Commit Graph

140 Commits

Author SHA1 Message Date
thibault.dewailly
08fd72786c Fixed point 9.1.8 cron rights as a chmod 600 disabled the cron.allow features (file must be world readable) 2016-04-21 18:15:22 +02:00
Thibault Dewailly
85bae89dc3 Merge pull request #2 from PunKeel/master
Fix typo
2016-04-21 15:41:30 +02:00
PunKeel
447718b145 Fix typo 2016-04-21 15:18:36 +02:00
Thibault Dewailly
56e75d78bd Merge pull request #13 in IAAS/cis-hardening from dev/kevin.tanguy/readme to master
* commit '0018d82060026346693080efc8f7f10a09148a90':
  Debian package revision bump 1.0-4
2016-04-21 14:52:23 +02:00
kevin.tanguy
861236c292 Debian package revision bump 1.0-4 2016-04-21 12:00:20 +02:00
thibault.dewailly
f5fc840b04 Added valid suid sgid binaries 2016-04-21 11:51:10 +02:00
Thibault Dewailly
38d144aae2 Merge pull request #1 from ovh/jt-readme
Readme
2016-04-20 19:15:28 +02:00
Jean-Tiare Le Bigot
c63eeaa209 add Readme.md 2016-04-20 18:56:28 +02:00
Kevin Tanguy
8b846d77bb Debian package revision bump 1.0-3 2016-04-20 12:39:58 +02:00
thibault.dewailly
5048099df8 Fixed 8.2.4 check file exists before testing rights 2016-04-20 14:36:55 +02:00
thibault.dewailly
3ece442743 Added exit code to CIS_ROOT_DIR test def, optimized sed and sort 2016-04-20 11:29:44 +02:00
Stéphane Lesimple
1d7865dd68 add --audit-all-enable-passed, add info in README and help 2016-04-19 20:16:47 +02:00
Stéphane Lesimple
8d84f38c97 add --audit-all option 2016-04-19 19:26:04 +02:00
Kevin Tanguy
ccda7adb93 Debianization time 2016-04-18 17:14:56 +02:00
Thibault Dewailly
5cd2b48fa8 Merge pull request #5 in IAAS/cis-hardening from dev/thibault.dewailly/fixedLicense to master
* commit 'a7f418d8a2d5b90a7257542b1dd16fd4238721ca':
  Corrected script names, added License, Completed README and corrected bug with too long logger messages
2016-04-19 13:53:08 +02:00
thibault.dewailly
b2d3ed937e Corrected script names, added License, Completed README and corrected bug with too long logger messages 2016-04-19 09:31:01 +02:00
Thibault Dewailly
11ed345a60 Merge pull request #4 in IAAS/cis-hardening from dev/thibault.dewailly/fixPath to master
* commit 'e9487bfb04d43cd034add8cd0e305ece3be39cd9':
  Corrected default file path
2016-04-18 17:40:22 +02:00
thibault.dewailly
6019dd9078 Corrected default file path 2016-04-18 17:39:14 +02:00
Thibault Dewailly
6971560e06 Merge pull request #3 in IAAS/cis-hardening from dev/thibault.dewailly/bugfix to master
first Bugfixes included

* commit '5e4e0176533f709065e6abd0c3f1f34e69f319e9':
  log format correction, loglevel defaults to info
2016-04-18 14:03:50 +02:00
thibault.dewailly
b1b96cf4e3 log format correction, loglevel defaults to info 2016-04-18 14:01:03 +02:00
Thibault Dewailly
80236c9e27 Merge pull request #2 in IAAS/cis-hardening from dev/thibault.dewailly/base_harden to master
Release Alpha 0.1

* commit '091eec57ee7f706c2dd16150c75b4d93a183b724': (64 commits)
  All configuration defaults to disabled README updated
  99.1_timeout_tty.sh 99.2_disable_usb_devices.sh
  Fixed disabled features, headers and preparing main script
  Added argument parsing and test checks
  13.16_check_duplicate_username.sh 13.17_check_duplicate_groupname.sh 13.18_find_user_netrc_files.sh 13.19_find_user_forward_files.sh 13.20_shadow_group_empty.sh
  13.14_check_duplicate_uid.sh 13.15_check_duplicate_gid.sh^C
  13.12_users_valid_homedir.sh 13.11_find_passwd_group_inconsistencies.sh 13.13_check_user_homedir_ownership.sh
  13.10_find_user_rhosts_files.sh
  13.8_check_user_dot_file_perm.sh 13.9_set_perm_on_user_netrc.sh
  13.7_check_user_dir_perm.sh
  13.1_remove_empty_password_field.sh 13.2_remove_legacy_passwd_entries.sh 13.3_remove_legacy_shadow_entries.sh 13.4_remove_legacy_group_entries.sh 13.5_find_0_uid_non_root_account.sh 13.6_sanitize_root_path.sh
  13.1_remove_empry_password_field.sh
  12.11_find_sgid_files.sh
  12.10_find_suid_files.sh 12.1_etc_passwd_permissions.sh 12.2_etc_shadow_permissions.sh 12.3_etc_group_permissions.sh 12.4_etc_passwd_ownership.sh 12.5_etc_shadow_ownership.sh 12.6_etc_group_ownership.sh 12.7_find_world_writable_file.sh 12.8_find_unowned_files.sh 12.9_find_ungrouped_files.sh
  10.5_lock_inactive_user_account.sh 11.1_warning_banners.sh 11.2_remove_os_info_warning_banners.sh 11.3_graphical_warning_banners.sh
  10.1.1_set_password_exp_days.sh 10.1.2_set_password_min_days_change.sh 10.1.3_set_password_exp_warning_days.sh 10.2_disable_system_accounts.sh 10.3_default_root_group.sh 10.4_default_umask.sh 9.4_secure_tty.sh 9.5_restrict_su.sh
  9.2.1_enable_cracklib.sh 9.2.2_enable_lockout_failed_password.sh 9.2.3_limit_password_reuse.sh 9.3.10_disable_sshd_setenv.sh 9.3.11_sshd_ciphers.sh 9.3.12_sshd_idle_timeout.sh 9.3.13_sshd_limit_access.sh 9.3.14_ssh_banner.sh 9.3.2_sshd_loglevel.sh 9.3.1_sshd_protocol.sh 9.3.3_sshd_conf_perm_ownership.sh 9.3.4_disable_x11_forwarding.sh 9.3.5_sshd_maxauthtries.sh 9.3.6_enable_sshd_ignorerhosts.sh 9.3.7_disable_sshd_hostbasedauthentication.sh 9.3.8_disable_root_login.sh 9.3.9_disable_sshd_permitemptypasswords.sh
  9.1.3_cron_hourly_perm_ownership.sh 9.1.4_cron_daily_perm_ownership.sh 9.1.5_cron_weekly_perm_ownership.sh 9.1.6_cron_monthly_perm_ownership.sh 9.1.7_cron_d_perm_ownership.sh 9.1.8_cron_users.sh
  9.1.1_enable_cron.sh 9.1.2_crontab_perm_ownership.sh
  8.4_configure_logrotate.sh
  ...
2016-04-18 13:25:54 +02:00
thibault.dewailly
e79a03095c All configuration defaults to disabled README updated 2016-04-18 13:19:46 +02:00
thibault.dewailly
7eaf124fc0 99.1_timeout_tty.sh 99.2_disable_usb_devices.sh 2016-04-18 11:16:05 +02:00
thibault.dewailly
628fe96666 Fixed disabled features, headers and preparing main script 2016-04-17 23:19:41 +02:00
thibault.dewailly
fa98efc32b Added argument parsing and test checks 2016-04-17 23:10:47 +02:00
thibault.dewailly
f829cdacf2 13.16_check_duplicate_username.sh 13.17_check_duplicate_groupname.sh 13.18_find_user_netrc_files.sh 13.19_find_user_forward_files.sh 13.20_shadow_group_empty.sh 2016-04-17 22:30:20 +02:00
thibault.dewailly
dbeca2fba3 13.14_check_duplicate_uid.sh 13.15_check_duplicate_gid.sh^C 2016-04-17 19:53:47 +02:00
thibault.dewailly
4894b6d402 13.12_users_valid_homedir.sh 13.11_find_passwd_group_inconsistencies.sh 13.13_check_user_homedir_ownership.sh 2016-04-17 18:58:25 +02:00
thibault.dewailly
39e9c794e4 13.10_find_user_rhosts_files.sh 2016-04-16 18:55:44 +02:00
thibault.dewailly
77f01d2709 13.8_check_user_dot_file_perm.sh 13.9_set_perm_on_user_netrc.sh 2016-04-16 18:32:09 +02:00
thibault.dewailly
db91df2296 13.7_check_user_dir_perm.sh 2016-04-16 18:11:53 +02:00
thibault.dewailly
fb9bf542a1 13.1_remove_empty_password_field.sh 13.2_remove_legacy_passwd_entries.sh 13.3_remove_legacy_shadow_entries.sh 13.4_remove_legacy_group_entries.sh 13.5_find_0_uid_non_root_account.sh 13.6_sanitize_root_path.sh 2016-04-16 17:25:48 +02:00
thibault.dewailly
8c94214120 13.1_remove_empry_password_field.sh 2016-04-16 15:10:14 +02:00
thibault.dewailly
c193bd49f5 12.11_find_sgid_files.sh 2016-04-16 12:57:24 +02:00
thibault.dewailly
ac2b994306 12.10_find_suid_files.sh 12.1_etc_passwd_permissions.sh 12.2_etc_shadow_permissions.sh 12.3_etc_group_permissions.sh 12.4_etc_passwd_ownership.sh 12.5_etc_shadow_ownership.sh 12.6_etc_group_ownership.sh 12.7_find_world_writable_file.sh 12.8_find_unowned_files.sh 12.9_find_ungrouped_files.sh 2016-04-16 00:26:19 +02:00
thibault.dewailly
82a7b05a05 10.5_lock_inactive_user_account.sh 11.1_warning_banners.sh 11.2_remove_os_info_warning_banners.sh 11.3_graphical_warning_banners.sh 2016-04-15 23:38:48 +02:00
thibault.dewailly
6c72eb0a8b 10.1.1_set_password_exp_days.sh 10.1.2_set_password_min_days_change.sh 10.1.3_set_password_exp_warning_days.sh 10.2_disable_system_accounts.sh 10.3_default_root_group.sh 10.4_default_umask.sh 9.4_secure_tty.sh 9.5_restrict_su.sh 2016-04-15 19:29:26 +02:00
thibault.dewailly
823cd217a0 9.2.1_enable_cracklib.sh 9.2.2_enable_lockout_failed_password.sh 9.2.3_limit_password_reuse.sh 9.3.10_disable_sshd_setenv.sh 9.3.11_sshd_ciphers.sh 9.3.12_sshd_idle_timeout.sh 9.3.13_sshd_limit_access.sh 9.3.14_ssh_banner.sh 9.3.2_sshd_loglevel.sh 9.3.1_sshd_protocol.sh 9.3.3_sshd_conf_perm_ownership.sh 9.3.4_disable_x11_forwarding.sh 9.3.5_sshd_maxauthtries.sh 9.3.6_enable_sshd_ignorerhosts.sh 9.3.7_disable_sshd_hostbasedauthentication.sh 9.3.8_disable_root_login.sh 9.3.9_disable_sshd_permitemptypasswords.sh 2016-04-15 14:24:45 +02:00
thibault.dewailly
0407ebe362 9.1.3_cron_hourly_perm_ownership.sh 9.1.4_cron_daily_perm_ownership.sh 9.1.5_cron_weekly_perm_ownership.sh 9.1.6_cron_monthly_perm_ownership.sh 9.1.7_cron_d_perm_ownership.sh 9.1.8_cron_users.sh 2016-04-15 10:18:23 +02:00
thibault.dewailly
95d4936fbc 9.1.1_enable_cron.sh 9.1.2_crontab_perm_ownership.sh 2016-04-14 23:26:37 +02:00
thibault.dewailly
1a0be2e5b0 8.4_configure_logrotate.sh 2016-04-14 23:11:09 +02:00
thibault.dewailly
a93c6174e3 8.4_conifgure_logrotate.sh 2016-04-14 23:08:52 +02:00
thibault.dewailly
909dde9f18 8.3.2_tripwire_cron.sh 2016-04-14 23:05:58 +02:00
thibault.dewailly
d373b6f937 8.2.5_syslog-ng_remote_host.sh 8.2.6_remote_syslog-ng_acl.sh 8.3.1_install_tripwire.sh 2016-04-14 22:47:34 +02:00
thibault.dewailly
f0bff32503 8.2.1_install_syslog-ng.sh 8.2.2_enable_syslog-ng.sh 8.2.3_configure_syslog-ng.sh 8.2.4_set_logfile_perm.sh 2016-04-14 17:55:14 +02:00
thibault.dewailly
488886305f 8.1.11_record_failed_access_file.sh 8.1.12_record_privileged_commands.sh 8.1.13_record_successful_mount.sh 8.1.14_record_file_deletions.sh 8.1.15_record_sudoers_edit.sh 8.1.16_record_sudo_usage.sh 8.1.17_record_kernel_modules.sh 8.1.18_freeze_auditd_conf.sh 2016-04-14 16:44:14 +02:00
thibault.dewailly
2ad4260ffb 8.1.10_record_dac_edit.sh 8.1.6_record_network_edit.sh 8.1.7_record_mac_edit.sh 8.1.8_record_login_logout.sh 8.1.9_record_session_init.sh 2016-04-14 14:43:26 +02:00
thibault.dewailly
0ce0b23dc8 8.1.4_record_date_time_edit.sh 8.1.5_record_user_group_edit.sh 2016-04-14 14:07:00 +02:00
thibault.dewailly
127d3e9124 8.1.1.3_keep_all_audit_logs.sh 8.1.3_audit_bootloader.sh 2016-04-14 13:11:56 +02:00
thibault.dewailly
9c229574d1 8.0_enable_auditd_kernel.sh 8.1.1.2_halt_when_audit_log_full.sh 8.1.2_enable_auditd.sh 2016-04-14 10:40:31 +02:00