> tests/hardening/3.4.1_disable_dccp.sh
	renamed:    tests/hardening/7.5.4_disable_tipc.sh -> tests/hardening/3.4.2_disable_sctp.sh
	renamed:    tests/hardening/7.5.3_disable_rds.sh -> tests/hardening/3.4.3_disable_rds.sh
	renamed:    tests/hardening/7.5.2_disable_sctp.sh -> tests/hardening/3.4.4_disable_tipc.sh
	renamed:    tests/hardening/7.5.1_disable_dccp.sh -> tests/hardening/3.6_disable_wireless.sh
2019-08-30 17:18:26 +02:00
Charles Herlin
68f9f56192 Renumber 7.4.x tcp wrappers
renamed:    bin/hardening/7.4.1_install_tcp_wrapper.sh -> bin/hardening/3.3.1_install_tcp_wrapper.sh
	renamed:    bin/hardening/7.4.2_hosts_allow.sh -> bin/hardening/3.3.2_hosts_allow.sh
	renamed:    bin/hardening/7.4.4_hosts_deny.sh -> bin/hardening/3.3.3_hosts_deny.sh
	renamed:    bin/hardening/7.4.3_hosts_allow_permissions.sh -> bin/hardening/3.3.4_hosts_allow_permissions.sh
	renamed:    bin/hardening/7.4.5_hosts_deny_permissions.sh -> bin/hardening/3.3.5_hosts_deny_permissions.sh
	renamed:    tests/hardening/7.4.5_hosts_deny_permissions.sh -> tests/hardening/3.3.1_install_tcp_wrapper.sh
	renamed:    tests/hardening/7.4.4_hosts_deny.sh -> tests/hardening/3.3.2_hosts_allow.sh
	renamed:    tests/hardening/7.4.3_hosts_allow_permissions.sh -> tests/hardening/3.3.3_hosts_deny.sh
	renamed:    tests/hardening/7.4.2_hosts_allow.sh -> tests/hardening/3.3.4_hosts_allow_permissions.sh
	renamed:    tests/hardening/7.4.1_install_tcp_wrapper.sh -> tests/hardening/3.3.5_hosts_deny_permissions.sh
2019-08-30 17:11:03 +02:00
Charles Herlin
c5674c3627 Renumber network params 7.1.x, 7.2.x and 7.3
renamed:    bin/hardening/7.1.1_disable_ip_forwarding.sh -> bin/hardening/3.1.1_disable_ip_forwarding.sh
	renamed:    bin/hardening/7.1.2_disable_send_packet_redirects.sh -> bin/hardening/3.1.2_disable_send_packet_redirects.sh
	renamed:    bin/hardening/7.2.1_disable_source_routed_packets.sh -> bin/hardening/3.2.1_disable_source_routed_packets.sh
	renamed:    bin/hardening/7.2.2_disable_icmp_redirect.sh -> bin/hardening/3.2.2_disable_icmp_redirect.sh
	renamed:    bin/hardening/7.2.3_disable_secure_icmp_redirect.sh -> bin/hardening/3.2.3_disable_secure_icmp_redirect.sh
	renamed:    bin/hardening/7.2.4_log_martian_packets.sh -> bin/hardening/3.2.4_log_martian_packets.sh
	renamed:    bin/hardening/7.2.5_ignore_broadcast_requests.sh -> bin/hardening/3.2.5_ignore_broadcast_requests.sh
	renamed:    bin/hardening/7.2.8_enable_tcp_syn_cookies.sh -> bin/hardening/3.2.8_enable_tcp_syn_cookies.sh
	renamed:    bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh -> bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh
	renamed:    bin/hardening/7.3.3_disable_ipv6.sh -> bin/hardening/3.7_disable_ipv6.sh
	deleted:    bin/hardening/7.2.6_enable_bad_error_message_protection.sh
	deleted:    bin/hardening/7.2.7_enable_source_route_validation.sh
	deleted:    bin/hardening/7.3.2_disable_ipv6_redirect.sh
	renamed:    tests/hardening/7.3.3_disable_ipv6.sh -> tests/hardening/3.1.1_disable_ip_forwarding.sh
	renamed:    tests/hardening/7.3.2_disable_ipv6_redirect.sh -> tests/hardening/3.1.2_disable_send_packet_redirects.sh
	renamed:    tests/hardening/7.3.1_disable_ipv6_router_advertisement.sh -> tests/hardening/3.2.1_disable_source_routed_packets.sh
	renamed:    tests/hardening/7.2.8_enable_tcp_syn_cookies.sh -> tests/hardening/3.2.2_disable_icmp_redirect.sh
	renamed:    tests/hardening/7.2.7_enable_source_route_validation.sh -> tests/hardening/3.2.3_disable_secure_icmp_redirect.sh
	renamed:    tests/hardening/7.2.6_enable_bad_error_message_protection.sh -> tests/hardening/3.2.4_log_martian_packets.sh
	renamed:    tests/hardening/7.2.5_ignore_broadcast_requests.sh -> tests/hardening/3.2.5_ignore_broadcast_requests.sh
	renamed:    tests/hardening/7.2.4_log_martian_packets.sh -> tests/hardening/3.2.8_enable_tcp_syn_cookies.sh
	renamed:    tests/hardening/7.2.3_disable_secure_icmp_redirect.sh -> tests/hardening/3.2.9_disable_ipv6_router_advertisement.sh
	renamed:    tests/hardening/7.2.2_disable_icmp_redirect.sh -> tests/hardening/3.7_disable_ipv6.sh
	deleted:    tests/hardening/7.1.1_disable_ip_forwarding.sh
	deleted:    tests/hardening/7.1.2_disable_send_packet_redirects.sh
	deleted:    tests/hardening/7.2.1_disable_source_routed_packets.sh
2019-08-30 14:14:29 +02:00
Charles Herlin
e205dc7481 Renumber special purpose services 6.x
new file:   bin/hardening/2.2.1.1_use_time_sync.sh
	renamed:    bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh
	new file:   bin/hardening/2.2.1.3_configure_chrony.sh
	renamed:    bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh
	renamed:    bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh
	renamed:    bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh
	renamed:    bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh
	renamed:    bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh
	renamed:    bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh
	renamed:    bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh
	renamed:    bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh
	renamed:    bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh
	renamed:    bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh
	renamed:    bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh
	renamed:    bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh
	renamed:    bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh
	renamed:    bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh
	deleted:    bin/hardening/6.3_disable_print_server.sh
	new file:   tests/hardening/2.2.1.1_use_time_sync.sh
	renamed:    tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh
	renamed:    tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh
	renamed:    tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh
	renamed:    tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh
	renamed:    tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh
	renamed:    tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh
	renamed:    tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh
	renamed:    tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh
	renamed:    tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh
	renamed:    tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh
	renamed:    tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh
	renamed:    tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh
	renamed:    tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh
	renamed:    tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh
	renamed:    tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh
	renamed:    tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
Charles Herlin
fbdf3b72ed Renumbering OS services checks and removing obsolete ones
new file:   bin/hardening/2.1.1_disable_xinetd.sh
	renamed:    bin/hardening/5.1.8_disable_inetd.sh -> bin/hardening/2.1.2_disable_bsd_inetd.sh
	renamed:    bin/hardening/5.1.1_disable_nis.sh -> bin/hardening/2.3.1_disable_nis.sh
	renamed:    bin/hardening/5.1.3_disable_rsh_client.sh -> bin/hardening/2.3.2_disable_rsh_client.sh
	renamed:    bin/hardening/5.1.5_disable_talk_client.sh -> bin/hardening/2.3.3_disable_talk_client.sh
	deleted:    bin/hardening/5.1.2_disable_rsh.sh
	deleted:    bin/hardening/5.1.4_disable_talk.sh
	deleted:    bin/hardening/5.1.6_disable_telnet_server.sh
	deleted:    bin/hardening/5.1.7_disable_tftp_server.sh
	deleted:    bin/hardening/5.2_disable_chargen.sh
	deleted:    bin/hardening/5.3_disable_daytime.sh
	deleted:    bin/hardening/5.4_disable_echo.sh
	deleted:    bin/hardening/5.5_disable_discard.sh
	deleted:    bin/hardening/5.6_disable_time.sh
	renamed:    tests/hardening/5.6_disable_time.sh -> tests/hardening/2.1.1_disable_xinetd.sh
	renamed:    tests/hardening/5.5_disable_discard.sh -> tests/hardening/2.3.1_disable_nis.sh
	renamed:    tests/hardening/5.4_disable_echo.sh -> tests/hardening/2.3.2_disable_rsh_client.sh
	renamed:    tests/hardening/5.3_disable_daytime.sh -> tests/hardening/2.3.3_disable_talk_client.sh
	deleted:    tests/hardening/5.1.1_disable_nis.sh
	deleted:    tests/hardening/5.1.2_disable_rsh.sh
	deleted:    tests/hardening/5.1.3_disable_rsh_client.sh
	deleted:    tests/hardening/5.1.4_disable_talk.sh
	deleted:    tests/hardening/5.1.5_disable_talk_client.sh
	deleted:    tests/hardening/5.1.6_disable_telnet_server.sh
	deleted:    tests/hardening/5.1.7_disable_tftp_server.sh
	deleted:    tests/hardening/5.1.8_disable_inetd.sh
	deleted:    tests/hardening/5.2_disable_chargen.sh
2019-08-29 10:33:23 +02:00
Charles Herlin
6365f58b4c Renumbering 4.x checks
renamed:    4.1_restrict_core_dumps.sh -> 1.5.1_restrict_core_dumps.sh
	renamed:    4.2_enable_nx_support.sh -> 1.5.2_enable_nx_support.sh
	renamed:    4.3_enable_randomized_vm_placement.sh -> 1.5.3_enable_randomized_vm_placement.sh
	renamed:    4.4_disable_prelink.sh -> 1.5.4_disable_prelink.sh
	renamed:    ../../tests/hardening/4.4_disable_prelink.sh -> ../../tests/hardening/1.5.1_restrict_core_dumps.sh
	renamed:    ../../tests/hardening/4.3_enable_randomized_vm_placement.sh -> ../../tests/hardening/1.5.2_enable_nx_support.sh
	renamed:    ../../tests/hardening/4.2_enable_nx_support.sh -> ../../tests/hardening/1.5.3_enable_randomized_vm_placement.sh
	renamed:    ../../tests/hardening/4.1_restrict_core_dumps.sh -> ../../tests/hardening/1.5.4_disable_prelink.sh
2019-08-28 17:26:27 +02:00
Charles Herlin
fe25b1ba38 Renumbering of bootloader checks
renamed:    3.1_bootloader_ownership.sh -> 1.4.1_bootloader_ownership.sh
	renamed:    3.3_bootloader_password.sh -> 1.4.2_bootloader_password.sh
	renamed:    3.4_root_password.sh -> 1.4.3_root_password.sh
	deleted:    3.2_bootloader_permissions.sh
	renamed:    ../../tests/hardening/3.4_root_password.sh -> ../../tests/hardening/1.4.1_bootloader_ownership.sh
	renamed:    ../../tests/hardening/3.3_bootloader_password.sh -> ../../tests/hardening/1.4.2_bootloader_password.sh
	renamed:    ../../tests/hardening/3.1_bootloader_ownership.sh -> ../../tests/hardening/1.4.3_root_password.sh
2019-08-28 17:19:59 +02:00
Charles Herlin
0b85d16c16 First batch of renaming to comply to comply to 8v2 and 9 pdf
renamed:    2.19_disable_freevxfs.sh -> 1.1.1.1_disable_freevxfs.sh
	renamed:    2.20_disable_jffs2.sh -> 1.1.1.2_disable_jffs2.sh
	renamed:    2.21_disable_hfs.sh -> 1.1.1.3_disable_hfs.sh
	renamed:    2.22_disable_hfsplus.sh -> 1.1.1.4_disable_hfsplus.sh
	renamed:    2.24_disable_udf.sh -> 1.1.1.5_disable_udf.sh
	renamed:    2.7_var_log_partition.sh -> 1.1.11_var_log_partition.sh
	renamed:    2.8_var_log_audit_partition.sh -> 1.1.12_var_log_audit_partition.sh
	renamed:    2.9_home_partition.sh -> 1.1.13_home_partition.sh
	renamed:    2.10_home_nodev.sh -> 1.1.14_home_nodev.sh
	renamed:    2.14_run_shm_nodev.sh -> 1.1.15_run_shm_nodev.sh
	renamed:    2.15_run_shm_nosuid.sh -> 1.1.16_run_shm_nosuid.sh
	renamed:    2.16_run_shm_noexec.sh -> 1.1.17_run_shm_noexec.sh
	renamed:    2.11_removable_device_nodev.sh -> 1.1.18_removable_device_nodev.sh
	renamed:    2.13_removable_device_nosuid.sh -> 1.1.19_removable_device_nosuid.sh
	renamed:    2.12_removable_device_noexec.sh -> 1.1.20_removable_device_noexec.sh
	renamed:    2.17_sticky_bit_world_writable_folder.sh -> 1.1.21_sticky_bit_world_writable_folder.sh
	renamed:    2.25_disable_automounting.sh -> 1.1.22_disable_automounting.sh
	renamed:    2.1_tmp_partition.sh -> 1.1.2_tmp_partition.sh
	renamed:    2.2_tmp_nodev.sh -> 1.1.3_tmp_nodev.sh
	renamed:    2.3_tmp_nosuid.sh -> 1.1.4_tmp_nosuid.sh
	renamed:    2.4_tmp_noexec.sh -> 1.1.5_tmp_noexec.sh
	renamed:    2.5_var_partition.sh -> 1.1.6_var_partition.sh
	renamed:    1.1_install_updates.sh -> 1.8_install_updates.sh
2019-08-27 15:30:47 +02:00
Thibault Ayanides
88e3a515ef 5.2.17_sshd_login_grace_time 2020-10-05 17:26:13 +02:00
Thibault Ayanides
55c1cdbdde 5.2.3_ssh_host_public_keys_perm_ownership 2020-10-05 17:05:47 +02:00
Thibault Ayanides
6f5d714b55 5.2.2_ssh_host_private_keys_perm_ownership 2020-10-05 17:05:26 +02:00
Thibault Ayanides
d6e5803252 4.2.4_logs_permissions 2020-10-05 13:17:44 +02:00
Thibault Ayanides
922f28c200 4.2.3_install_syslog-ng 2020-09-30 17:03:10 +02:00
Charles Herlin
5a1a70bbd3 FIX(test/10.2): backup and restore /etc/passwd after test 2019-08-28 12:30:13 +02:00
Charles Herlin
a4969e6ba6 IMP(99.3.1): improve check with disabled passwords 2019-08-28 11:49:01 +02:00
Charles Herlin
96f3b74334 FIX(10.2): improve test to check multiple login shells
fix IFS bug
add test
2019-08-28 11:47:49 +02:00
Charles Herlin
1ec77dbb56 FIX(13.15): fix code that did not show duplicated group
Add tests
Apply shellcheck recommendations
2019-03-28 17:51:02 +01:00
Charles Herlin
8f87d75293 FIX(99.5.4): fix regex to allow other authkey options than "from" 2019-03-15 18:17:48 +01:00
Charles Herlin
02673826a0 FIX(8.2.x): fix grep and find in audit scripts 2019-03-18 16:19:05 +01:00
Charles Herlin
be1ad3e581 IMP(99.5.4): add conf to check only listed users 2019-03-05 10:49:45 +01:00
Charles Herlin
9ada868f43 IMP(8.2.4): add exceptions in check and apply
Apply shellcheck recommendations
2019-03-01 12:12:42 +01:00