GoldenKiwi
5370ec2ef6
feat: add nftables to firewall software allow list ( #203 )
...
* feat: add nftables to firewall software allow list
fixes #191
* fix: enhance 3.5.4.1.1_net_fw_default_policy_drop.sh iptables output check, disable associated test
2023-09-07 14:36:08 +02:00
Stéphane Lesimple
6135c3d0e5
fix: enhance test 99.1.3 speed for large /etc/sudoers.d folders ( #188 )
...
Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com>
2023-07-18 17:28:35 +02:00
Tarik Megzari
a6ad528087
feat: Add experimental debian12 functionnal tests ( #187 )
...
Signed-off-by: Tarik Megzari <tarik.megzari@ovhcloud.com>
Co-authored-by: Tarik Megzari <tarik.megzari@ovhcloud.com>
2023-07-10 10:52:17 +02:00
GoldenKiwi
bd27cd0dae
fix: change auditd file rule remediation ( #179 )
...
Fixes #165
2023-05-05 12:32:22 +02:00
GoldenKiwi
19ce790a27
fix: ensure mountpoints are properly detected ( #177 )
...
Fixes #155
When real entries are present in fstab, system startup or runtime mountpoints are now properly detected
Add a supplementary check in case of partition not present in fstab
2023-05-02 18:01:53 +02:00
GoldenKiwi
04457e7df2
feat: official Debian 11 compatibility ( #176 )
...
Introduce Debian 11 compatibility
Based on CIS_Debian_Linux_11_Benchmark_v1.0.0
After review, here are the notable changes :
- Harden /var/log more (noexec,nodev,nosuid)
- Harden /var/log/audit more (noexec,nodev,nosuid)
- Harden /home more (nosuid)
- Disable cramfs
- Fix 5.3.4_acc_pam_sha512.sh
- Deprecate Debian 9 and remove useless docker images
NB : more audit log rules have been introduced and will be inserted in the checks later
Fix #158
2023-05-02 14:16:19 +02:00
Stéphane Lesimple
dc952b90df
fix: timeout of 99.1.3 ( #168 )
...
The 99.1.3_acc_sudoers_no_all.sh script can sometimes timeout
on servers where /etc/sudoers.d/ has thousands of files.
This patch makes it run roughly 5x faster, as tested on a
server with 1500 files in sudoers.d/.
Closes #167 .
Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com>
Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com>
2022-12-22 09:47:35 +01:00
Tarik Megzari
82a217032d
fix(6.2.9): Start from UID 1000 for home ownership check ( #164 )
...
Rename 6.2.3 and 6.2.9 checks to be more accurate
Remove home existence check from 6.2.9 as it's handled by 6.2.3
Update tests accordingly
Fixes #163
Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>
Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>
2022-09-30 10:28:48 +02:00
ymartin-ovh
371c23cd52
feat: add FIND_IGNORE_NOSUCHFILE_ERR flag ( #159 )
...
This flag can be used to prevent find-related checks to fail because one part of filesystem disappear (ie. ephemeral directories or files)
2022-07-04 14:29:25 +02:00
ymartin-ovh
66ccc6316a
feat: Filter the filesystem to check when the list is built. ( #156 )
...
* feat: Attempt to filter-out filesystem that match exclusion regex.
2022-06-24 17:45:47 +02:00
GoldenKiwi
ad5c71c3ce
fix: allow passwd-, group- and shadow- debian default permissions ( #149 )
2022-03-18 16:41:49 +01:00
Jan Schmidle
a6a22084e1
missing shadowtools backup files is ok ( #132 )
...
* missing shadowtools backup files is ok
* update corresponding test cases
2022-03-02 18:05:37 +01:00
tdenof
1341622335
Fix empty fstab test ( #134 )
...
Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>
Co-authored-by: Thibault Dewailly <thibault.dewailly@corp.ovh.com>
2021-12-08 08:42:22 +01:00
Thibault Ayanides
afed5a9dce
99.5.4.5.2: fix bug where sha512 option rounds provoke KO ( #112 )
2021-08-10 10:30:35 +02:00
Thibault Ayanides
334d743125
fix EXCEPTIONS management ( #104 )
...
* FIX(1.1.21, 6.1.10) fix EXCEPTIONS management
* Update changelog
* Refactor test for 6.1.10-14
2021-06-02 13:47:19 +02:00
Thibault Ayanides
9e6c9a0d8a
Accept lower values ( #95 )
...
* IMP(5.2.23): accept lower value as valid
* IMP(5.2.7): accept lower value as valid
2021-04-27 16:04:13 +02:00
Thibault Ayanides
8c6c9a7571
IMP(tests): checks that stderr is empty
...
Fix #97
2021-04-26 17:01:19 +02:00
Thibault Ayanides
c50f200c5c
FIX(5.4.5.2): explicit sha512
...
fix #74
2021-03-22 15:22:50 +01:00
Thibault Ayanides
1a7dd5893a
Use pam_faillock instead of pam_tally for bullseye ( #56 )
...
Fix #55
See https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0
pam_tally is deprecated and replaced by pam_faillock
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-02-17 11:36:58 +01:00
Thibault Ayanides
fa111bc0d0
Update mac and kex to match debian10 CIS ( #60 )
...
fix #53
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-02-17 11:31:22 +01:00
Thibault Ayanides
6ae05f3fa2
Add dealing with debian 11
...
* ADD: add dockerfile for debian11
* FIX: fix crontab file not found on debian11 blank
* Add workflow for debian11
* FIX: fix debian version func to manage debian11
* Add dealing with unsupported version and distro
* Add 99.99 check that check if distro version is supported
* Use global var for debian major and distro
fix #26
2021-02-08 13:54:24 +01:00
jeremydenoun
0b6ea0d97e
IMP: add multiple Improvements
...
* add new kernel module detection (enable & listing) with detection of monolithic kernel
* change way to detect if file system type is disabled
* add global IS_CONTAINER variable
* disable test for 3.4.x to be consistent with others
* add cli options to override configuration loglevel
2021-02-04 16:21:49 +01:00
Thibault Ayanides
ed1baa724e
IMP: mark some checks as useless
2021-01-25 13:02:52 +01:00
Thibault Ayanides
bd4ddfc398
ADD(3.4.x): add checks and tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
5a72d986ea
IMP(3.1-3.x): add comprehensive tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
c51513e083
IMP(1.8.1.4-6): add comprehensive tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
6127f2fe67
IMP(4.2.2.x): improve dealing with default conf
...
The default for journald is Compress=yes and ForwardToSyslog=yes
So we check that Compress=no and ForwardToSyslog=no are not in the conf file.
2021-01-25 13:02:52 +01:00
jeremydenoun
0edb837f80
Remove bc dependency
...
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
2021-01-22 09:31:53 +01:00
Thibault Ayanides
0ca73899d3
ADD(4.2.2.x): add journald checks
2021-01-04 10:10:47 +01:00
Thibault Ayanides
a5e1cb90cd
ADD(4.1.1.4): add new check
2021-01-04 09:03:44 +01:00
Thibault Ayanides
e0c6692ff2
ADD(4.1.1.1): add auditd install
2020-12-24 16:20:02 +01:00
Thibault Ayanides
e2ad0a5dcc
ADD(4.4): add logrotate permissions checking
2020-12-24 10:31:47 +01:00
Thibault Ayanides
d0ab72dd26
ADD(5.2.20-23): add new sshd checks
2020-12-23 11:41:53 +01:00
Thibault Ayanides
8da1107532
ADD(1.7.x): add apparmor checks
2020-12-23 10:46:51 +01:00
Thibault Ayanides
9cbc3f85a9
Renum 99.x files to comply with debian10 CIS
2020-12-22 16:36:35 +01:00
Thibault Ayanides
87e242a42d
Add commentaries, renum scripts
2020-12-22 15:58:10 +01:00
Thibault Ayanides
7f990b5e53
Add new checks (blank for now)
2020-12-22 14:42:45 +01:00
Thibault Ayanides
7d87619744
Renum 6.x files to comply with debian10 CIS
...
renamed: bin/hardening/6.2.7_users_valid_homedir.sh -> bin/hardening/6.2.3_users_valid_homedir.sh
renamed: bin/hardening/6.2.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.4_remove_legacy_shadow_entries.sh
renamed: bin/hardening/6.2.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.5_remove_legacy_group_entries.sh
renamed: bin/hardening/6.2.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.6_find_0_uid_non_root_account.sh
renamed: bin/hardening/6.2.6_sanitize_root_path.sh -> bin/hardening/6.2.7_sanitize_root_path.sh
renamed: tests/hardening/6.2.7_users_valid_homedir.sh -> tests/hardening/6.2.3_users_valid_homedir.sh
renamed: tests/hardening/6.2.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.4_remove_legacy_shadow_entries.sh
renamed: tests/hardening/6.2.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.5_remove_legacy_group_entries.sh
renamed: tests/hardening/6.2.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.6_find_0_uid_non_root_account.sh
renamed: tests/hardening/6.2.6_sanitize_root_path.sh -> tests/hardening/6.2.7_sanitize_root_path.sh
2020-12-22 11:43:53 +01:00
Thibault Ayanides
c9e19b51e6
Renum 4.x files to comply with debian10 CIS
...
renamed: bin/hardening/4.1.2_enable_auditd.sh -> bin/hardening/4.1.1.2_enable_auditd.sh
renamed: bin/hardening/4.1.3_audit_bootloader.sh -> bin/hardening/4.1.1.3_audit_bootloader.sh
renamed: bin/hardening/4.1.11_record_failed_access_file.sh -> bin/hardening/4.1.10_record_failed_access_file.sh
renamed: bin/hardening/4.1.12_record_privileged_commands.sh -> bin/hardening/4.1.11_record_privileged_commands.sh
renamed: bin/hardening/4.1.13_record_successful_mount.sh -> bin/hardening/4.1.12_record_successful_mount.sh
renamed: bin/hardening/4.1.14_record_file_deletions.sh -> bin/hardening/4.1.13_record_file_deletions.sh
renamed: bin/hardening/4.1.15_record_sudoers_edit.sh -> bin/hardening/4.1.14_record_sudoers_edit.sh
renamed: bin/hardening/4.1.16_record_sudo_usage.sh -> bin/hardening/4.1.15_record_sudo_usage.sh
renamed: bin/hardening/4.1.17_record_kernel_modules.sh -> bin/hardening/4.1.16_record_kernel_modules.sh
renamed: bin/hardening/4.1.18_freeze_auditd_conf.sh -> bin/hardening/4.1.17_freeze_auditd_conf.sh
renamed: bin/hardening/4.1.1.1_audit_log_storage.sh -> bin/hardening/4.1.2.1_audit_log_storage.sh
renamed: bin/hardening/4.1.1.2_halt_when_audit_log_full.sh -> bin/hardening/4.1.2.2_halt_when_audit_log_full.sh
renamed: bin/hardening/4.1.1.3_keep_all_audit_logs.sh -> bin/hardening/4.1.2.3_keep_all_audit_logs.sh
renamed: bin/hardening/4.1.4_record_date_time_edit.sh -> bin/hardening/4.1.3_record_date_time_edit.sh
renamed: bin/hardening/4.1.5_record_user_group_edit.sh -> bin/hardening/4.1.4_record_user_group_edit.sh
renamed: bin/hardening/4.1.6_record_network_edit.sh -> bin/hardening/4.1.5_record_network_edit.sh
renamed: bin/hardening/4.1.7_record_mac_edit.sh -> bin/hardening/4.1.6_record_mac_edit.sh
renamed: bin/hardening/4.1.8_record_login_logout.sh -> bin/hardening/4.1.7_record_login_logout.sh
renamed: bin/hardening/4.1.9_record_session_init.sh -> bin/hardening/4.1.8_record_session_init.sh
renamed: bin/hardening/4.1.10_record_dac_edit.sh -> bin/hardening/4.1.9_record_dac_edit.sh
renamed: bin/hardening/4.2.3_install_syslog-ng.sh -> bin/hardening/4.2.2.1_install_syslog-ng.sh
renamed: bin/hardening/4.2.2.1_enable_syslog-ng.sh -> bin/hardening/4.2.2.2_enable_syslog-ng.sh
renamed: bin/hardening/4.2.2.2_configure_syslog-ng.sh -> bin/hardening/4.2.2.3_configure_syslog-ng.sh
renamed: bin/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh -> bin/hardening/4.2.2.4_syslog_ng_logfiles_perm.sh
renamed: bin/hardening/4.2.2.4_syslog-ng_remote_host.sh -> bin/hardening/4.2.2.5_syslog-ng_remote_host.sh
renamed: bin/hardening/4.2.2.5_remote_syslog-ng_acl.sh -> bin/hardening/4.2.2.6_remote_syslog-ng_acl.sh
renamed: bin/hardening/4.2.4_logs_permissions.sh -> bin/hardening/4.2.3_logs_permissions.sh
renamed: tests/hardening/4.1.2_enable_auditd.sh -> tests/hardening/4.1.1.2_enable_auditd.sh
renamed: tests/hardening/4.1.3_audit_bootloader.sh -> tests/hardening/4.1.1.3_audit_bootloader.sh
renamed: tests/hardening/4.1.11_record_failed_access_file.sh -> tests/hardening/4.1.10_record_failed_access_file.sh
renamed: tests/hardening/4.1.12_record_privileged_commands.sh -> tests/hardening/4.1.11_record_privileged_commands.sh
renamed: tests/hardening/4.1.13_record_successful_mount.sh -> tests/hardening/4.1.12_record_successful_mount.sh
renamed: tests/hardening/4.1.14_record_file_deletions.sh -> tests/hardening/4.1.13_record_file_deletions.sh
renamed: tests/hardening/4.1.15_record_sudoers_edit.sh -> tests/hardening/4.1.14_record_sudoers_edit.sh
renamed: tests/hardening/4.1.16_record_sudo_usage.sh -> tests/hardening/4.1.15_record_sudo_usage.sh
renamed: tests/hardening/4.1.17_record_kernel_modules.sh -> tests/hardening/4.1.16_record_kernel_modules.sh
renamed: tests/hardening/4.1.18_freeze_auditd_conf.sh -> tests/hardening/4.1.17_freeze_auditd_conf.sh
renamed: tests/hardening/4.1.1.1_audit_log_storage.sh -> tests/hardening/4.1.2.1_audit_log_storage.sh
renamed: tests/hardening/4.1.1.2_halt_when_audit_log_full.sh -> tests/hardening/4.1.2.2_halt_when_audit_log_full.sh
renamed: tests/hardening/4.1.1.3_keep_all_audit_logs.sh -> tests/hardening/4.1.2.3_keep_all_audit_logs.sh
renamed: tests/hardening/4.1.4_record_date_time_edit.sh -> tests/hardening/4.1.3_record_date_time_edit.sh
renamed: tests/hardening/4.1.5_record_user_group_edit.sh -> tests/hardening/4.1.4_record_user_group_edit.sh
renamed: tests/hardening/4.1.6_record_network_edit.sh -> tests/hardening/4.1.5_record_network_edit.sh
renamed: tests/hardening/4.1.7_record_mac_edit.sh -> tests/hardening/4.1.6_record_mac_edit.sh
renamed: tests/hardening/4.1.8_record_login_logout.sh -> tests/hardening/4.1.7_record_login_logout.sh
renamed: tests/hardening/4.1.9_record_session_init.sh -> tests/hardening/4.1.8_record_session_init.sh
renamed: tests/hardening/4.1.10_record_dac_edit.sh -> tests/hardening/4.1.9_record_dac_edit.sh
renamed: tests/hardening/4.2.2.1_enable_syslog-ng.sh -> tests/hardening/4.2.2.1_install_syslog-ng.sh
renamed: tests/hardening/4.2.2.2_configure_syslog-ng.sh -> tests/hardening/4.2.2.2_enable_syslog-ng.sh
renamed: tests/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh -> tests/hardening/4.2.2.3_configure_syslog-ng.sh
renamed: tests/hardening/4.2.2.5_remote_syslog-ng_acl.sh -> tests/hardening/4.2.2.4_syslog_ng_logfiles_perm.sh
renamed: tests/hardening/4.2.2.4_syslog-ng_remote_host.sh -> tests/hardening/4.2.2.5_syslog-ng_remote_host.sh
renamed: tests/hardening/4.2.3_install_syslog-ng.sh -> tests/hardening/4.2.2.6_remote_syslog-ng_acl.sh
renamed: tests/hardening/4.2.4_logs_permissions.sh -> tests/hardening/4.2.3_logs_permissions.sh
2020-12-22 10:51:39 +01:00
Thibault Ayanides
7ce8ec8b89
Renum 2.x and 3.x files to comply with debian10 CIS
...
renamed: bin/hardening/3.7_disable_ipv6.sh -> bin/hardening/3.1.1_disable_ipv6.sh
renamed: bin/hardening/3.6_disable_wireless.sh -> bin/hardening/3.1.2_disable_wireless.sh
renamed: bin/hardening/3.1.2_disable_send_packet_redirects.sh -> bin/hardening/3.2.1_disable_send_packet_redirects.sh
renamed: bin/hardening/3.1.1_disable_ip_forwarding.sh -> bin/hardening/3.2.2_disable_ip_forwarding.sh
renamed: bin/hardening/3.2.1_disable_source_routed_packets.sh -> bin/hardening/3.3.1_disable_source_routed_packets.sh
renamed: bin/hardening/3.2.2_disable_icmp_redirect.sh -> bin/hardening/3.3.2_disable_icmp_redirect.sh
renamed: bin/hardening/3.2.3_disable_secure_icmp_redirect.sh -> bin/hardening/3.3.3_disable_secure_icmp_redirect.sh
renamed: bin/hardening/3.2.4_log_martian_packets.sh -> bin/hardening/3.3.4_log_martian_packets.sh
renamed: bin/hardening/3.2.5_ignore_broadcast_requests.sh -> bin/hardening/3.3.5_ignore_broadcast_requests.sh
renamed: bin/hardening/3.2.6_enable_bad_error_message_protection.sh -> bin/hardening/3.3.6_enable_bad_error_message_protection.sh
renamed: bin/hardening/3.2.7_enable_source_route_validation.sh -> bin/hardening/3.3.7_enable_source_route_validation.sh
renamed: bin/hardening/3.2.8_enable_tcp_syn_cookies.sh -> bin/hardening/3.3.8_enable_tcp_syn_cookies.sh
renamed: bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh -> bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh
renamed: bin/hardening/3.5_enable_firewall.sh -> bin/hardening/3.5.1.1_enable_firewall.sh
renamed: bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh -> bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh
renamed: bin/hardening/3.3.1_install_tcp_wrapper.sh -> bin/hardening/99.3.3.1_install_tcp_wrapper.sh
renamed: bin/hardening/3.3.2_hosts_allow.sh -> bin/hardening/99.3.3.2_hosts_allow.sh
renamed: bin/hardening/3.3.3_hosts_deny.sh -> bin/hardening/99.3.3.3_hosts_deny.sh
renamed: bin/hardening/3.3.4_hosts_allow_permissions.sh -> bin/hardening/99.3.3.4_hosts_allow_permissions.sh
renamed: bin/hardening/3.3.5_hosts_deny_permissions.sh -> bin/hardening/99.3.3.5_hosts_deny_permissions.sh
renamed: tests/hardening/3.1.2_disable_send_packet_redirects.sh -> tests/hardening/3.1.1_disable_ipv6.sh
renamed: tests/hardening/3.2.1_disable_source_routed_packets.sh -> tests/hardening/3.1.2_disable_wireless.sh
renamed: tests/hardening/3.2.2_disable_icmp_redirect.sh -> tests/hardening/3.2.1_disable_send_packet_redirects.sh
renamed: tests/hardening/3.1.1_disable_ip_forwarding.sh -> tests/hardening/3.2.2_disable_ip_forwarding.sh
renamed: tests/hardening/3.2.3_disable_secure_icmp_redirect.sh -> tests/hardening/3.3.1_disable_source_routed_packets.sh
renamed: tests/hardening/3.2.4_log_martian_packets.sh -> tests/hardening/3.3.2_disable_icmp_redirect.sh
renamed: tests/hardening/3.2.5_ignore_broadcast_requests.sh -> tests/hardening/3.3.3_disable_secure_icmp_redirect.sh
renamed: tests/hardening/3.2.6_enable_bad_error_message_protection.sh -> tests/hardening/3.3.4_log_martian_packets.sh
renamed: tests/hardening/3.2.7_enable_source_route_validation.sh -> tests/hardening/3.3.5_ignore_broadcast_requests.sh
renamed: tests/hardening/3.2.8_enable_tcp_syn_cookies.sh -> tests/hardening/3.3.6_enable_bad_error_message_protection.sh
renamed: tests/hardening/3.2.9_disable_ipv6_router_advertisement.sh -> tests/hardening/3.3.7_enable_source_route_validation.sh
renamed: tests/hardening/3.3.1_install_tcp_wrapper.sh -> tests/hardening/3.3.8_enable_tcp_syn_cookies.sh
renamed: tests/hardening/3.3.2_hosts_allow.sh -> tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh
renamed: tests/hardening/3.3.3_hosts_deny.sh -> tests/hardening/3.5.1.1_enable_firewall.sh
renamed: tests/hardening/3.3.4_hosts_allow_permissions.sh -> tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh
renamed: tests/hardening/3.3.5_hosts_deny_permissions.sh -> tests/hardening/99.3.3.1_install_tcp_wrapper.sh
renamed: tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh -> tests/hardening/99.3.3.2_hosts_allow.sh
renamed: tests/hardening/3.5_enable_firewall.sh -> tests/hardening/99.3.3.3_hosts_deny.sh
renamed: tests/hardening/3.6_disable_wireless.sh -> tests/hardening/99.3.3.4_hosts_allow_permissions.sh
renamed: tests/hardening/3.7_disable_ipv6.sh -> tests/hardening/99.3.3.5_hosts_deny_permissions.sh
renamed: bin/hardening/2.2.1.2_configure_ntp.sh -> bin/hardening/2.2.1.4_configure_ntp.sh
renamed: tests/hardening/2.2.1.2_configure_ntp.sh -> tests/hardening/2.2.1.4_configure_ntp.sh
2020-12-22 08:52:43 +01:00
Thibault Ayanides
2034aa7b8a
Renum 1.x files to comply with debian10 CIS
...
renamed: bin/hardening/1.4.1_bootloader_ownership.sh -> bin/hardening/1.5.1_bootloader_ownership.sh
renamed: bin/hardening/1.4.2_bootloader_password.sh -> bin/hardening/1.5.2_bootloader_password.sh
renamed: bin/hardening/1.4.3_root_password.sh -> bin/hardening/1.5.3_root_password.sh
renamed: bin/hardening/1.5.2_enable_nx_support.sh -> bin/hardening/1.6.1_enable_nx_support.sh
renamed: bin/hardening/1.5.3_enable_randomized_vm_placement.sh -> bin/hardening/1.6.2_enable_randomized_vm_placement.sh
renamed: bin/hardening/1.5.4_disable_prelink.sh -> bin/hardening/1.6.3_disable_prelink.sh
renamed: bin/hardening/1.5.1_restrict_core_dumps.sh -> bin/hardening/1.6.4_restrict_core_dumps.sh
renamed: bin/hardening/1.6.2.1_enable_apparmor.sh -> bin/hardening/1.7.2.2_enable_apparmor.sh
renamed: bin/hardening/1.7.1.1_remove_os_info_motd.sh -> bin/hardening/1.8.1.1_remove_os_info_motd.sh
renamed: bin/hardening/1.7.1.2_remove_os_info_issue.sh -> bin/hardening/1.8.1.2_remove_os_info_issue.sh
renamed: bin/hardening/1.7.1.3_remove_os_info_issue_net.sh -> bin/hardening/1.8.1.3_remove_os_info_issue_net.sh
renamed: bin/hardening/1.7.1.4_motd_perms.sh -> bin/hardening/1.8.1.4_motd_perms.sh
renamed: bin/hardening/1.7.1.5_etc_issue_perms.sh -> bin/hardening/1.8.1.5_etc_issue_perms.sh
renamed: bin/hardening/1.7.1.6_etc_issue_net_perms.sh -> bin/hardening/1.8.1.6_etc_issue_net_perms.sh
renamed: bin/hardening/1.7.2_graphical_warning_banners.sh -> bin/hardening/1.8.2_graphical_warning_banners.sh
renamed: bin/hardening/1.8_install_updates.sh -> bin/hardening/1.9_install_updates.sh
renamed: tests/hardening/1.4.1_bootloader_ownership.sh -> tests/hardening/1.5.1_bootloader_ownership.sh
renamed: tests/hardening/1.4.2_bootloader_password.sh -> tests/hardening/1.5.2_bootloader_password.sh
renamed: tests/hardening/1.4.3_root_password.sh -> tests/hardening/1.5.3_root_password.sh
renamed: tests/hardening/1.5.2_enable_nx_support.sh -> tests/hardening/1.6.1_enable_nx_support.sh
renamed: tests/hardening/1.5.3_enable_randomized_vm_placement.sh -> tests/hardening/1.6.2_enable_randomized_vm_placement.sh
renamed: tests/hardening/1.5.4_disable_prelink.sh -> tests/hardening/1.6.3_disable_prelink.sh
renamed: tests/hardening/1.5.1_restrict_core_dumps.sh -> tests/hardening/1.6.4_restrict_core_dumps.sh
renamed: tests/hardening/1.6.2.1_enable_apparmor.sh -> tests/hardening/1.7.2.2_enable_apparmor.sh
renamed: tests/hardening/1.7.1.1_remove_os_info_motd.sh -> tests/hardening/1.8.1.1_remove_os_info_motd.sh
renamed: tests/hardening/1.7.1.2_remove_os_info_issue.sh -> tests/hardening/1.8.1.2_remove_os_info_issue.sh
renamed: tests/hardening/1.7.1.3_remove_os_info_issue_net.sh -> tests/hardening/1.8.1.3_remove_os_info_issue_net.sh
renamed: tests/hardening/1.7.1.4_motd_perms.sh -> tests/hardening/1.8.1.4_motd_perms.sh
new file: tests/hardening/1.8.1.5_etc_issue_perms.sh
new file: tests/hardening/1.8.1.6_etc_issue_net_perms.sh
renamed: tests/hardening/1.7.2_graphical_warning_banners.sh -> tests/hardening/1.8.2_graphical_warning_banners.sh
renamed: tests/hardening/1.8_install_updates.sh -> tests/hardening/1.9_install_updates.sh
2020-12-21 16:09:27 +01:00
Thibault Ayanides
87bf29b5fe
ADD(1.3.x): add new scripts for debian10
2020-12-21 15:52:47 +01:00
Thibault Ayanides
0204bb0942
IMP(shellcheck): fix docker shellcheck with new options
2020-12-21 11:43:02 +01:00
Thibault Ayanides
6e0b47ab8f
Rename files, fix permissions of tests
2020-12-21 11:21:32 +01:00
Thibault Ayanides
a2adf0f15c
ADD(6.1.3, 6.1.6-9): add new checks
...
Renamed some checks, add new checks that check permissions and ownership on /etc/passwd, /etc/shadow, ...
Add new function in utils that checks that check that the file ownership is one of the authrized ownership.
renamed: bin/hardening/6.1.5_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
new file: bin/hardening/6.1.3_etc_gshadow-_permissions.sh
renamed: bin/hardening/6.1.6_etc_shadow_permissions.sh -> bin/hardening/6.1.4_etc_shadow_permissions.sh
renamed: bin/hardening/6.1.7_etc_group_permissions.sh -> bin/hardening/6.1.5_etc_group_permissions.sh
new file: bin/hardening/6.1.6_etc_passwd-_permissions.sh
new file: bin/hardening/6.1.7_etc_shadow-_permissions.sh
new file: bin/hardening/6.1.8_etc_group-_permissions.sh
new file: bin/hardening/6.1.9_etc_gshadow_permissions.sh
modified: lib/utils.sh
renamed: tests/hardening/6.1.5_etc_passwd_permissions.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
new file: tests/hardening/6.1.3_etc_gshadow-_permissions.sh
renamed: tests/hardening/6.1.6_etc_shadow_permissions.sh -> tests/hardening/6.1.4_etc_shadow_permissions.sh
renamed: tests/hardening/6.1.7_etc_group_permissions.sh -> tests/hardening/6.1.5_etc_group_permissions.sh
new file: tests/hardening/6.1.6_etc_passwd-_permissions.sh
new file: tests/hardening/6.1.7_etc_shadow-_permissions.sh
new file: tests/hardening/6.1.8_etc_group-_permissions.sh
new file: tests/hardening/6.1.9_etc_gshadow_permissions.sh
2020-12-21 10:02:52 +01:00
Thibault Ayanides
99ac9339f4
IMP: change apt in apt-get
2020-12-07 17:16:19 +01:00
Thibault Ayanides
8012234096
IMP(shellcheck): fix harmless warnings
2020-12-07 14:53:10 +01:00
Thibault Ayanides
addd48c4dd
IMP(shellcheck): add prefix to follow scripts (SC1090)
2020-12-07 13:26:51 +01:00
Thibault Ayanides
d371b8d057
IMP(shellcheck): replace ! -z by -n (SC2236)
2020-12-04 15:14:18 +01:00
Thibault Ayanides
3a342b784a
IMP(shfmt): add shell formatter
2020-12-04 14:08:01 +01:00