Thibault Ayanides
0204bb0942
IMP(shellcheck): fix docker shellcheck with new options
2020-12-21 11:43:02 +01:00
Thibault Ayanides
6e0b47ab8f
Rename files, fix permissions of tests
2020-12-21 11:21:32 +01:00
Thibault Ayanides
a2adf0f15c
ADD(6.1.3, 6.1.6-9): add new checks
...
Renamed some checks, add new checks that check permissions and ownership on /etc/passwd, /etc/shadow, ...
Add new function in utils that checks that check that the file ownership is one of the authrized ownership.
renamed: bin/hardening/6.1.5_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
new file: bin/hardening/6.1.3_etc_gshadow-_permissions.sh
renamed: bin/hardening/6.1.6_etc_shadow_permissions.sh -> bin/hardening/6.1.4_etc_shadow_permissions.sh
renamed: bin/hardening/6.1.7_etc_group_permissions.sh -> bin/hardening/6.1.5_etc_group_permissions.sh
new file: bin/hardening/6.1.6_etc_passwd-_permissions.sh
new file: bin/hardening/6.1.7_etc_shadow-_permissions.sh
new file: bin/hardening/6.1.8_etc_group-_permissions.sh
new file: bin/hardening/6.1.9_etc_gshadow_permissions.sh
modified: lib/utils.sh
renamed: tests/hardening/6.1.5_etc_passwd_permissions.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
new file: tests/hardening/6.1.3_etc_gshadow-_permissions.sh
renamed: tests/hardening/6.1.6_etc_shadow_permissions.sh -> tests/hardening/6.1.4_etc_shadow_permissions.sh
renamed: tests/hardening/6.1.7_etc_group_permissions.sh -> tests/hardening/6.1.5_etc_group_permissions.sh
new file: tests/hardening/6.1.6_etc_passwd-_permissions.sh
new file: tests/hardening/6.1.7_etc_shadow-_permissions.sh
new file: tests/hardening/6.1.8_etc_group-_permissions.sh
new file: tests/hardening/6.1.9_etc_gshadow_permissions.sh
2020-12-21 10:02:52 +01:00
Thibault Ayanides
99ac9339f4
IMP: change apt in apt-get
2020-12-07 17:16:19 +01:00
Thibault Ayanides
8012234096
IMP(shellcheck): fix harmless warnings
2020-12-07 14:53:10 +01:00
Thibault Ayanides
addd48c4dd
IMP(shellcheck): add prefix to follow scripts (SC1090)
2020-12-07 13:26:51 +01:00
Thibault Ayanides
d371b8d057
IMP(shellcheck): replace ! -z by -n (SC2236)
2020-12-04 15:14:18 +01:00
Thibault Ayanides
3a342b784a
IMP(shfmt): add shell formatter
2020-12-04 14:08:01 +01:00
Thibault Ayanides
bc1aa65b91
IMP(shellcheck): quote variable in tests (SC2086)
2020-11-30 13:05:41 +01:00
Thibault Ayanides
4add6ddc33
IMP(shellcheck): add prefix to define shell (SC2148)
2020-11-27 09:22:47 +01:00
Thibault Ayanides
d244a2e810
fixup! IMP(4.5): rename to 1.6.1.2 improve test
2020-11-17 12:56:10 +01:00
Thibault Ayanides
84bff4ac88
fixup! Move to most recent docker image for buster
2020-11-16 17:07:08 +01:00
Thibault Ayanides
d640a467e2
fixup! IMP(4.1.x): add tests for each checks
2020-11-16 16:54:51 +01:00
Thibault Ayanides
7b8cca20d6
FIX(4.1.1.2): fix auditd apply
2020-11-09 11:48:48 +01:00
Thibault Ayanides
a6de243808
Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant
2020-11-09 09:00:34 +01:00
Thibault Ayanides
7e8c976722
Add disclaimer when checks don't require comprehensive checks
...
modified: tests/hardening/1.1.1.1_disable_freevxfs.sh
modified: tests/hardening/1.1.1.2_disable_jffs2.sh
modified: tests/hardening/1.1.1.3_disable_hfs.sh
modified: tests/hardening/1.1.1.4_disable_hfsplus.sh
modified: tests/hardening/1.1.1.5_disable_udf.sh
modified: tests/hardening/1.1.1.6_disable_cramfs.sh
modified: tests/hardening/1.1.1.7_disable_squashfs.sh
modified: tests/hardening/1.1.10_var_tmp_noexec.sh
modified: tests/hardening/1.1.11_var_log_partition.sh
modified: tests/hardening/1.1.12_var_log_audit_partition.sh
modified: tests/hardening/1.1.13_home_partition.sh
modified: tests/hardening/1.1.14_home_nodev.sh
modified: tests/hardening/1.1.18_removable_device_nodev.sh
modified: tests/hardening/1.1.19_removable_device_nosuid.sh
modified: tests/hardening/1.1.20_removable_device_noexec.sh
modified: tests/hardening/1.1.2_tmp_partition.sh
modified: tests/hardening/1.1.3_tmp_nodev.sh
modified: tests/hardening/1.1.4_tmp_nosuid.sh
modified: tests/hardening/1.1.5_tmp_noexec.sh
modified: tests/hardening/1.1.6_var_partition.sh
modified: tests/hardening/1.1.7_var_tmp_partition.sh
modified: tests/hardening/1.1.8_var_tmp_nodev.sh
modified: tests/hardening/1.1.9_var_tmp_nosuid.sh
modified: tests/hardening/1.8_install_updates.sh
modified: tests/hardening/2.2.10_disable_http_server.sh
modified: tests/hardening/2.2.11_disable_imap_pop.sh
modified: tests/hardening/2.2.12_disable_samba.sh
modified: tests/hardening/2.2.13_disable_http_proxy.sh
modified: tests/hardening/2.2.14_disable_snmp_server.sh
modified: tests/hardening/2.2.2_disable_xwindow_system.sh
modified: tests/hardening/2.2.3_disable_avahi_server.sh
modified: tests/hardening/2.2.4_disable_print_server.sh
modified: tests/hardening/2.2.5_disable_dhcp.sh
modified: tests/hardening/2.2.6_disable_ldap.sh
modified: tests/hardening/2.2.7_disable_nfs_rpc.sh
modified: tests/hardening/2.2.8_disable_dns_server.sh
modified: tests/hardening/2.2.9_disable_ftp.sh
modified: tests/hardening/2.3.1_disable_nis.sh
modified: tests/hardening/2.3.2_disable_rsh_client.sh
modified: tests/hardening/2.3.3_disable_talk_client.sh
modified: tests/hardening/2.3.4_telnet_client_not_installed.sh
modified: tests/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 16:20:10 +01:00
Thibault Ayanides
ce1e87b1a3
IMP(4.5): rename to 1.6.1.2 improve test
2020-11-06 11:09:22 +01:00
Thibault Ayanides
b5865947ba
Move to most recent docker image for buster
2020-11-06 10:11:46 +01:00
Thibault Ayanides
ee4b2417c2
IMP(4.1.x): add tests for each checks
2020-11-02 15:47:27 +01:00
Thibault Ayanides
5568065c35
IMP(4.1.3): skip on docker (bootloader)
2020-11-02 15:46:45 +01:00
Thibault Ayanides
91a2824246
IMP(5.6): add test
2020-10-30 09:48:36 +01:00
Thibault Ayanides
47f8b7b677
IMP(5.4.4): add test
2020-10-30 09:48:27 +01:00
Thibault Ayanides
728011f846
IMP(5.4.3): add purposely failing test
2020-10-30 09:40:28 +01:00
Thibault Ayanides
17e43753b9
IMP(5.4.1.1-3): add tests and rename some variables
2020-10-30 09:39:42 +01:00
Thibault Ayanides
8af91dd6a8
IMP(5.3.1,5.3.2): add tests and upgrade PAM conf
2020-10-29 16:45:15 +01:00
Thibault Ayanides
feefee28e4
IMP(5.3.1): add test and config function for check
2020-10-29 15:35:56 +01:00
Thibault Ayanides
774af39a34
IMP(5.2.x): add tests and default_config
...
I added tests from 5.2.4 to 5.2.19 and default_config files in the
checks. This checks concern sshd conf (ciphers, mac, rootlogin, ...)
modifié : bin/hardening/5.2.4_sshd_protocol.sh
modifié : bin/hardening/5.2.6_disable_x11_forwarding.sh
modifié : bin/hardening/5.2.7_sshd_maxauthtries.sh
modifié : bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
modifié : bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
modifié : bin/hardening/5.2.10_disable_root_login.sh
modifié : bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
modifié : bin/hardening/5.2.12_disable_sshd_setenv.sh
modifié : bin/hardening/5.2.13_sshd_ciphers.sh
modifié : bin/hardening/5.2.16_sshd_idle_timeout.sh
modifié : bin/hardening/5.2.17_sshd_login_grace_time.sh
modifié : tests/hardening/5.2.4_sshd_protocol.sh
modifié : tests/hardening/5.2.5_sshd_loglevel.sh
modifié : tests/hardening/5.2.6_disable_x11_forwarding.sh
modifié : tests/hardening/5.2.7_sshd_maxauthtries.sh
modifié : tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
modifié : tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
modifié : tests/hardening/5.2.10_disable_root_login.sh
modifié : tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
modifié : tests/hardening/5.2.12_disable_sshd_setenv.sh
modifié : tests/hardening/5.2.13_sshd_ciphers.sh
modifié : tests/hardening/5.2.16_sshd_idle_timeout.sh
modifié : tests/hardening/5.2.17_sshd_login_grace_time.sh
modifié : tests/hardening/5.2.18_sshd_limit_access.sh
modifié : tests/hardening/5.2.19_ssh_banner.sh
2020-10-29 11:18:31 +01:00
Thibault
3c7a03445c
FIX(3.1.1): fix unbound variable issue
2020-11-12 10:15:41 +01:00
Thibault Ayanides
03c8e25ff3
FIX(99.5.4): fix test (permission denied on authorized_keys)
2020-11-05 15:05:12 +01:00
Thibault Ayanides
7b73eac6d6
FIX: fix test for CDS
2020-11-05 14:24:57 +01:00
Thibault Ayanides
67649ec407
IMP: dismiss for count some tests on blank host
2020-11-05 12:06:14 +01:00
Thibault Ayanides
fe568561bf
IMP: Better cleanup after tests
2020-11-05 10:13:14 +01:00
Thibault Ayanides
6aae84f4b2
FIX(2.3.18): Re-add telnet server check
...
Renaming for 2.3.4 anbd 2.3.5 to have naming consistency.
nouveau fichier : bin/hardening/2.2.18_disable_telnet_server.sh
renommé : bin/hardening/2.3.4_telnet_client_not_installed.sh -> bin/hardening/2.3.4_disable_telnet_client.sh
renommé : bin/hardening/2.3.5_ldap_client_not_installed.sh -> bin/hardening/2.3.5_disable_ldap_client.sh
renommé : tests/hardening/2.3.4_telnet_client_not_installed.sh -> tests/hardening/2.2.18_disable_telnet_server.sh
renommé : tests/hardening/2.3.5_ldap_client_not_installed.sh -> tests/hardening/2.3.4_disable_telnet_client.sh
nouveau fichier : tests/hardening/2.3.5_disable_ldap_client.sh
2020-11-03 09:38:13 +01:00
Thibault Ayanides
26c119c4a1
ADD(3.2.7): add check mysteriously deleted during renaming
2020-10-30 16:09:25 +01:00
Thibault Ayanides
aff5d708e8
ADD(3.2.6): add check mysteriously deleted during renaming
2020-10-30 16:09:21 +01:00
Thibault Ayanides
b266982a3c
ADD(6.2.7): add check mysteriously deleted during renaming
2020-10-30 16:01:18 +01:00
Thibault Ayanides
258da6b4a1
CLEAN(4.2.2): delete 4.2.2, duplicate with 4.2.3
2020-10-30 14:40:48 +01:00
Thibault Ayanides
ab712b4a6c
IMP(5.2.1,5.2.2,5.2.3): add purposely failing tests
2020-10-28 09:09:30 +01:00
Thibault Ayanides
2559dd82cb
IMP(5.1.8): add purposely failing tests
2020-10-27 16:44:14 +01:00
Thibault Ayanides
b33ab3d9bf
IMP(5.1.2-5.1.7): add purposely failing tests
2020-10-27 16:16:23 +01:00
Thibault Ayanides
67badc0ed1
FIX(2.2.15): add netstat docker images
2020-10-27 16:01:20 +01:00
Thibault Ayanides
7a09e0fb9a
IMP(99.2): skip on docker
2020-10-27 16:00:02 +01:00
Thibault Ayanides
5d16ee5c98
IMP(1.1.21): skip on docker
2020-10-27 15:34:32 +01:00
Thibault Ayanides
4680465095
IMP(1.4.1,1.4.2,1.4.3): skip on docker
2020-10-27 15:12:09 +01:00
Thibault Ayanides
027552f364
IMP(8.0): skip on docker
2020-10-27 15:07:32 +01:00
Thibault Ayanides
a0df6837ea
IMP(1.5.1): skip this test on docker
2020-10-27 14:29:13 +01:00
Thibault Ayanides
97bb1927c3
IMP(1.1.1.X): skip this tests on docker
2020-10-27 11:25:18 +01:00
Thibault Ayanides
fec0ac159c
IMP(6.2.18,6.2.19,6.2.20): add purposely failing tests
2020-10-27 11:24:40 +01:00
Thibault Ayanides
f89a864b33
IMP(6.2.15): add purposely failing tests
2020-10-27 11:06:27 +01:00
Thibault Ayanides
5ea053a502
IMP(6.2.12,6.2.13): add purposely failing tests
2020-10-27 11:04:55 +01:00
Thibault Ayanides
58277716c7
IMP(6.2.11,6.2.14): add purposely failing tests
2020-10-27 11:04:33 +01:00
Thibault Ayanides
912718a014
IMP(6.2.10): add purposely failing tests
2020-10-27 10:01:29 +01:00
Thibault Ayanides
01d02b5d5c
IMP(6.2.8): add purposely failing tests
2020-10-27 09:34:06 +01:00
Thibault Ayanides
bb266ebe4a
IMP(6.2.6): add purposely failing tests
2020-10-27 09:17:57 +01:00
Thibault Ayanides
1e64a14299
IMP(6.2.2,6.2.3,6.2.4): add purposely failing tests
2020-10-26 14:46:42 +01:00
Thibault Ayanides
7ab41f7b88
IMP(6.2.1): add purposely failing tests
2020-10-26 12:52:29 +01:00
Thibault Ayanides
a0796af547
IMP(6.1.2,6.1.3,6.1.4): add purposely failing tests
2020-10-26 11:48:02 +01:00
Thibault Ayanides
990f191111
CLEAN: rename 2.18, 2.23
2020-10-26 11:05:37 +01:00
Thibault Ayanides
f82712203d
CLEAN: rename 7.7
2020-10-26 11:00:55 +01:00
Thibault Ayanides
e2616b024d
CLEAN: Remove 13.13 (duplicate with 6.2.9)
2020-10-26 10:55:12 +01:00
Thibault Ayanides
36d55a6f79
CLEAN: Remove old checks (3.2, 8.2.4)
2020-10-26 10:48:08 +01:00
Thibault Ayanides
e1846ebd4c
CLEAN: Rename 1.7.1.4, 8.2.1
2020-10-26 10:40:48 +01:00
Thibault Ayanides
bb9f60a939
IMP(12.7): test is automatically skipped on docker
2020-10-26 08:51:50 +01:00
Charles Herlin
c0e9b96ffc
FIX: change name to fit check content (cracklib -> pwquality)
...
renamed: bin/hardening/5.3.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_pwquality.sh
renamed: tests/hardening/5.3.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_pwquality.sh
2019-10-30 15:40:15 +01:00
Charles Herlin
d91fdbf84b
Add missing tests CUPS, telnet and LDAP
...
new file: bin/hardening/2.2.4_disable_print_server.sh
new file: bin/hardening/2.3.4_telnet_client_not_installed.sh
new file: bin/hardening/2.3.5_ldap_client_not_installed.sh
new file: tests/hardening/2.2.4_disable_print_server.sh
new file: tests/hardening/2.3.4_telnet_client_not_installed.sh
new file: tests/hardening/2.3.5_ldap_client_not_installed.sh
2019-10-21 14:45:25 +02:00
Charles Herlin
2b60594a06
Renum 2.6.x to 1.1.x for /var/tmp
...
renamed: bin/hardening/2.6.4_var_tmp_noexec.sh -> bin/hardening/1.1.10_var_tmp_noexec.sh
renamed: bin/hardening/2.6.1_var_tmp_partition.sh -> bin/hardening/1.1.7_var_tmp_partition.sh
renamed: bin/hardening/2.6.2_var_tmp_nodev.sh -> bin/hardening/1.1.8_var_tmp_nodev.sh
renamed: bin/hardening/2.6.3_var_tmp_nosuid.sh -> bin/hardening/1.1.9_var_tmp_nosuid.sh
renamed: tests/hardening/2.6.4_var_tmp_noexec.sh -> tests/hardening/1.1.10_var_tmp_noexec.sh
renamed: tests/hardening/2.6.3_var_tmp_nosuid.sh -> tests/hardening/1.1.7_var_tmp_partition.sh
renamed: tests/hardening/2.6.2_var_tmp_nodev.sh -> tests/hardening/1.1.8_var_tmp_nodev.sh
renamed: tests/hardening/2.6.1_var_tmp_partition.sh -> tests/hardening/1.1.9_var_tmp_nosuid.sh
2019-10-21 12:21:22 +02:00
Charles Herlin
d6dae89966
Renum logrotate config 8.4 to 4.3
...
renamed: 8.4_configure_logrotate.sh -> 4.3_configure_logrotate.sh
renamed: ../../tests/hardening/8.4_configure_logrotate.sh -> ../../tests/hardening/4.3_configure_logrotate.sh
2019-10-18 17:32:41 +02:00
Charles Herlin
80b97940fa
Renumbering custom 99.* scripts as newcomers to CIS benchmark
...
renamed: bin/hardening/99.4_net_fw_default_policy_drop.sh -> bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh
renamed: bin/hardening/99.3.3_acc_pam_sha512.sh -> bin/hardening/5.3.4_acc_pam_sha512.sh
renamed: tests/hardening/99.4_net_fw_default_policy_drop.sh -> tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh
renamed: tests/hardening/99.3.3_acc_pam_sha512.sh -> tests/hardening/5.3.4_acc_pam_sha512.sh
2019-10-18 17:26:31 +02:00
Charles Herlin
609444a47f
Renum User and Groups settings 13.x to 6.2.x
...
renamed: bin/hardening/13.8_check_user_dot_file_perm.sh -> bin/hardening/6.2.10_check_user_dot_file_perm.sh
renamed: bin/hardening/13.19_find_user_forward_files.sh -> bin/hardening/6.2.11_find_user_forward_files.sh
renamed: bin/hardening/13.18_find_user_netrc_files.sh -> bin/hardening/6.2.12_find_user_netrc_files.sh
renamed: bin/hardening/13.9_set_perm_on_user_netrc.sh -> bin/hardening/6.2.13_set_perm_on_user_netrc.sh
renamed: bin/hardening/13.10_find_user_rhosts_files.sh -> bin/hardening/6.2.14_find_user_rhosts_files.sh
renamed: bin/hardening/13.11_find_passwd_group_inconsistencies.sh -> bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
renamed: bin/hardening/13.14_check_duplicate_uid.sh -> bin/hardening/6.2.16_check_duplicate_uid.sh
renamed: bin/hardening/13.15_check_duplicate_gid.sh -> bin/hardening/6.2.17_check_duplicate_gid.sh
renamed: bin/hardening/13.16_check_duplicate_username.sh -> bin/hardening/6.2.18_check_duplicate_username.sh
renamed: bin/hardening/13.17_check_duplicate_groupname.sh -> bin/hardening/6.2.19_check_duplicate_groupname.sh
renamed: bin/hardening/13.1_remove_empty_password_field.sh -> bin/hardening/6.2.1_remove_empty_password_field.sh
renamed: bin/hardening/13.20_shadow_group_empty.sh -> bin/hardening/6.2.20_shadow_group_empty.sh
renamed: bin/hardening/13.2_remove_legacy_passwd_entries.sh -> bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
renamed: bin/hardening/13.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
renamed: bin/hardening/13.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.4_remove_legacy_group_entries.sh
renamed: bin/hardening/13.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.5_find_0_uid_non_root_account.sh
renamed: bin/hardening/13.6_sanitize_root_path.sh -> bin/hardening/6.2.6_sanitize_root_path.sh
renamed: bin/hardening/13.7_check_user_dir_perm.sh -> bin/hardening/6.2.8_check_user_dir_perm.sh
renamed: bin/hardening/13.12_users_valid_homedir.sh -> bin/hardening/6.2.9_users_valid_homedir.sh
renamed: tests/hardening/13.9_set_perm_on_user_netrc.sh -> tests/hardening/6.2.10_check_user_dot_file_perm.sh
renamed: tests/hardening/13.8_check_user_dot_file_perm.sh -> tests/hardening/6.2.11_find_user_forward_files.sh
renamed: tests/hardening/13.7_check_user_dir_perm.sh -> tests/hardening/6.2.12_find_user_netrc_files.sh
renamed: tests/hardening/13.6_sanitize_root_path.sh -> tests/hardening/6.2.13_set_perm_on_user_netrc.sh
renamed: tests/hardening/13.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh
renamed: tests/hardening/13.14_check_duplicate_uid.sh -> tests/hardening/6.2.16_check_duplicate_uid.sh
renamed: tests/hardening/13.15_check_duplicate_gid.sh -> tests/hardening/6.2.17_check_duplicate_gid.sh
renamed: tests/hardening/13.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.18_check_duplicate_username.sh
renamed: tests/hardening/13.2_remove_legacy_passwd_entries.sh -> tests/hardening/6.2.19_check_duplicate_groupname.sh
renamed: tests/hardening/13.20_shadow_group_empty.sh -> tests/hardening/6.2.1_remove_empty_password_field.sh
renamed: tests/hardening/13.1_remove_empty_password_field.sh -> tests/hardening/6.2.20_shadow_group_empty.sh
renamed: tests/hardening/13.19_find_user_forward_files.sh -> tests/hardening/6.2.2_remove_legacy_passwd_entries.sh
renamed: tests/hardening/13.18_find_user_netrc_files.sh -> tests/hardening/6.2.3_remove_legacy_shadow_entries.sh
renamed: tests/hardening/13.17_check_duplicate_groupname.sh -> tests/hardening/6.2.4_remove_legacy_group_entries.sh
renamed: tests/hardening/13.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.5_find_0_uid_non_root_account.sh
renamed: tests/hardening/13.16_check_duplicate_username.sh -> tests/hardening/6.2.6_sanitize_root_path.sh
renamed: tests/hardening/13.12_users_valid_homedir.sh -> tests/hardening/6.2.8_check_user_dir_perm.sh
renamed: tests/hardening/13.11_find_passwd_group_inconsistencies.sh -> tests/hardening/6.2.9_users_valid_homedir.sh
2019-09-12 17:43:12 +02:00
Charles Herlin
440aeaf45f
Renum 12.x checks to 6.1.x Verify_System_File_Permissions
...
modified: bin/hardening/12.4_etc_passwd_ownership.sh
modified: bin/hardening/12.5_etc_shadow_ownership.sh
modified: bin/hardening/12.6_etc_group_ownership.sh
renamed: bin/hardening/12.7_find_world_writable_file.sh -> bin/hardening/6.1.10_find_world_writable_file.sh
renamed: bin/hardening/12.8_find_unowned_files.sh -> bin/hardening/6.1.11_find_unowned_files.sh
renamed: bin/hardening/12.9_find_ungrouped_files.sh -> bin/hardening/6.1.12_find_ungrouped_files.sh
renamed: bin/hardening/12.10_find_suid_files.sh -> bin/hardening/6.1.13_find_suid_files.sh
renamed: bin/hardening/12.11_find_sgid_files.sh -> bin/hardening/6.1.14_find_sgid_files.sh
renamed: bin/hardening/12.1_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
renamed: bin/hardening/12.2_etc_shadow_permissions.sh -> bin/hardening/6.1.3_etc_shadow_permissions.sh
renamed: bin/hardening/12.3_etc_group_permissions.sh -> bin/hardening/6.1.4_etc_group_permissions.sh
deleted: tests/hardening/12.1_etc_passwd_permissions.sh
deleted: tests/hardening/12.2_etc_shadow_permissions.sh
deleted: tests/hardening/12.3_etc_group_permissions.sh
renamed: tests/hardening/12.7_find_world_writable_file.sh -> tests/hardening/6.1.10_find_world_writable_file.sh
renamed: tests/hardening/12.8_find_unowned_files.sh -> tests/hardening/6.1.11_find_unowned_files.sh
renamed: tests/hardening/12.9_find_ungrouped_files.sh -> tests/hardening/6.1.12_find_ungrouped_files.sh
renamed: tests/hardening/12.10_find_suid_files.sh -> tests/hardening/6.1.13_find_suid_files.sh
renamed: tests/hardening/12.11_find_sgid_files.sh -> tests/hardening/6.1.14_find_sgid_files.sh
renamed: tests/hardening/12.6_etc_group_ownership.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
renamed: tests/hardening/12.5_etc_shadow_ownership.sh -> tests/hardening/6.1.3_etc_shadow_permissions.sh
renamed: tests/hardening/12.4_etc_passwd_ownership.sh -> tests/hardening/6.1.4_etc_group_permissions.sh
2019-09-12 16:44:45 +02:00
Charles Herlin
a085785321
Renum warning banners checks 11.x to 1.7.x
...
new file: bin/hardening/1.7.1.1_remove_os_info_motd.sh
renamed: bin/hardening/11.2_remove_os_info_warning_banners.sh -> bin/hardening/1.7.1.2_remove_os_info_issue.sh
new file: bin/hardening/1.7.1.3_remove_os_info_issue_net.sh
new file: bin/hardening/1.7.1.4_motd_perms.sh
new file: bin/hardening/1.7.1.5_etc_issue_perms.sh
new file: bin/hardening/1.7.1.6_etc_issue_net_perms.sh
renamed: bin/hardening/11.3_graphical_warning_banners.sh -> bin/hardening/1.7.2_graphical_warning_banners.sh
deleted: bin/hardening/11.1_warning_banners.sh
renamed: tests/hardening/11.3_graphical_warning_banners.sh -> tests/hardening/1.7.1.1_remove_os_info_motd.sh
renamed: tests/hardening/11.2_remove_os_info_warning_banners.sh -> tests/hardening/1.7.1.2_remove_os_info_issue.sh
renamed: tests/hardening/11.1_warning_banners.sh -> tests/hardening/1.7.1.3_remove_os_info_issue_net.sh
new file: tests/hardening/1.7.1.4_warning_banners.sh
new file: tests/hardening/1.7.2_graphical_warning_banners.sh
2019-09-12 15:42:22 +02:00
Charles Herlin
fbb73d1953
Renum 10.x to 5.4.x
...
renamed: bin/hardening/10.5_lock_inactive_user_account.sh -> bin/hardening/5.4.1.4_lock_inactive_user_account.sh
renamed: bin/hardening/10.2_disable_system_accounts.sh -> bin/hardening/5.4.2_disable_system_accounts.sh
renamed: bin/hardening/10.3_default_root_group.sh -> bin/hardening/5.4.3_default_root_group.sh
renamed: bin/hardening/10.4_default_umask.sh -> bin/hardening/5.4.4_default_umask.sh
renamed: tests/hardening/10.5_lock_inactive_user_account.sh -> tests/hardening/5.4.1.4_lock_inactive_user_account.sh
renamed: tests/hardening/10.2_disable_system_accounts.sh -> tests/hardening/5.4.2_disable_system_accounts.sh
renamed: tests/hardening/10.4_default_umask.sh -> tests/hardening/5.4.3_default_root_group.sh
renamed: tests/hardening/10.3_default_root_group.sh -> tests/hardening/5.4.4_default_umask.sh
2019-09-12 10:55:43 +02:00
Charles Herlin
47a9ffdc9c
Renum login.defs 10.1.x to 5.4.1.x
...
renamed: bin/hardening/10.1.1_set_password_exp_days.sh -> bin/hardening/5.4.1.1_set_password_exp_days.sh
renamed: bin/hardening/10.1.2_set_password_min_days_change.sh -> bin/hardening/5.4.1.2_set_password_min_days_change.sh
renamed: bin/hardening/10.1.3_set_password_exp_warning_days.sh -> bin/hardening/5.4.1.3_set_password_exp_warning_days.sh
renamed: tests/hardening/10.1.3_set_password_exp_warning_days.sh -> tests/hardening/5.4.1.1_set_password_exp_days.sh
renamed: tests/hardening/10.1.2_set_password_min_days_change.sh -> tests/hardening/5.4.1.2_set_password_min_days_change.sh
renamed: tests/hardening/10.1.1_set_password_exp_days.sh -> tests/hardening/5.4.1.3_set_password_exp_warning_days.sh
2019-09-12 10:43:48 +02:00
Charles Herlin
8a4a28a35b
Renum 9.x tty and su checks
...
renamed: bin/hardening/9.4_secure_tty.sh -> bin/hardening/5.5_secure_tty.sh
renamed: bin/hardening/9.5_restrict_su.sh -> bin/hardening/5.6_restrict_su.sh
renamed: tests/hardening/9.5_restrict_su.sh -> tests/hardening/5.5_secure_tty.sh
renamed: tests/hardening/9.4_secure_tty.sh -> tests/hardening/5.6_restrict_su.sh
2019-09-11 17:16:54 +02:00
Charles Herlin
9e61ca8367
Renum ssh config check 9.3.x to 5.2.x
...
Also renum 99.x checks that were included in CIS recommendations
renamed: bin/hardening/9.3.8_disable_root_login.sh -> bin/hardening/5.2.10_disable_root_login.sh
renamed: bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
renamed: bin/hardening/9.3.10_disable_sshd_setenv.sh -> bin/hardening/5.2.12_disable_sshd_setenv.sh
renamed: bin/hardening/9.3.11_sshd_ciphers.sh -> bin/hardening/5.2.13_sshd_ciphers.sh
renamed: bin/hardening/99.5.2.2_ssh_cry_mac.sh -> bin/hardening/5.2.14_ssh_cry_mac.sh
renamed: bin/hardening/99.5.2.1_ssh_cry_kex.sh -> bin/hardening/5.2.15_ssh_cry_kex.sh
renamed: bin/hardening/9.3.12_sshd_idle_timeout.sh -> bin/hardening/5.2.16_sshd_idle_timeout.sh
renamed: bin/hardening/9.3.13_sshd_limit_access.sh -> bin/hardening/5.2.18_sshd_limit_access.sh
renamed: bin/hardening/9.3.14_ssh_banner.sh -> bin/hardening/5.2.19_ssh_banner.sh
renamed: bin/hardening/9.3.3_sshd_conf_perm_ownership.sh -> bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
renamed: bin/hardening/9.3.1_sshd_protocol.sh -> bin/hardening/5.2.4_sshd_protocol.sh
renamed: bin/hardening/9.3.2_sshd_loglevel.sh -> bin/hardening/5.2.5_sshd_loglevel.sh
renamed: bin/hardening/9.3.4_disable_x11_forwarding.sh -> bin/hardening/5.2.6_disable_x11_forwarding.sh
renamed: bin/hardening/9.3.5_sshd_maxauthtries.sh -> bin/hardening/5.2.7_sshd_maxauthtries.sh
renamed: bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
renamed: bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
renamed: tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> tests/hardening/5.2.10_disable_root_login.sh
renamed: tests/hardening/9.3.8_disable_root_login.sh -> tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
renamed: tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> tests/hardening/5.2.12_disable_sshd_setenv.sh
renamed: tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> tests/hardening/5.2.13_sshd_ciphers.sh
renamed: tests/hardening/99.5.2.2_ssh_cry_mac.sh -> tests/hardening/5.2.14_ssh_cry_mac.sh
renamed: tests/hardening/99.5.2.1_ssh_cry_kex.sh -> tests/hardening/5.2.15_ssh_cry_kex.sh
renamed: tests/hardening/9.3.5_sshd_maxauthtries.sh -> tests/hardening/5.2.16_sshd_idle_timeout.sh
renamed: tests/hardening/9.3.4_disable_x11_forwarding.sh -> tests/hardening/5.2.18_sshd_limit_access.sh
renamed: tests/hardening/9.3.3_sshd_conf_perm_ownership.sh -> tests/hardening/5.2.19_ssh_banner.sh
renamed: tests/hardening/9.3.1_sshd_protocol.sh -> tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
renamed: tests/hardening/9.3.14_ssh_banner.sh -> tests/hardening/5.2.4_sshd_protocol.sh
renamed: tests/hardening/9.3.2_sshd_loglevel.sh -> tests/hardening/5.2.5_sshd_loglevel.sh
renamed: tests/hardening/9.3.13_sshd_limit_access.sh -> tests/hardening/5.2.6_disable_x11_forwarding.sh
renamed: tests/hardening/9.3.12_sshd_idle_timeout.sh -> tests/hardening/5.2.7_sshd_maxauthtries.sh
renamed: tests/hardening/9.3.11_sshd_ciphers.sh -> tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
renamed: tests/hardening/9.3.10_disable_sshd_setenv.sh -> tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
2019-09-11 17:12:54 +02:00
Charles Herlin
c863a01305
Renum 9.2.x to 5.3.x Pam password settings
...
renamed: bin/hardening/9.2.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_cracklib.sh
renamed: bin/hardening/9.2.2_enable_lockout_failed_password.sh -> bin/hardening/5.3.2_enable_lockout_failed_password.sh
renamed: bin/hardening/9.2.3_limit_password_reuse.sh -> bin/hardening/5.3.3_limit_password_reuse.sh
renamed: tests/hardening/9.2.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_cracklib.sh
renamed: tests/hardening/9.2.3_limit_password_reuse.sh -> tests/hardening/5.3.2_enable_lockout_failed_password.sh
renamed: tests/hardening/9.2.2_enable_lockout_failed_password.sh -> tests/hardening/5.3.3_limit_password_reuse.sh
2019-09-11 15:40:00 +02:00
Charles Herlin
124dde8254
Renum 9.1.x to 5.1.x cron checks
...
renamed: bin/hardening/9.1.1_enable_cron.sh -> bin/hardening/5.1.1_enable_cron.sh
renamed: bin/hardening/9.1.2_crontab_perm_ownership.sh -> bin/hardening/5.1.2_crontab_perm_ownership.sh
renamed: bin/hardening/9.1.3_cron_hourly_perm_ownership.sh -> bin/hardening/5.1.3_cron_hourly_perm_ownership.sh
renamed: bin/hardening/9.1.4_cron_daily_perm_ownership.sh -> bin/hardening/5.1.4_cron_daily_perm_ownership.sh
renamed: bin/hardening/9.1.5_cron_weekly_perm_ownership.sh -> bin/hardening/5.1.5_cron_weekly_perm_ownership.sh
renamed: bin/hardening/9.1.6_cron_monthly_perm_ownership.sh -> bin/hardening/5.1.6_cron_monthly_perm_ownership.sh
renamed: bin/hardening/9.1.7_cron_d_perm_ownership.sh -> bin/hardening/5.1.7_cron_d_perm_ownership.sh
renamed: bin/hardening/9.1.8_cron_users.sh -> bin/hardening/5.1.8_cron_users.sh
renamed: tests/hardening/9.1.8_cron_users.sh -> tests/hardening/5.1.1_enable_cron.sh
renamed: tests/hardening/9.1.7_cron_d_perm_ownership.sh -> tests/hardening/5.1.2_crontab_perm_ownership.sh
renamed: tests/hardening/9.1.6_cron_monthly_perm_ownership.sh -> tests/hardening/5.1.3_cron_hourly_perm_ownership.sh
renamed: tests/hardening/9.1.5_cron_weekly_perm_ownership.sh -> tests/hardening/5.1.4_cron_daily_perm_ownership.sh
renamed: tests/hardening/9.1.4_cron_daily_perm_ownership.sh -> tests/hardening/5.1.5_cron_weekly_perm_ownership.sh
renamed: tests/hardening/9.1.3_cron_hourly_perm_ownership.sh -> tests/hardening/5.1.6_cron_monthly_perm_ownership.sh
renamed: tests/hardening/9.1.2_crontab_perm_ownership.sh -> tests/hardening/5.1.7_cron_d_perm_ownership.sh
renamed: tests/hardening/9.1.1_enable_cron.sh -> tests/hardening/5.1.8_cron_users.sh
2019-09-11 12:16:50 +02:00
Charles Herlin
65f92a7556
Renum 8.2.x to 4.2.2.x for syslog-ng
...
renamed: bin/hardening/8.2.2_enable_syslog-ng.sh -> bin/hardening/4.2.2.1_enable_syslog-ng.sh
renamed: bin/hardening/8.2.3_configure_syslog-ng.sh -> bin/hardening/4.2.2.2_configure_syslog-ng.sh
new file: bin/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh
renamed: bin/hardening/8.2.5_syslog-ng_remote_host.sh -> bin/hardening/4.2.2.4_syslog-ng_remote_host.sh
renamed: bin/hardening/8.2.6_remote_syslog-ng_acl.sh -> bin/hardening/4.2.2.5_remote_syslog-ng_acl.sh
renamed: tests/hardening/8.2.6_remote_syslog-ng_acl.sh -> tests/hardening/4.2.2.1_enable_syslog-ng.sh
renamed: tests/hardening/8.2.3_configure_syslog-ng.sh -> tests/hardening/4.2.2.2_configure_syslog-ng.sh
renamed: tests/hardening/8.2.2_enable_syslog-ng.sh -> tests/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh
renamed: tests/hardening/8.2.5_syslog-ng_remote_host.sh -> tests/hardening/4.2.2.4_syslog-ng_remote_host.sh
new file: tests/hardening/4.2.2.5_remote_syslog-ng_acl.sh
2019-09-11 11:52:24 +02:00
Charles Herlin
00dd3ef591
Renum 8.1.x auditing configuration
...
renamed: bin/hardening/8.1.1.1_audit_log_storage.sh -> bin/hardening/4.1.1.1_audit_log_storage.sh
renamed: bin/hardening/8.1.1.2_halt_when_audit_log_full.sh -> bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
renamed: bin/hardening/8.1.1.3_keep_all_audit_logs.sh -> bin/hardening/4.1.1.3_keep_all_audit_logs.sh
renamed: bin/hardening/8.1.10_record_dac_edit.sh -> bin/hardening/4.1.10_record_dac_edit.sh
renamed: bin/hardening/8.1.11_record_failed_access_file.sh -> bin/hardening/4.1.11_record_failed_access_file.sh
renamed: bin/hardening/8.1.12_record_privileged_commands.sh -> bin/hardening/4.1.12_record_privileged_commands.sh
renamed: bin/hardening/8.1.13_record_successful_mount.sh -> bin/hardening/4.1.13_record_successful_mount.sh
renamed: bin/hardening/8.1.14_record_file_deletions.sh -> bin/hardening/4.1.14_record_file_deletions.sh
renamed: bin/hardening/8.1.15_record_sudoers_edit.sh -> bin/hardening/4.1.15_record_sudoers_edit.sh
renamed: bin/hardening/8.1.16_record_sudo_usage.sh -> bin/hardening/4.1.16_record_sudo_usage.sh
renamed: bin/hardening/8.1.17_record_kernel_modules.sh -> bin/hardening/4.1.17_record_kernel_modules.sh
renamed: bin/hardening/8.1.18_freeze_auditd_conf.sh -> bin/hardening/4.1.18_freeze_auditd_conf.sh
renamed: bin/hardening/8.1.2_enable_auditd.sh -> bin/hardening/4.1.2_enable_auditd.sh
renamed: bin/hardening/8.1.3_audit_bootloader.sh -> bin/hardening/4.1.3_audit_bootloader.sh
renamed: bin/hardening/8.1.4_record_date_time_edit.sh -> bin/hardening/4.1.4_record_date_time_edit.sh
renamed: bin/hardening/8.1.5_record_user_group_edit.sh -> bin/hardening/4.1.5_record_user_group_edit.sh
renamed: bin/hardening/8.1.6_record_network_edit.sh -> bin/hardening/4.1.6_record_network_edit.sh
renamed: bin/hardening/8.1.7_record_mac_edit.sh -> bin/hardening/4.1.7_record_mac_edit.sh
renamed: bin/hardening/8.1.8_record_login_logout.sh -> bin/hardening/4.1.8_record_login_logout.sh
renamed: bin/hardening/8.1.9_record_session_init.sh -> bin/hardening/4.1.9_record_session_init.sh
renamed: tests/hardening/8.1.9_record_session_init.sh -> tests/hardening/4.1.1.1_audit_log_storage.sh
renamed: tests/hardening/8.1.8_record_login_logout.sh -> tests/hardening/4.1.1.2_halt_when_audit_log_full.sh
renamed: tests/hardening/8.1.7_record_mac_edit.sh -> tests/hardening/4.1.1.3_keep_all_audit_logs.sh
renamed: tests/hardening/8.1.6_record_network_edit.sh -> tests/hardening/4.1.10_record_dac_edit.sh
renamed: tests/hardening/8.1.5_record_user_group_edit.sh -> tests/hardening/4.1.11_record_failed_access_file.sh
renamed: tests/hardening/8.1.4_record_date_time_edit.sh -> tests/hardening/4.1.12_record_privileged_commands.sh
renamed: tests/hardening/8.1.3_audit_bootloader.sh -> tests/hardening/4.1.13_record_successful_mount.sh
renamed: tests/hardening/8.1.2_enable_auditd.sh -> tests/hardening/4.1.14_record_file_deletions.sh
renamed: tests/hardening/8.1.18_freeze_auditd_conf.sh -> tests/hardening/4.1.15_record_sudoers_edit.sh
renamed: tests/hardening/8.1.17_record_kernel_modules.sh -> tests/hardening/4.1.16_record_sudo_usage.sh
renamed: tests/hardening/8.1.16_record_sudo_usage.sh -> tests/hardening/4.1.17_record_kernel_modules.sh
renamed: tests/hardening/8.1.15_record_sudoers_edit.sh -> tests/hardening/4.1.18_freeze_auditd_conf.sh
renamed: tests/hardening/8.1.14_record_file_deletions.sh -> tests/hardening/4.1.2_enable_auditd.sh
renamed: tests/hardening/8.1.13_record_successful_mount.sh -> tests/hardening/4.1.3_audit_bootloader.sh
renamed: tests/hardening/8.1.12_record_privileged_commands.sh -> tests/hardening/4.1.4_record_date_time_edit.sh
renamed: tests/hardening/8.1.11_record_failed_access_file.sh -> tests/hardening/4.1.5_record_user_group_edit.sh
renamed: tests/hardening/8.1.10_record_dac_edit.sh -> tests/hardening/4.1.6_record_network_edit.sh
renamed: tests/hardening/8.1.1.3_keep_all_audit_logs.sh -> tests/hardening/4.1.7_record_mac_edit.sh
renamed: tests/hardening/8.1.1.2_halt_when_audit_log_full.sh -> tests/hardening/4.1.8_record_login_logout.sh
renamed: tests/hardening/8.1.1.1_audit_log_storage.sh -> tests/hardening/4.1.9_record_session_init.sh
2019-09-09 16:45:54 +02:00
Charles Herlin
032aaa7c79
Renumber 7.5.x and 7.6
...
renamed: bin/hardening/7.5.1_disable_dccp.sh -> bin/hardening/3.4.1_disable_dccp.sh
renamed: bin/hardening/7.5.2_disable_sctp.sh -> bin/hardening/3.4.2_disable_sctp.sh
renamed: bin/hardening/7.5.3_disable_rds.sh -> bin/hardening/3.4.3_disable_rds.sh
renamed: bin/hardening/7.5.4_disable_tipc.sh -> bin/hardening/3.4.4_disable_tipc.sh
renamed: bin/hardening/7.6_disable_wireless.sh -> bin/hardening/3.6_disable_wireless.sh
renamed: tests/hardening/7.6_disable_wireless.sh -> tests/hardening/3.4.1_disable_dccp.sh
renamed: tests/hardening/7.5.4_disable_tipc.sh -> tests/hardening/3.4.2_disable_sctp.sh
renamed: tests/hardening/7.5.3_disable_rds.sh -> tests/hardening/3.4.3_disable_rds.sh
renamed: tests/hardening/7.5.2_disable_sctp.sh -> tests/hardening/3.4.4_disable_tipc.sh
renamed: tests/hardening/7.5.1_disable_dccp.sh -> tests/hardening/3.6_disable_wireless.sh
2019-08-30 17:18:26 +02:00
Charles Herlin
68f9f56192
Renumber 7.4.x tcp wrappers
...
renamed: bin/hardening/7.4.1_install_tcp_wrapper.sh -> bin/hardening/3.3.1_install_tcp_wrapper.sh
renamed: bin/hardening/7.4.2_hosts_allow.sh -> bin/hardening/3.3.2_hosts_allow.sh
renamed: bin/hardening/7.4.4_hosts_deny.sh -> bin/hardening/3.3.3_hosts_deny.sh
renamed: bin/hardening/7.4.3_hosts_allow_permissions.sh -> bin/hardening/3.3.4_hosts_allow_permissions.sh
renamed: bin/hardening/7.4.5_hosts_deny_permissions.sh -> bin/hardening/3.3.5_hosts_deny_permissions.sh
renamed: tests/hardening/7.4.5_hosts_deny_permissions.sh -> tests/hardening/3.3.1_install_tcp_wrapper.sh
renamed: tests/hardening/7.4.4_hosts_deny.sh -> tests/hardening/3.3.2_hosts_allow.sh
renamed: tests/hardening/7.4.3_hosts_allow_permissions.sh -> tests/hardening/3.3.3_hosts_deny.sh
renamed: tests/hardening/7.4.2_hosts_allow.sh -> tests/hardening/3.3.4_hosts_allow_permissions.sh
renamed: tests/hardening/7.4.1_install_tcp_wrapper.sh -> tests/hardening/3.3.5_hosts_deny_permissions.sh
2019-08-30 17:11:03 +02:00
Charles Herlin
c5674c3627
Renumber network params 7.1.x, 7.2.x and 7.3
...
renamed: bin/hardening/7.1.1_disable_ip_forwarding.sh -> bin/hardening/3.1.1_disable_ip_forwarding.sh
renamed: bin/hardening/7.1.2_disable_send_packet_redirects.sh -> bin/hardening/3.1.2_disable_send_packet_redirects.sh
renamed: bin/hardening/7.2.1_disable_source_routed_packets.sh -> bin/hardening/3.2.1_disable_source_routed_packets.sh
renamed: bin/hardening/7.2.2_disable_icmp_redirect.sh -> bin/hardening/3.2.2_disable_icmp_redirect.sh
renamed: bin/hardening/7.2.3_disable_secure_icmp_redirect.sh -> bin/hardening/3.2.3_disable_secure_icmp_redirect.sh
renamed: bin/hardening/7.2.4_log_martian_packets.sh -> bin/hardening/3.2.4_log_martian_packets.sh
renamed: bin/hardening/7.2.5_ignore_broadcast_requests.sh -> bin/hardening/3.2.5_ignore_broadcast_requests.sh
renamed: bin/hardening/7.2.8_enable_tcp_syn_cookies.sh -> bin/hardening/3.2.8_enable_tcp_syn_cookies.sh
renamed: bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh -> bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh
renamed: bin/hardening/7.3.3_disable_ipv6.sh -> bin/hardening/3.7_disable_ipv6.sh
deleted: bin/hardening/7.2.6_enable_bad_error_message_protection.sh
deleted: bin/hardening/7.2.7_enable_source_route_validation.sh
deleted: bin/hardening/7.3.2_disable_ipv6_redirect.sh
renamed: tests/hardening/7.3.3_disable_ipv6.sh -> tests/hardening/3.1.1_disable_ip_forwarding.sh
renamed: tests/hardening/7.3.2_disable_ipv6_redirect.sh -> tests/hardening/3.1.2_disable_send_packet_redirects.sh
renamed: tests/hardening/7.3.1_disable_ipv6_router_advertisement.sh -> tests/hardening/3.2.1_disable_source_routed_packets.sh
renamed: tests/hardening/7.2.8_enable_tcp_syn_cookies.sh -> tests/hardening/3.2.2_disable_icmp_redirect.sh
renamed: tests/hardening/7.2.7_enable_source_route_validation.sh -> tests/hardening/3.2.3_disable_secure_icmp_redirect.sh
renamed: tests/hardening/7.2.6_enable_bad_error_message_protection.sh -> tests/hardening/3.2.4_log_martian_packets.sh
renamed: tests/hardening/7.2.5_ignore_broadcast_requests.sh -> tests/hardening/3.2.5_ignore_broadcast_requests.sh
renamed: tests/hardening/7.2.4_log_martian_packets.sh -> tests/hardening/3.2.8_enable_tcp_syn_cookies.sh
renamed: tests/hardening/7.2.3_disable_secure_icmp_redirect.sh -> tests/hardening/3.2.9_disable_ipv6_router_advertisement.sh
renamed: tests/hardening/7.2.2_disable_icmp_redirect.sh -> tests/hardening/3.7_disable_ipv6.sh
deleted: tests/hardening/7.1.1_disable_ip_forwarding.sh
deleted: tests/hardening/7.1.2_disable_send_packet_redirects.sh
deleted: tests/hardening/7.2.1_disable_source_routed_packets.sh
2019-08-30 14:14:29 +02:00
Charles Herlin
e205dc7481
Renumber special purpose services 6.x
...
new file: bin/hardening/2.2.1.1_use_time_sync.sh
renamed: bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh
new file: bin/hardening/2.2.1.3_configure_chrony.sh
renamed: bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh
renamed: bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh
renamed: bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh
renamed: bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh
renamed: bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh
renamed: bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh
renamed: bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh
renamed: bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh
renamed: bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh
renamed: bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh
renamed: bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh
renamed: bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh
renamed: bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh
renamed: bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh
deleted: bin/hardening/6.3_disable_print_server.sh
new file: tests/hardening/2.2.1.1_use_time_sync.sh
renamed: tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh
renamed: tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh
renamed: tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh
renamed: tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh
renamed: tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh
renamed: tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh
renamed: tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh
renamed: tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh
renamed: tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh
renamed: tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh
renamed: tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh
renamed: tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh
renamed: tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh
renamed: tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh
renamed: tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh
renamed: tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
Charles Herlin
fbdf3b72ed
Renumbering OS services checks and removing obsolete ones
...
new file: bin/hardening/2.1.1_disable_xinetd.sh
renamed: bin/hardening/5.1.8_disable_inetd.sh -> bin/hardening/2.1.2_disable_bsd_inetd.sh
renamed: bin/hardening/5.1.1_disable_nis.sh -> bin/hardening/2.3.1_disable_nis.sh
renamed: bin/hardening/5.1.3_disable_rsh_client.sh -> bin/hardening/2.3.2_disable_rsh_client.sh
renamed: bin/hardening/5.1.5_disable_talk_client.sh -> bin/hardening/2.3.3_disable_talk_client.sh
deleted: bin/hardening/5.1.2_disable_rsh.sh
deleted: bin/hardening/5.1.4_disable_talk.sh
deleted: bin/hardening/5.1.6_disable_telnet_server.sh
deleted: bin/hardening/5.1.7_disable_tftp_server.sh
deleted: bin/hardening/5.2_disable_chargen.sh
deleted: bin/hardening/5.3_disable_daytime.sh
deleted: bin/hardening/5.4_disable_echo.sh
deleted: bin/hardening/5.5_disable_discard.sh
deleted: bin/hardening/5.6_disable_time.sh
renamed: tests/hardening/5.6_disable_time.sh -> tests/hardening/2.1.1_disable_xinetd.sh
renamed: tests/hardening/5.5_disable_discard.sh -> tests/hardening/2.3.1_disable_nis.sh
renamed: tests/hardening/5.4_disable_echo.sh -> tests/hardening/2.3.2_disable_rsh_client.sh
renamed: tests/hardening/5.3_disable_daytime.sh -> tests/hardening/2.3.3_disable_talk_client.sh
deleted: tests/hardening/5.1.1_disable_nis.sh
deleted: tests/hardening/5.1.2_disable_rsh.sh
deleted: tests/hardening/5.1.3_disable_rsh_client.sh
deleted: tests/hardening/5.1.4_disable_talk.sh
deleted: tests/hardening/5.1.5_disable_talk_client.sh
deleted: tests/hardening/5.1.6_disable_telnet_server.sh
deleted: tests/hardening/5.1.7_disable_tftp_server.sh
deleted: tests/hardening/5.1.8_disable_inetd.sh
deleted: tests/hardening/5.2_disable_chargen.sh
2019-08-29 10:33:23 +02:00
Charles Herlin
6365f58b4c
Renumbering 4.x checks
...
renamed: 4.1_restrict_core_dumps.sh -> 1.5.1_restrict_core_dumps.sh
renamed: 4.2_enable_nx_support.sh -> 1.5.2_enable_nx_support.sh
renamed: 4.3_enable_randomized_vm_placement.sh -> 1.5.3_enable_randomized_vm_placement.sh
renamed: 4.4_disable_prelink.sh -> 1.5.4_disable_prelink.sh
renamed: ../../tests/hardening/4.4_disable_prelink.sh -> ../../tests/hardening/1.5.1_restrict_core_dumps.sh
renamed: ../../tests/hardening/4.3_enable_randomized_vm_placement.sh -> ../../tests/hardening/1.5.2_enable_nx_support.sh
renamed: ../../tests/hardening/4.2_enable_nx_support.sh -> ../../tests/hardening/1.5.3_enable_randomized_vm_placement.sh
renamed: ../../tests/hardening/4.1_restrict_core_dumps.sh -> ../../tests/hardening/1.5.4_disable_prelink.sh
2019-08-28 17:26:27 +02:00
Charles Herlin
fe25b1ba38
Renumbering of bootloader checks
...
renamed: 3.1_bootloader_ownership.sh -> 1.4.1_bootloader_ownership.sh
renamed: 3.3_bootloader_password.sh -> 1.4.2_bootloader_password.sh
renamed: 3.4_root_password.sh -> 1.4.3_root_password.sh
deleted: 3.2_bootloader_permissions.sh
renamed: ../../tests/hardening/3.4_root_password.sh -> ../../tests/hardening/1.4.1_bootloader_ownership.sh
renamed: ../../tests/hardening/3.3_bootloader_password.sh -> ../../tests/hardening/1.4.2_bootloader_password.sh
renamed: ../../tests/hardening/3.1_bootloader_ownership.sh -> ../../tests/hardening/1.4.3_root_password.sh
2019-08-28 17:19:59 +02:00
Charles Herlin
0b85d16c16
First batch of renaming to comply to comply to 8v2 and 9 pdf
...
renamed: 2.19_disable_freevxfs.sh -> 1.1.1.1_disable_freevxfs.sh
renamed: 2.20_disable_jffs2.sh -> 1.1.1.2_disable_jffs2.sh
renamed: 2.21_disable_hfs.sh -> 1.1.1.3_disable_hfs.sh
renamed: 2.22_disable_hfsplus.sh -> 1.1.1.4_disable_hfsplus.sh
renamed: 2.24_disable_udf.sh -> 1.1.1.5_disable_udf.sh
renamed: 2.7_var_log_partition.sh -> 1.1.11_var_log_partition.sh
renamed: 2.8_var_log_audit_partition.sh -> 1.1.12_var_log_audit_partition.sh
renamed: 2.9_home_partition.sh -> 1.1.13_home_partition.sh
renamed: 2.10_home_nodev.sh -> 1.1.14_home_nodev.sh
renamed: 2.14_run_shm_nodev.sh -> 1.1.15_run_shm_nodev.sh
renamed: 2.15_run_shm_nosuid.sh -> 1.1.16_run_shm_nosuid.sh
renamed: 2.16_run_shm_noexec.sh -> 1.1.17_run_shm_noexec.sh
renamed: 2.11_removable_device_nodev.sh -> 1.1.18_removable_device_nodev.sh
renamed: 2.13_removable_device_nosuid.sh -> 1.1.19_removable_device_nosuid.sh
renamed: 2.12_removable_device_noexec.sh -> 1.1.20_removable_device_noexec.sh
renamed: 2.17_sticky_bit_world_writable_folder.sh -> 1.1.21_sticky_bit_world_writable_folder.sh
renamed: 2.25_disable_automounting.sh -> 1.1.22_disable_automounting.sh
renamed: 2.1_tmp_partition.sh -> 1.1.2_tmp_partition.sh
renamed: 2.2_tmp_nodev.sh -> 1.1.3_tmp_nodev.sh
renamed: 2.3_tmp_nosuid.sh -> 1.1.4_tmp_nosuid.sh
renamed: 2.4_tmp_noexec.sh -> 1.1.5_tmp_noexec.sh
renamed: 2.5_var_partition.sh -> 1.1.6_var_partition.sh
renamed: 1.1_install_updates.sh -> 1.8_install_updates.sh
2019-08-27 15:30:47 +02:00
Thibault Ayanides
88e3a515ef
5.2.17_sshd_login_grace_time
2020-10-05 17:26:13 +02:00
Thibault Ayanides
55c1cdbdde
5.2.3_ssh_host_public_keys_perm_ownership
2020-10-05 17:05:47 +02:00
Thibault Ayanides
6f5d714b55
5.2.2_ssh_host_private_keys_perm_ownership
2020-10-05 17:05:26 +02:00
Thibault Ayanides
d6e5803252
4.2.4_logs_permissions
2020-10-05 13:17:44 +02:00
Thibault Ayanides
922f28c200
4.2.3_install_syslog-ng
2020-09-30 17:03:10 +02:00
Charles Herlin
5a1a70bbd3
FIX(test/10.2): backup and restore /etc/passwd after test
2019-08-28 12:30:13 +02:00
Charles Herlin
a4969e6ba6
IMP(99.3.1): improve check with disabled passwords
2019-08-28 11:49:01 +02:00
Charles Herlin
96f3b74334
FIX(10.2): improve test to check multiple login shells
...
fix IFS bug
add test
2019-08-28 11:47:49 +02:00
Charles Herlin
1ec77dbb56
FIX(13.15): fix code that did not show duplicated group
...
Add tests
Apply shellcheck recommendations
2019-03-28 17:51:02 +01:00
Charles Herlin
8f87d75293
FIX(99.5.4): fix regex to allow other authkey options than "from"
2019-03-15 18:17:48 +01:00
Charles Herlin
02673826a0
FIX(8.2.x): fix grep and find in audit scripts
2019-03-18 16:19:05 +01:00
Charles Herlin
be1ad3e581
IMP(99.5.4): add conf to check only listed users
2019-03-05 10:49:45 +01:00
Charles Herlin
9ada868f43
IMP(8.2.4): add exceptions in check and apply
...
Apply shellcheck recommendations
2019-03-01 12:12:42 +01:00