Commit Graph

147 Commits

Author SHA1 Message Date
Charles Herlin
76abf8da36 resolve #SOC-30 Also check /etc/security/limits.d/ for core dump limit 2018-02-12 15:37:12 +01:00
Charles Herlin
51f589923d Fix SOC-28, add test if file exist, if not issue error 2018-02-09 13:49:38 +01:00
Charles Herlin
b1f85d3f99 Add sudo management in main and utils
* perform readonly checks as a regular user
    * sudo -n is used for checks requiring root privileges
    * increase accountability by providing log of individual access to sensitive files
2017-11-09 15:45:42 +01:00
Julien Delayen
a3937b3183 changelog: Update to 1.1-1
- Add hardening templating and several enhancements
- CIS_ROOT_DIR management
- Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
- Debian packaging clean up

Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2018-02-02 09:40:58 +01:00
Julien Delayen
423e454b62 debian: Remove useless {shlibs:Depends}
This fixes the following issue:

Depends field of package cis-hardening:
unknown substitution variable ${shlibs:Depends}

Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:24:21 +01:00
Julien Delayen
b5939dffbe debian: Fix lintian warning
The following error is highlighted by lintian:
depends-on-essential-package-without-using-version: bash

bash is always present and does not need to be specified
in debian/control.

See: https://lintian.debian.org/tags/depends-on-essential-package-without-using-version.html

Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:17:27 +01:00
Julien Delayen
1a9c92b345 debian: Remove auto-generated files from conffiles
The policy for configuration files having changed,
the files are not present in the package anymore.
Remove them from debian/conffiles.

Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:10:45 +01:00
Thibault Dewailly
6977eb5064 Merge pull request #31 in IAAS/cis-hardening from dev/cherlin/update-cis-scripts to master
* commit 'f97fbb47f701fd81a6dcdabb1d2e961943386eb5':
  Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
2017-12-05 11:38:15 +01:00
Thibault Dewailly
12fe049eba Merge pull request #28 in IAAS/cis-hardening from dev/cherlin/cis-root-dir-in-env to master
* commit '5b11b1628a690e0bbd9d34cd5b83dbe74ac6fba7':
  Expand tabs to 4 spaces and trim trailing spaces
  Remove unnecessary CIS_ROOT_DIR empty assignation
  Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management
  Changing CIS_ROOT_DIR management in env in bin/hardening.sh
  Change src/skel to allow setting CIS_ROOT_DIR in env and not just sourcing /etc/default/cis-hardening. Making the whole lib more versatile.
2017-12-05 11:32:45 +01:00
Charles Herlin
02f0e30df1 Expand tabs to 4 spaces and trim trailing spaces 2017-11-17 15:13:27 +01:00
Charles Herlin
ae6fbf2d86 Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers 2017-11-10 14:48:51 +01:00
Charles Herlin
d2a8b2cb28 Remove unnecessary CIS_ROOT_DIR empty assignation 2017-10-25 17:44:56 +02:00
Charles Herlin
5b2404dab8 Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management 2017-10-25 14:50:39 +02:00
Charles Herlin
119d532a7f Changing CIS_ROOT_DIR management in env in bin/hardening.sh 2017-10-25 14:48:54 +02:00
Charles Herlin
161ffa56a7 Change src/skel to allow setting CIS_ROOT_DIR in env and not just sourcing /etc/default/cis-hardening. Making the whole lib more versatile. 2017-10-23 14:50:11 +02:00
Thibault Dewailly
3b7a2b8216 Merge pull request #12 from speed47/dev/enhancements
Hardening Classification
subs enhancements as well as bug fixes
2017-09-28 13:22:59 +02:00
Kevin Tanguy
40e57a5cb2 Merge pull request #27 in IAAS/cis-hardening from dev/thibault.dewailly/fixwildcards to master
* commit 'a4dc5bdaf5ec7f4d1c49533608b279d7101e23cd':
  No more wildcards in file list to be more resilient
2017-06-15 10:43:31 +02:00
thibault.dewailly
481485a0d7 No more wildcards in file list to be more resilient 2017-06-13 15:36:06 +02:00
Thibault Dewailly
fae0c5a64b Merge pull request #26 in IAAS/cis-hardening from dev/kevin.tanguy/packagebump to master
* commit '11ab51679bcb5cac893a190d1db22aebdc56ece0':
  Debian package revision bump 1.0-11
2017-06-08 09:41:43 +02:00
kevin.tanguy
72999b8b5d Debian package revision bump 1.0-11 2017-06-05 16:36:25 +02:00
Thibault Dewailly
2ef500298b Merge pull request #11 from speed47/dev/fix_does_pattern_exist_in_file
handle ENOENT properly in does_pattern_exist_in_file()
2017-05-19 18:30:21 +02:00
Thibault Dewailly
a1f970e737 Merge pull request #10 from speed47/dev/beautifyprint
set a fixed-size prefix for logger
2017-05-19 17:20:47 +02:00
Stéphane Lesimple
676b17c54f add hardening templating and several enhancements 2017-05-18 18:40:09 +02:00
Stéphane Lesimple
3e0187094a handle ENOENT properly in does_pattern_exist_in_file\(\) 2017-05-18 18:31:24 +02:00
Stéphane Lesimple
cca0310d64 set a fixed-size prefix for logger 2017-05-18 18:27:02 +02:00
Thibault Dewailly
233d1245fc Merge pull request #9 from Joorem/10.1.3-fix-option-name
[10.1.3] set the good value for $OPTIONS
2017-05-04 09:28:42 +02:00
Jérôme Le Gal
46dbe8a6bc [10.1.3] set the good value for $OPTIONS 2017-05-03 23:08:48 +02:00
Kevin Tanguy
a46490b2d8 Merge pull request #25 in IAAS/cis-hardening from dev/thibault.dewailly/fixShadowParsing to master
* commit '0f11b08ffb593285f745e3e249f3aaf83a6f5362':
  [Debian 8] Fixed comments for debian 8 compliance
  [10.2] Fixed result parsing in case of spaces in passwd list
2017-03-14 16:19:33 +01:00
thibault.dewailly
3e1df0cdf9 [Debian 8] Fixed comments for debian 8 compliance 2017-03-10 17:46:39 +01:00
thibault.dewailly
0c053eef56 [10.2] Fixed result parsing in case of spaces in passwd list 2017-03-10 17:26:55 +01:00
thibault.dewailly
eb7bf7fece Merge branch 'master' of github.com:ovh/debian-cis 2016-07-04 11:45:41 +02:00
Thibault Dewailly
e93b9f89f4 Merge pull request #7 from MatthieuDestrez/fixPermitEmptyPassword
fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh, was …
2016-07-04 11:44:40 +02:00
Matthieu Destrez
f5cb5ddf97 fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh, was PermitRootLogin instead of PermitEmptyPassword 2016-06-29 15:12:21 +02:00
Thibault Dewailly
45f529a392 Merge pull request #24 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
* commit '39950ab163b5e45d6271194a2e81a8dedb31aa3d':
  Debian package revision bump 1.0-10
2016-05-18 09:44:02 +02:00
Kevin Tanguy
4705846c60 Debian package revision bump 1.0-10 2016-05-18 09:06:14 +02:00
Thibault Dewailly
3209a4c302 Merge pull request #5 from jeremydenoun/fix-echo
Script output should be usefull with pipe or redirection
2016-05-17 13:28:37 +02:00
jeremydenoun
53626bd926 Remove test on _logger() function
the original line contain test that can hide echo if we launch script with pipe or IO redirection
2016-05-14 20:39:32 +02:00
Thibault Dewailly
7578c2bbfb Merge pull request #23 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
* commit '84a5d0e0d8270b68e2c534c38b0ef34f62754a31':
  Debian package revision bump 1.0-9
2016-05-03 13:24:15 +02:00
Kevin Tanguy
74711a2d37 Debian package revision bump 1.0-9 2016-05-03 12:34:12 +02:00
Kevin Tanguy
544c2a4aea Merge pull request #22 in IAAS/cis-hardening from dev/thibault.dewailly/fix to master
* commit '1bb8c5b387673e2c069a41ca4fc793b1d4c0869b':
  Fixed replace in file function with proper substitution
  tripwire : fixed typo on postinstall helper
  fix 99.1 Apply TMOUT Variable
2016-05-03 11:27:39 +02:00
thibault.dewailly
e902c9b4c8 Fixed replace in file function with proper substitution 2016-05-03 11:25:37 +02:00
thibault.dewailly
612e28b16f tripwire : fixed typo on postinstall helper 2016-05-02 11:11:07 +02:00
thibault.dewailly
4867538c22 fix 99.1 Apply TMOUT Variable 2016-05-02 10:45:32 +02:00
Thibault Dewailly
a986f3b340 Merge pull request #20 in IAAS/cis-hardening from dev/kevin.tanguy/rephrasingAllOver to master
* commit '8bbac84f7b0023cbcf9150cc18023ba5a219501c':
  debian dependencies fix, rephrasing, revision bump 1.0-8.
2016-04-26 14:57:54 +02:00
kevin.tanguy
1479332870 debian dependencies fix, rephrasing, revision bump 1.0-8. 2016-04-25 15:15:49 +02:00
Thibault Dewailly
2ebfee70ed Merge pull request #19 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
* commit '0927c1db92534eddcc4612829e61dbb1c8b82e17':
  Debian package revision bump 1.0-7
2016-04-25 09:21:10 +02:00
Kevin Tanguy
19543c2e68 Debian package revision bump 1.0-7 2016-04-25 09:19:46 +02:00
Thibault Dewailly
faedc43b73 Merge pull request #18 in IAAS/cis-hardening from dev/thibault.dewailly/fix6.15 to master
* commit 'c1a45d1df172e0f3c715759b3dd71873fd58559d':
  Fixed 6.15 netstat analysis
2016-04-25 08:41:43 +02:00
thibault.dewailly
6e366172f8 Fixed 6.15 netstat analysis 2016-04-22 16:59:52 +02:00
Thibault Dewailly
22fcd6ca74 Merge pull request #17 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
* commit 'f3e582c957c8b54a7f4d7b3dc192ab984feaa125':
  Debian package revision bump 1.0-6
2016-04-22 14:47:46 +02:00