Thibault Ayanides
6ae05f3fa2
Add dealing with debian 11
...
* ADD: add dockerfile for debian11
* FIX: fix crontab file not found on debian11 blank
* Add workflow for debian11
* FIX: fix debian version func to manage debian11
* Add dealing with unsupported version and distro
* Add 99.99 check that check if distro version is supported
* Use global var for debian major and distro
fix #26
2021-02-08 13:54:24 +01:00
Thibault Ayanides
449c695415
IMP: improve partition detection in container
...
fix #27
2021-02-08 09:07:09 +01:00
dependabot[bot]
2d6550fb13
Bump dev-drprasad/delete-tag-and-release from v0.1.2 to v0.1.3 ( #41 )
...
Bumps [dev-drprasad/delete-tag-and-release](https://github.com/dev-drprasad/delete-tag-and-release ) from v0.1.2 to v0.1.3.
- [Release notes](https://github.com/dev-drprasad/delete-tag-and-release/releases )
- [Commits](https://github.com/dev-drprasad/delete-tag-and-release/compare/v0.1.2...3c280cb168f9f46f0036f47c7f57bba2ec18f61c )
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-04 16:23:41 +01:00
jeremydenoun
0b6ea0d97e
IMP: add multiple Improvements
...
* add new kernel module detection (enable & listing) with detection of monolithic kernel
* change way to detect if file system type is disabled
* add global IS_CONTAINER variable
* disable test for 3.4.x to be consistent with others
* add cli options to override configuration loglevel
2021-02-04 16:21:49 +01:00
dependabot[bot]
ec9e2addc2
Bump luizm/action-sh-checker from v0.1.10 to v0.1.12
...
Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker ) from v0.1.10 to v0.1.12.
- [Release notes](https://github.com/luizm/action-sh-checker/releases )
- [Commits](https://github.com/luizm/action-sh-checker/compare/v0.1.10...442951059cb22d260c6e69309ae59cb7bb2334b8 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-02-01 13:08:50 +01:00
Thibault Ayanides
ed1baa724e
IMP: mark some checks as useless
2021-01-25 13:02:52 +01:00
Thibault Ayanides
bd4ddfc398
ADD(3.4.x): add checks and tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
5a72d986ea
IMP(3.1-3.x): add comprehensive tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
c51513e083
IMP(1.8.1.4-6): add comprehensive tests
2021-01-25 13:02:52 +01:00
Thibault Ayanides
6127f2fe67
IMP(4.2.2.x): improve dealing with default conf
...
The default for journald is Compress=yes and ForwardToSyslog=yes
So we check that Compress=no and ForwardToSyslog=no are not in the conf file.
2021-01-25 13:02:52 +01:00
Thibault Serti
6efefa07ac
Update shellcheck workflow
...
fix #34
2021-01-22 14:45:01 +01:00
jeremydenoun
dce926a536
Add default variable to avoid unbound variable
...
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
2021-01-22 10:02:44 +01:00
jeremydenoun
0edb837f80
Remove bc dependency
...
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
2021-01-22 09:31:53 +01:00
jeremydenoun
1c2e171655
Fix ovh/debian-cis:#25 ( #28 )
...
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
2021-01-21 16:01:34 +01:00
dependabot[bot]
4a652a94c6
Bump EndBug/add-and-commit from v6 to v7
...
Bumps [EndBug/add-and-commit](https://github.com/EndBug/add-and-commit ) from v6 to v7.
- [Release notes](https://github.com/EndBug/add-and-commit/releases )
- [Changelog](https://github.com/EndBug/add-and-commit/blob/master/CHANGELOG.md )
- [Commits](https://github.com/EndBug/add-and-commit/compare/v6...b3c7c1e078a023d75fb0bd326e02962575ce0519 )
Signed-off-by: dependabot[bot] <support@github.com>
2021-01-18 15:52:46 +01:00
Thibault Ayanides
89780550e6
Fix badges on README
2021-01-18 15:47:41 +01:00
Thibault Ayanides
047421f2d8
Regenerate man pages (Github action)
2021-01-18 15:47:41 +01:00
Thibault Ayanides
124aeea5cc
Fix debian package build via github actions
2021-01-18 15:47:41 +01:00
Thibault Ayanides
8de9817035
Update LICENSE
2021-01-18 15:47:41 +01:00
Thibault Ayanides
3217429679
Regenerate man pages (Github action)
2021-01-18 11:45:13 +01:00
Thibault Ayanides
af38e4f404
Update changelog
2021-01-18 11:45:13 +01:00
Thibault Ayanides
efb14ea0a9
Add compile manual github action
2021-01-18 11:45:13 +01:00
Thibault Ayanides
8029da6157
Add manual
2021-01-18 11:45:13 +01:00
Thibault Ayanides
4281ed330a
Update compat in debian package
2021-01-18 11:45:13 +01:00
Thibault Ayanides
aa90093f24
Add dependabot action
2021-01-18 11:45:13 +01:00
Thibault Ayanides
0ab210183b
Beautify README.md
2021-01-18 11:45:13 +01:00
Thibault Ayanides
8f5e3c2ef8
Bump shellcheck action version
2021-01-18 11:45:13 +01:00
Thibault Ayanides
f454b18991
Change artefact name when releasing
2021-01-18 11:45:13 +01:00
Thibault Ayanides
33b0dae4c3
Check if changelog was modfified before release
2021-01-18 11:45:13 +01:00
Thibault Ayanides
44e7ea7c63
Improve workflows
2021-01-18 11:45:13 +01:00
Thibault Ayanides
3f20f99e50
Add github actions
...
Add shellcheck, shellfmt, release, prerelease, functionnal tests
2021-01-14 19:31:14 +01:00
Thibault Ayanides
45ccd337b4
Update README, AUTHORS, LICENSE
2021-01-13 11:14:26 +01:00
Thibault Ayanides
624aba950d
ADD(4.2.1.6): add new syslog-ng check
2021-01-04 14:24:35 +01:00
Thibault Ayanides
0ca73899d3
ADD(4.2.2.x): add journald checks
2021-01-04 10:10:47 +01:00
Thibault Ayanides
a5e1cb90cd
ADD(4.1.1.4): add new check
2021-01-04 09:03:44 +01:00
Thibault Ayanides
b6fff5b8b6
ADD(2.2.1.2): add systemd-timesyncd
2020-12-24 16:20:12 +01:00
Thibault Ayanides
e0c6692ff2
ADD(4.1.1.1): add auditd install
2020-12-24 16:20:02 +01:00
Thibault Ayanides
7c69305b44
Update changelog
2021-01-04 08:20:59 +01:00
Thibault Ayanides
e2ad0a5dcc
ADD(4.4): add logrotate permissions checking
2020-12-24 10:31:47 +01:00
Thibault Ayanides
d0ab72dd26
ADD(5.2.20-23): add new sshd checks
2020-12-23 11:41:53 +01:00
Thibault Ayanides
520ab63b29
ADD(1.1.1.7): restrict FAT partitions
2020-12-23 11:05:37 +01:00
Thibault Ayanides
f626201fdd
ADD(1.1.23): disable usb storage
2020-12-23 10:57:02 +01:00
Thibault Ayanides
8da1107532
ADD(1.7.x): add apparmor checks
2020-12-23 10:46:51 +01:00
Thibault Ayanides
936b84c0f2
Update documentation
2020-12-22 17:01:41 +01:00
Thibault Ayanides
9cbc3f85a9
Renum 99.x files to comply with debian10 CIS
2020-12-22 16:36:35 +01:00
Thibault Ayanides
87e242a42d
Add commentaries, renum scripts
2020-12-22 15:58:10 +01:00
Thibault Ayanides
7f990b5e53
Add new checks (blank for now)
2020-12-22 14:42:45 +01:00
Thibault Ayanides
38ca43c125
Update skel
2020-12-22 11:49:26 +01:00
Thibault Ayanides
7d87619744
Renum 6.x files to comply with debian10 CIS
...
renamed: bin/hardening/6.2.7_users_valid_homedir.sh -> bin/hardening/6.2.3_users_valid_homedir.sh
renamed: bin/hardening/6.2.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.4_remove_legacy_shadow_entries.sh
renamed: bin/hardening/6.2.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.5_remove_legacy_group_entries.sh
renamed: bin/hardening/6.2.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.6_find_0_uid_non_root_account.sh
renamed: bin/hardening/6.2.6_sanitize_root_path.sh -> bin/hardening/6.2.7_sanitize_root_path.sh
renamed: tests/hardening/6.2.7_users_valid_homedir.sh -> tests/hardening/6.2.3_users_valid_homedir.sh
renamed: tests/hardening/6.2.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.4_remove_legacy_shadow_entries.sh
renamed: tests/hardening/6.2.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.5_remove_legacy_group_entries.sh
renamed: tests/hardening/6.2.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.6_find_0_uid_non_root_account.sh
renamed: tests/hardening/6.2.6_sanitize_root_path.sh -> tests/hardening/6.2.7_sanitize_root_path.sh
2020-12-22 11:43:53 +01:00
Thibault Ayanides
c9e19b51e6
Renum 4.x files to comply with debian10 CIS
...
renamed: bin/hardening/4.1.2_enable_auditd.sh -> bin/hardening/4.1.1.2_enable_auditd.sh
renamed: bin/hardening/4.1.3_audit_bootloader.sh -> bin/hardening/4.1.1.3_audit_bootloader.sh
renamed: bin/hardening/4.1.11_record_failed_access_file.sh -> bin/hardening/4.1.10_record_failed_access_file.sh
renamed: bin/hardening/4.1.12_record_privileged_commands.sh -> bin/hardening/4.1.11_record_privileged_commands.sh
renamed: bin/hardening/4.1.13_record_successful_mount.sh -> bin/hardening/4.1.12_record_successful_mount.sh
renamed: bin/hardening/4.1.14_record_file_deletions.sh -> bin/hardening/4.1.13_record_file_deletions.sh
renamed: bin/hardening/4.1.15_record_sudoers_edit.sh -> bin/hardening/4.1.14_record_sudoers_edit.sh
renamed: bin/hardening/4.1.16_record_sudo_usage.sh -> bin/hardening/4.1.15_record_sudo_usage.sh
renamed: bin/hardening/4.1.17_record_kernel_modules.sh -> bin/hardening/4.1.16_record_kernel_modules.sh
renamed: bin/hardening/4.1.18_freeze_auditd_conf.sh -> bin/hardening/4.1.17_freeze_auditd_conf.sh
renamed: bin/hardening/4.1.1.1_audit_log_storage.sh -> bin/hardening/4.1.2.1_audit_log_storage.sh
renamed: bin/hardening/4.1.1.2_halt_when_audit_log_full.sh -> bin/hardening/4.1.2.2_halt_when_audit_log_full.sh
renamed: bin/hardening/4.1.1.3_keep_all_audit_logs.sh -> bin/hardening/4.1.2.3_keep_all_audit_logs.sh
renamed: bin/hardening/4.1.4_record_date_time_edit.sh -> bin/hardening/4.1.3_record_date_time_edit.sh
renamed: bin/hardening/4.1.5_record_user_group_edit.sh -> bin/hardening/4.1.4_record_user_group_edit.sh
renamed: bin/hardening/4.1.6_record_network_edit.sh -> bin/hardening/4.1.5_record_network_edit.sh
renamed: bin/hardening/4.1.7_record_mac_edit.sh -> bin/hardening/4.1.6_record_mac_edit.sh
renamed: bin/hardening/4.1.8_record_login_logout.sh -> bin/hardening/4.1.7_record_login_logout.sh
renamed: bin/hardening/4.1.9_record_session_init.sh -> bin/hardening/4.1.8_record_session_init.sh
renamed: bin/hardening/4.1.10_record_dac_edit.sh -> bin/hardening/4.1.9_record_dac_edit.sh
renamed: bin/hardening/4.2.3_install_syslog-ng.sh -> bin/hardening/4.2.2.1_install_syslog-ng.sh
renamed: bin/hardening/4.2.2.1_enable_syslog-ng.sh -> bin/hardening/4.2.2.2_enable_syslog-ng.sh
renamed: bin/hardening/4.2.2.2_configure_syslog-ng.sh -> bin/hardening/4.2.2.3_configure_syslog-ng.sh
renamed: bin/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh -> bin/hardening/4.2.2.4_syslog_ng_logfiles_perm.sh
renamed: bin/hardening/4.2.2.4_syslog-ng_remote_host.sh -> bin/hardening/4.2.2.5_syslog-ng_remote_host.sh
renamed: bin/hardening/4.2.2.5_remote_syslog-ng_acl.sh -> bin/hardening/4.2.2.6_remote_syslog-ng_acl.sh
renamed: bin/hardening/4.2.4_logs_permissions.sh -> bin/hardening/4.2.3_logs_permissions.sh
renamed: tests/hardening/4.1.2_enable_auditd.sh -> tests/hardening/4.1.1.2_enable_auditd.sh
renamed: tests/hardening/4.1.3_audit_bootloader.sh -> tests/hardening/4.1.1.3_audit_bootloader.sh
renamed: tests/hardening/4.1.11_record_failed_access_file.sh -> tests/hardening/4.1.10_record_failed_access_file.sh
renamed: tests/hardening/4.1.12_record_privileged_commands.sh -> tests/hardening/4.1.11_record_privileged_commands.sh
renamed: tests/hardening/4.1.13_record_successful_mount.sh -> tests/hardening/4.1.12_record_successful_mount.sh
renamed: tests/hardening/4.1.14_record_file_deletions.sh -> tests/hardening/4.1.13_record_file_deletions.sh
renamed: tests/hardening/4.1.15_record_sudoers_edit.sh -> tests/hardening/4.1.14_record_sudoers_edit.sh
renamed: tests/hardening/4.1.16_record_sudo_usage.sh -> tests/hardening/4.1.15_record_sudo_usage.sh
renamed: tests/hardening/4.1.17_record_kernel_modules.sh -> tests/hardening/4.1.16_record_kernel_modules.sh
renamed: tests/hardening/4.1.18_freeze_auditd_conf.sh -> tests/hardening/4.1.17_freeze_auditd_conf.sh
renamed: tests/hardening/4.1.1.1_audit_log_storage.sh -> tests/hardening/4.1.2.1_audit_log_storage.sh
renamed: tests/hardening/4.1.1.2_halt_when_audit_log_full.sh -> tests/hardening/4.1.2.2_halt_when_audit_log_full.sh
renamed: tests/hardening/4.1.1.3_keep_all_audit_logs.sh -> tests/hardening/4.1.2.3_keep_all_audit_logs.sh
renamed: tests/hardening/4.1.4_record_date_time_edit.sh -> tests/hardening/4.1.3_record_date_time_edit.sh
renamed: tests/hardening/4.1.5_record_user_group_edit.sh -> tests/hardening/4.1.4_record_user_group_edit.sh
renamed: tests/hardening/4.1.6_record_network_edit.sh -> tests/hardening/4.1.5_record_network_edit.sh
renamed: tests/hardening/4.1.7_record_mac_edit.sh -> tests/hardening/4.1.6_record_mac_edit.sh
renamed: tests/hardening/4.1.8_record_login_logout.sh -> tests/hardening/4.1.7_record_login_logout.sh
renamed: tests/hardening/4.1.9_record_session_init.sh -> tests/hardening/4.1.8_record_session_init.sh
renamed: tests/hardening/4.1.10_record_dac_edit.sh -> tests/hardening/4.1.9_record_dac_edit.sh
renamed: tests/hardening/4.2.2.1_enable_syslog-ng.sh -> tests/hardening/4.2.2.1_install_syslog-ng.sh
renamed: tests/hardening/4.2.2.2_configure_syslog-ng.sh -> tests/hardening/4.2.2.2_enable_syslog-ng.sh
renamed: tests/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh -> tests/hardening/4.2.2.3_configure_syslog-ng.sh
renamed: tests/hardening/4.2.2.5_remote_syslog-ng_acl.sh -> tests/hardening/4.2.2.4_syslog_ng_logfiles_perm.sh
renamed: tests/hardening/4.2.2.4_syslog-ng_remote_host.sh -> tests/hardening/4.2.2.5_syslog-ng_remote_host.sh
renamed: tests/hardening/4.2.3_install_syslog-ng.sh -> tests/hardening/4.2.2.6_remote_syslog-ng_acl.sh
renamed: tests/hardening/4.2.4_logs_permissions.sh -> tests/hardening/4.2.3_logs_permissions.sh
2020-12-22 10:51:39 +01:00