Thibault Ayanides
467e5f178c
fixup! IMP(4.5): rename to 1.6.1.2 improve test
2020-11-17 13:02:02 +01:00
Thibault Ayanides
d244a2e810
fixup! IMP(4.5): rename to 1.6.1.2 improve test
2020-11-17 12:56:10 +01:00
Thibault Ayanides
d640a467e2
fixup! IMP(4.1.x): add tests for each checks
2020-11-16 16:54:51 +01:00
Thibault Ayanides
7b8cca20d6
FIX(4.1.1.2): fix auditd apply
2020-11-09 11:48:48 +01:00
Thibault Ayanides
a6de243808
Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant
2020-11-09 09:00:34 +01:00
Thibault Ayanides
ffd5b28840
FIX: fix apt autoremove to be non interactive
...
modified: bin/hardening/2.2.10_disable_http_server.sh
modified: bin/hardening/2.2.11_disable_imap_pop.sh
modified: bin/hardening/2.2.12_disable_samba.sh
modified: bin/hardening/2.2.14_disable_snmp_server.sh
modified: bin/hardening/2.2.2_disable_xwindow_system.sh
modified: bin/hardening/2.2.3_disable_avahi_server.sh
modified: bin/hardening/2.2.4_disable_print_server.sh
modified: bin/hardening/2.2.5_disable_dhcp.sh
modified: bin/hardening/2.2.6_disable_ldap.sh
modified: bin/hardening/2.2.7_disable_nfs_rpc.sh
modified: bin/hardening/2.2.8_disable_dns_server.sh
modified: bin/hardening/2.2.9_disable_ftp.sh
modified: bin/hardening/2.3.1_disable_nis.sh
modified: bin/hardening/2.3.2_disable_rsh_client.sh
modified: bin/hardening/2.3.3_disable_talk_client.sh
modified: bin/hardening/2.3.4_telnet_client_not_installed.sh
modified: bin/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 14:51:26 +01:00
Thibault Ayanides
ce1e87b1a3
IMP(4.5): rename to 1.6.1.2 improve test
2020-11-06 11:09:22 +01:00
Thibault Ayanides
ee4b2417c2
IMP(4.1.x): add tests for each checks
2020-11-02 15:47:27 +01:00
Thibault Ayanides
17e43753b9
IMP(5.4.1.1-3): add tests and rename some variables
2020-10-30 09:39:42 +01:00
Thibault Ayanides
9aac4c3504
IMP(5.3.4): improve check
2020-10-29 16:47:34 +01:00
Thibault Ayanides
8af91dd6a8
IMP(5.3.1,5.3.2): add tests and upgrade PAM conf
2020-10-29 16:45:15 +01:00
Thibault Ayanides
feefee28e4
IMP(5.3.1): add test and config function for check
2020-10-29 15:35:56 +01:00
Thibault Ayanides
774af39a34
IMP(5.2.x): add tests and default_config
...
I added tests from 5.2.4 to 5.2.19 and default_config files in the
checks. This checks concern sshd conf (ciphers, mac, rootlogin, ...)
modifié : bin/hardening/5.2.4_sshd_protocol.sh
modifié : bin/hardening/5.2.6_disable_x11_forwarding.sh
modifié : bin/hardening/5.2.7_sshd_maxauthtries.sh
modifié : bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
modifié : bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
modifié : bin/hardening/5.2.10_disable_root_login.sh
modifié : bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
modifié : bin/hardening/5.2.12_disable_sshd_setenv.sh
modifié : bin/hardening/5.2.13_sshd_ciphers.sh
modifié : bin/hardening/5.2.16_sshd_idle_timeout.sh
modifié : bin/hardening/5.2.17_sshd_login_grace_time.sh
modifié : tests/hardening/5.2.4_sshd_protocol.sh
modifié : tests/hardening/5.2.5_sshd_loglevel.sh
modifié : tests/hardening/5.2.6_disable_x11_forwarding.sh
modifié : tests/hardening/5.2.7_sshd_maxauthtries.sh
modifié : tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
modifié : tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
modifié : tests/hardening/5.2.10_disable_root_login.sh
modifié : tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
modifié : tests/hardening/5.2.12_disable_sshd_setenv.sh
modifié : tests/hardening/5.2.13_sshd_ciphers.sh
modifié : tests/hardening/5.2.16_sshd_idle_timeout.sh
modifié : tests/hardening/5.2.17_sshd_login_grace_time.sh
modifié : tests/hardening/5.2.18_sshd_limit_access.sh
modifié : tests/hardening/5.2.19_ssh_banner.sh
2020-10-29 11:18:31 +01:00
Thibault Ayanides
fbd26ceefa
Fix race condition on /etc/passwd, /etc/shadow and /etc/group
2020-11-16 14:09:12 +01:00
Thibault Ayanides
501ce8c651
IMP(5.2.3): 640 permission is now ok for the check
2020-11-16 14:08:42 +01:00
Thibault Ayanides
829ee8631f
Revert to previous check (8.2.4 in old num)
2020-11-16 14:06:39 +01:00
Thibault
3c7a03445c
FIX(3.1.1): fix unbound variable issue
2020-11-12 10:15:41 +01:00
Thibault Ayanides
03c8e25ff3
FIX(99.5.4): fix test (permission denied on authorized_keys)
2020-11-05 15:05:12 +01:00
Thibault Ayanides
a7afb1099a
IMP(6.2.8): fix bug where /sbin/nologin was considered as a valid shell
2020-11-05 11:25:52 +01:00
Thibault Ayanides
6aae84f4b2
FIX(2.3.18): Re-add telnet server check
...
Renaming for 2.3.4 anbd 2.3.5 to have naming consistency.
nouveau fichier : bin/hardening/2.2.18_disable_telnet_server.sh
renommé : bin/hardening/2.3.4_telnet_client_not_installed.sh -> bin/hardening/2.3.4_disable_telnet_client.sh
renommé : bin/hardening/2.3.5_ldap_client_not_installed.sh -> bin/hardening/2.3.5_disable_ldap_client.sh
renommé : tests/hardening/2.3.4_telnet_client_not_installed.sh -> tests/hardening/2.2.18_disable_telnet_server.sh
renommé : tests/hardening/2.3.5_ldap_client_not_installed.sh -> tests/hardening/2.3.4_disable_telnet_client.sh
nouveau fichier : tests/hardening/2.3.5_disable_ldap_client.sh
2020-11-03 09:38:13 +01:00
Thibault Ayanides
668dc80bb8
FIX(3.1.1,3.2.1,3.2.2): don't check for IPv6 options if IPv6 is disabled
2020-11-02 17:16:11 +01:00
Thibault Ayanides
c2090b74b3
FIX(2.2.12): smbd enabling check was wrong
2020-11-02 16:53:04 +01:00
Thibault Ayanides
26c119c4a1
ADD(3.2.7): add check mysteriously deleted during renaming
2020-10-30 16:09:25 +01:00
Thibault Ayanides
aff5d708e8
ADD(3.2.6): add check mysteriously deleted during renaming
2020-10-30 16:09:21 +01:00
Thibault Ayanides
b266982a3c
ADD(6.2.7): add check mysteriously deleted during renaming
2020-10-30 16:01:18 +01:00
Thibault Ayanides
a0b025deac
Fix final printf command
...
The final printf bugs on non US system.
A fix is to truncate the percentage to 2 decimals with bc and not with
printf.
modifié : bin/hardening.sh
2020-10-30 14:56:27 +01:00
Thibault Ayanides
ccef85ebe3
IMP(4.2.4): use functions in utils
2020-10-30 14:49:16 +01:00
Thibault Ayanides
258da6b4a1
CLEAN(4.2.2): delete 4.2.2, duplicate with 4.2.3
2020-10-30 14:40:48 +01:00
Thibault Ayanides
9eb6bac993
FIX(6.2.9): fix EXCEPTIONS unbound variable error
2020-10-28 15:04:41 +01:00
Thibault Ayanides
df802b4882
Fix spelling mistakes and numbering in comments
2020-10-28 10:09:10 +01:00
Thibault Ayanides
20f432765d
FIX(5.2.2,5.2.3) find was not working properly
...
I removed the functions in utils and replace them with loops, so that
there is no more problems with the options arrays.
2020-10-27 12:47:11 +01:00
Thibault Ayanides
bb266ebe4a
IMP(6.2.6): add purposely failing tests
2020-10-27 09:17:57 +01:00
Thibault Ayanides
1e64a14299
IMP(6.2.2,6.2.3,6.2.4): add purposely failing tests
2020-10-26 14:46:42 +01:00
Thibault Ayanides
990f191111
CLEAN: rename 2.18, 2.23
2020-10-26 11:05:37 +01:00
Thibault Ayanides
f82712203d
CLEAN: rename 7.7
2020-10-26 11:00:55 +01:00
Thibault Ayanides
e2616b024d
CLEAN: Remove 13.13 (duplicate with 6.2.9)
2020-10-26 10:55:12 +01:00
Thibault Ayanides
e1846ebd4c
CLEAN: Rename 1.7.1.4, 8.2.1
2020-10-26 10:40:48 +01:00
Charles Herlin
c0e9b96ffc
FIX: change name to fit check content (cracklib -> pwquality)
...
renamed: bin/hardening/5.3.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_pwquality.sh
renamed: tests/hardening/5.3.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_pwquality.sh
2019-10-30 15:40:15 +01:00
Charles Herlin
de3da21a38
CLEAN: remove 8.2.4
2019-10-30 15:37:36 +01:00
Charles Herlin
c81cf79fea
CLEAN(12.x) remove unused checks that were merged with ownsership/perms
...
deleted: 12.4_etc_passwd_ownership.sh
deleted: 12.5_etc_shadow_ownership.sh
deleted: 12.6_etc_group_ownership.sh
2019-10-30 15:29:11 +01:00
Charles Herlin
d4bbc786a6
IMP(3.2.1-2): set sysctl params in config file
2019-10-30 15:20:30 +01:00
Charles Herlin
625a6206c7
Fix typos
...
modified: 1.7.1.4_motd_perms.sh
modified: 1.7.1.5_etc_issue_perms.sh
modified: 1.7.1.6_etc_issue_net_perms.sh
modified: 1.8_install_updates.sh
2019-10-30 15:18:52 +01:00
Charles Herlin
5074c5a8bd
FIX(2.2.12) handle smbd as a service
2019-10-25 16:03:11 +02:00
Charles Herlin
d91fdbf84b
Add missing tests CUPS, telnet and LDAP
...
new file: bin/hardening/2.2.4_disable_print_server.sh
new file: bin/hardening/2.3.4_telnet_client_not_installed.sh
new file: bin/hardening/2.3.5_ldap_client_not_installed.sh
new file: tests/hardening/2.2.4_disable_print_server.sh
new file: tests/hardening/2.3.4_telnet_client_not_installed.sh
new file: tests/hardening/2.3.5_ldap_client_not_installed.sh
2019-10-21 14:45:25 +02:00
Charles Herlin
2b60594a06
Renum 2.6.x to 1.1.x for /var/tmp
...
renamed: bin/hardening/2.6.4_var_tmp_noexec.sh -> bin/hardening/1.1.10_var_tmp_noexec.sh
renamed: bin/hardening/2.6.1_var_tmp_partition.sh -> bin/hardening/1.1.7_var_tmp_partition.sh
renamed: bin/hardening/2.6.2_var_tmp_nodev.sh -> bin/hardening/1.1.8_var_tmp_nodev.sh
renamed: bin/hardening/2.6.3_var_tmp_nosuid.sh -> bin/hardening/1.1.9_var_tmp_nosuid.sh
renamed: tests/hardening/2.6.4_var_tmp_noexec.sh -> tests/hardening/1.1.10_var_tmp_noexec.sh
renamed: tests/hardening/2.6.3_var_tmp_nosuid.sh -> tests/hardening/1.1.7_var_tmp_partition.sh
renamed: tests/hardening/2.6.2_var_tmp_nodev.sh -> tests/hardening/1.1.8_var_tmp_nodev.sh
renamed: tests/hardening/2.6.1_var_tmp_partition.sh -> tests/hardening/1.1.9_var_tmp_nosuid.sh
2019-10-21 12:21:22 +02:00
Charles Herlin
d6dae89966
Renum logrotate config 8.4 to 4.3
...
renamed: 8.4_configure_logrotate.sh -> 4.3_configure_logrotate.sh
renamed: ../../tests/hardening/8.4_configure_logrotate.sh -> ../../tests/hardening/4.3_configure_logrotate.sh
2019-10-18 17:32:41 +02:00
Charles Herlin
80b97940fa
Renumbering custom 99.* scripts as newcomers to CIS benchmark
...
renamed: bin/hardening/99.4_net_fw_default_policy_drop.sh -> bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh
renamed: bin/hardening/99.3.3_acc_pam_sha512.sh -> bin/hardening/5.3.4_acc_pam_sha512.sh
renamed: tests/hardening/99.4_net_fw_default_policy_drop.sh -> tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh
renamed: tests/hardening/99.3.3_acc_pam_sha512.sh -> tests/hardening/5.3.4_acc_pam_sha512.sh
2019-10-18 17:26:31 +02:00
Charles Herlin
609444a47f
Renum User and Groups settings 13.x to 6.2.x
...
renamed: bin/hardening/13.8_check_user_dot_file_perm.sh -> bin/hardening/6.2.10_check_user_dot_file_perm.sh
renamed: bin/hardening/13.19_find_user_forward_files.sh -> bin/hardening/6.2.11_find_user_forward_files.sh
renamed: bin/hardening/13.18_find_user_netrc_files.sh -> bin/hardening/6.2.12_find_user_netrc_files.sh
renamed: bin/hardening/13.9_set_perm_on_user_netrc.sh -> bin/hardening/6.2.13_set_perm_on_user_netrc.sh
renamed: bin/hardening/13.10_find_user_rhosts_files.sh -> bin/hardening/6.2.14_find_user_rhosts_files.sh
renamed: bin/hardening/13.11_find_passwd_group_inconsistencies.sh -> bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
renamed: bin/hardening/13.14_check_duplicate_uid.sh -> bin/hardening/6.2.16_check_duplicate_uid.sh
renamed: bin/hardening/13.15_check_duplicate_gid.sh -> bin/hardening/6.2.17_check_duplicate_gid.sh
renamed: bin/hardening/13.16_check_duplicate_username.sh -> bin/hardening/6.2.18_check_duplicate_username.sh
renamed: bin/hardening/13.17_check_duplicate_groupname.sh -> bin/hardening/6.2.19_check_duplicate_groupname.sh
renamed: bin/hardening/13.1_remove_empty_password_field.sh -> bin/hardening/6.2.1_remove_empty_password_field.sh
renamed: bin/hardening/13.20_shadow_group_empty.sh -> bin/hardening/6.2.20_shadow_group_empty.sh
renamed: bin/hardening/13.2_remove_legacy_passwd_entries.sh -> bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
renamed: bin/hardening/13.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
renamed: bin/hardening/13.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.4_remove_legacy_group_entries.sh
renamed: bin/hardening/13.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.5_find_0_uid_non_root_account.sh
renamed: bin/hardening/13.6_sanitize_root_path.sh -> bin/hardening/6.2.6_sanitize_root_path.sh
renamed: bin/hardening/13.7_check_user_dir_perm.sh -> bin/hardening/6.2.8_check_user_dir_perm.sh
renamed: bin/hardening/13.12_users_valid_homedir.sh -> bin/hardening/6.2.9_users_valid_homedir.sh
renamed: tests/hardening/13.9_set_perm_on_user_netrc.sh -> tests/hardening/6.2.10_check_user_dot_file_perm.sh
renamed: tests/hardening/13.8_check_user_dot_file_perm.sh -> tests/hardening/6.2.11_find_user_forward_files.sh
renamed: tests/hardening/13.7_check_user_dir_perm.sh -> tests/hardening/6.2.12_find_user_netrc_files.sh
renamed: tests/hardening/13.6_sanitize_root_path.sh -> tests/hardening/6.2.13_set_perm_on_user_netrc.sh
renamed: tests/hardening/13.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh
renamed: tests/hardening/13.14_check_duplicate_uid.sh -> tests/hardening/6.2.16_check_duplicate_uid.sh
renamed: tests/hardening/13.15_check_duplicate_gid.sh -> tests/hardening/6.2.17_check_duplicate_gid.sh
renamed: tests/hardening/13.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.18_check_duplicate_username.sh
renamed: tests/hardening/13.2_remove_legacy_passwd_entries.sh -> tests/hardening/6.2.19_check_duplicate_groupname.sh
renamed: tests/hardening/13.20_shadow_group_empty.sh -> tests/hardening/6.2.1_remove_empty_password_field.sh
renamed: tests/hardening/13.1_remove_empty_password_field.sh -> tests/hardening/6.2.20_shadow_group_empty.sh
renamed: tests/hardening/13.19_find_user_forward_files.sh -> tests/hardening/6.2.2_remove_legacy_passwd_entries.sh
renamed: tests/hardening/13.18_find_user_netrc_files.sh -> tests/hardening/6.2.3_remove_legacy_shadow_entries.sh
renamed: tests/hardening/13.17_check_duplicate_groupname.sh -> tests/hardening/6.2.4_remove_legacy_group_entries.sh
renamed: tests/hardening/13.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.5_find_0_uid_non_root_account.sh
renamed: tests/hardening/13.16_check_duplicate_username.sh -> tests/hardening/6.2.6_sanitize_root_path.sh
renamed: tests/hardening/13.12_users_valid_homedir.sh -> tests/hardening/6.2.8_check_user_dir_perm.sh
renamed: tests/hardening/13.11_find_passwd_group_inconsistencies.sh -> tests/hardening/6.2.9_users_valid_homedir.sh
2019-09-12 17:43:12 +02:00
Charles Herlin
440aeaf45f
Renum 12.x checks to 6.1.x Verify_System_File_Permissions
...
modified: bin/hardening/12.4_etc_passwd_ownership.sh
modified: bin/hardening/12.5_etc_shadow_ownership.sh
modified: bin/hardening/12.6_etc_group_ownership.sh
renamed: bin/hardening/12.7_find_world_writable_file.sh -> bin/hardening/6.1.10_find_world_writable_file.sh
renamed: bin/hardening/12.8_find_unowned_files.sh -> bin/hardening/6.1.11_find_unowned_files.sh
renamed: bin/hardening/12.9_find_ungrouped_files.sh -> bin/hardening/6.1.12_find_ungrouped_files.sh
renamed: bin/hardening/12.10_find_suid_files.sh -> bin/hardening/6.1.13_find_suid_files.sh
renamed: bin/hardening/12.11_find_sgid_files.sh -> bin/hardening/6.1.14_find_sgid_files.sh
renamed: bin/hardening/12.1_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
renamed: bin/hardening/12.2_etc_shadow_permissions.sh -> bin/hardening/6.1.3_etc_shadow_permissions.sh
renamed: bin/hardening/12.3_etc_group_permissions.sh -> bin/hardening/6.1.4_etc_group_permissions.sh
deleted: tests/hardening/12.1_etc_passwd_permissions.sh
deleted: tests/hardening/12.2_etc_shadow_permissions.sh
deleted: tests/hardening/12.3_etc_group_permissions.sh
renamed: tests/hardening/12.7_find_world_writable_file.sh -> tests/hardening/6.1.10_find_world_writable_file.sh
renamed: tests/hardening/12.8_find_unowned_files.sh -> tests/hardening/6.1.11_find_unowned_files.sh
renamed: tests/hardening/12.9_find_ungrouped_files.sh -> tests/hardening/6.1.12_find_ungrouped_files.sh
renamed: tests/hardening/12.10_find_suid_files.sh -> tests/hardening/6.1.13_find_suid_files.sh
renamed: tests/hardening/12.11_find_sgid_files.sh -> tests/hardening/6.1.14_find_sgid_files.sh
renamed: tests/hardening/12.6_etc_group_ownership.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
renamed: tests/hardening/12.5_etc_shadow_ownership.sh -> tests/hardening/6.1.3_etc_shadow_permissions.sh
renamed: tests/hardening/12.4_etc_passwd_ownership.sh -> tests/hardening/6.1.4_etc_group_permissions.sh
2019-09-12 16:44:45 +02:00
Charles Herlin
a085785321
Renum warning banners checks 11.x to 1.7.x
...
new file: bin/hardening/1.7.1.1_remove_os_info_motd.sh
renamed: bin/hardening/11.2_remove_os_info_warning_banners.sh -> bin/hardening/1.7.1.2_remove_os_info_issue.sh
new file: bin/hardening/1.7.1.3_remove_os_info_issue_net.sh
new file: bin/hardening/1.7.1.4_motd_perms.sh
new file: bin/hardening/1.7.1.5_etc_issue_perms.sh
new file: bin/hardening/1.7.1.6_etc_issue_net_perms.sh
renamed: bin/hardening/11.3_graphical_warning_banners.sh -> bin/hardening/1.7.2_graphical_warning_banners.sh
deleted: bin/hardening/11.1_warning_banners.sh
renamed: tests/hardening/11.3_graphical_warning_banners.sh -> tests/hardening/1.7.1.1_remove_os_info_motd.sh
renamed: tests/hardening/11.2_remove_os_info_warning_banners.sh -> tests/hardening/1.7.1.2_remove_os_info_issue.sh
renamed: tests/hardening/11.1_warning_banners.sh -> tests/hardening/1.7.1.3_remove_os_info_issue_net.sh
new file: tests/hardening/1.7.1.4_warning_banners.sh
new file: tests/hardening/1.7.2_graphical_warning_banners.sh
2019-09-12 15:42:22 +02:00