elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-06-22 10:43:43 +02:00
Code Issues Packages Projects Releases Wiki Activity
475 Commits 6 Branches 39 Tags
8f855ac15931eb17fdb2e370e01d61cc42c49ab9
Commit Graph

296 Commits

Author SHA1 Message Date
Thibault Ayanides
6e0b47ab8f Rename files, fix permissions of tests 2020-12-21 11:21:32 +01:00
Thibault Ayanides
5c40d48f85 IMP: add utils to check perm in authorized perm 2020-12-21 10:39:44 +01:00
Thibault Ayanides
a2adf0f15c ADD(6.1.3, 6.1.6-9): add new checks 
Renamed some checks, add new checks that check permissions and ownership on /etc/passwd, /etc/shadow, ...
Add new function in utils that checks that check that the file ownership is one of the authrized ownership.

	renamed:    bin/hardening/6.1.5_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
	new file:   bin/hardening/6.1.3_etc_gshadow-_permissions.sh
	renamed:    bin/hardening/6.1.6_etc_shadow_permissions.sh -> bin/hardening/6.1.4_etc_shadow_permissions.sh
	renamed:    bin/hardening/6.1.7_etc_group_permissions.sh -> bin/hardening/6.1.5_etc_group_permissions.sh
	new file:   bin/hardening/6.1.6_etc_passwd-_permissions.sh
	new file:   bin/hardening/6.1.7_etc_shadow-_permissions.sh
	new file:   bin/hardening/6.1.8_etc_group-_permissions.sh
	new file:   bin/hardening/6.1.9_etc_gshadow_permissions.sh
	modified:   lib/utils.sh
	renamed:    tests/hardening/6.1.5_etc_passwd_permissions.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
	new file:   tests/hardening/6.1.3_etc_gshadow-_permissions.sh
	renamed:    tests/hardening/6.1.6_etc_shadow_permissions.sh -> tests/hardening/6.1.4_etc_shadow_permissions.sh
	renamed:    tests/hardening/6.1.7_etc_group_permissions.sh -> tests/hardening/6.1.5_etc_group_permissions.sh
	new file:   tests/hardening/6.1.6_etc_passwd-_permissions.sh
	new file:   tests/hardening/6.1.7_etc_shadow-_permissions.sh
	new file:   tests/hardening/6.1.8_etc_group-_permissions.sh
	new file:   tests/hardening/6.1.9_etc_gshadow_permissions.sh
 2020-12-21 10:02:52 +01:00
Thibault Ayanides
233f75023a FIX(4.1.17): fix typo leading to false positive 2021-01-04 08:15:39 +01:00
Thibault Ayanides
3560f67e3f Update changelog 2020-12-14 16:56:09 +01:00
Thibault Ayanides
f4ba90352b IMP(shellcheck): replace ls parsing by stat 2020-12-14 16:14:37 +01:00
Thibault Ayanides
cdaee7786a IMP(shellcheck) refactor new line (SC1004) 2020-12-14 16:09:14 +01:00
Thibault Ayanides
13a070319b IMP(6.2.13): fix race condition 2020-12-14 15:11:33 +01:00
Thibault Ayanides
65bdb42eb3 IMP(shellcheck): replace ls by find (SC2045) 2020-12-14 15:08:18 +01:00
Thibault Ayanides
0c16e500f5 IMP(shellcheck): replace ls in loop by glob (SC2045) 2020-12-14 14:45:38 +01:00
Thibault Ayanides
fad8e8c1f1 IMP(shellcheck): disable quoting warning for find 2020-12-14 14:28:27 +01:00
Thibault Ayanides
dee0ebc821 IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
Thibault Ayanides
b9e129d8fe IMP(shellcheck): disable sed replacement (SC2001) 
Shellcheck recommands to replace sed by shell expansions in 'simple' cases.
However, the replacement here is likely to lead to erros, so we disable this rule.
Moreover, it does'nt really add readability.
 2020-12-10 08:34:57 +01:00
Thibault Ayanides
36528b55e0 IMP(shellcheck): replace deprecated egrep (SC2196) 2020-12-10 08:20:26 +01:00
Thibault Ayanides
1c56bd9930 IMP(shellcheck): remove $() in if condition (SC2091) 2020-12-10 08:16:23 +01:00
Thibault Ayanides
b09b75a51e IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
Thibault Ayanides
6826f377e6 IMP(shellcheck): quote variables (SC2086) 2020-12-07 16:49:11 +01:00
Thibault Ayanides
e2f7426664 IMP(shellcheck): quoting variables 2020-12-07 15:53:14 +01:00
Thibault Ayanides
ac66cdacd0 IMP(shellcheck): fix quote placement in awk (SC1083) 2020-12-07 15:01:22 +01:00
Thibault Ayanides
8012234096 IMP(shellcheck): fix harmless warnings 2020-12-07 14:53:10 +01:00
Thibault Ayanides
63835dd10c IMP(shellcheck): add curly bracket to var (SC1087) 2020-12-07 13:54:57 +01:00
Thibault Ayanides
ef800954f4 IMP(shellcheck): refactor continue (SC2104) 2020-12-07 13:32:14 +01:00
Thibault Ayanides
addd48c4dd IMP(shellcheck): add prefix to follow scripts (SC1090) 2020-12-07 13:26:51 +01:00
Thibault Ayanides
72bb3e2b84 IMP(shellcheck): replace -a in condition by && (SC2166) 2020-12-04 15:29:19 +01:00
Thibault Ayanides
d371b8d057 IMP(shellcheck): replace ! -z by -n (SC2236) 2020-12-04 15:14:18 +01:00
Thibault Ayanides
eaf56ca25e IMP(shellcheck): quote variables (SC2086) 2020-12-04 15:04:22 +01:00
Thibault Ayanides
3a342b784a IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
Thibault Ayanides
dba1dae963 IMP(shellcheck): quoting harmless variables (SC2086) 2020-11-27 09:29:11 +01:00
Thibault Ayanides
c17d04ecc2 IMP(shellcheck): comply with shellcheck rules 
I added shellcheck prefixes to fix:
 * SC1091 (following sourced files)
 * SC2034 (unused variables)
 2020-11-27 09:18:00 +01:00
Thibault Ayanides
cccc0881e9 IMP(shellcheck): add run-shellcheck prefix 2020-11-23 17:10:37 +01:00
Thibault Ayanides
f4e0aafacc IMP(5.2.3): fix possible permissions for 5.2.3 2020-11-30 14:27:20 +01:00
Thibault Ayanides
d40a85085d FIX: fix issue, we had to run audit twice 
First one as root to create conf files with good owner and permissions, and then with secaudit.
Now first run with --create-config-files-only and the normally with --audit.
 2020-11-20 10:05:14 +01:00
Thibault Ayanides
467e5f178c fixup! IMP(4.5): rename to 1.6.1.2 improve test 2020-11-17 13:02:02 +01:00
Thibault Ayanides
d244a2e810 fixup! IMP(4.5): rename to 1.6.1.2 improve test 2020-11-17 12:56:10 +01:00
Thibault Ayanides
d640a467e2 fixup! IMP(4.1.x): add tests for each checks 2020-11-16 16:54:51 +01:00
Thibault Ayanides
7b8cca20d6 FIX(4.1.1.2): fix auditd apply 2020-11-09 11:48:48 +01:00
Thibault Ayanides
a6de243808 Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant 2020-11-09 09:00:34 +01:00
Thibault Ayanides
ffd5b28840 FIX: fix apt autoremove to be non interactive 
modified:   bin/hardening/2.2.10_disable_http_server.sh
	modified:   bin/hardening/2.2.11_disable_imap_pop.sh
	modified:   bin/hardening/2.2.12_disable_samba.sh
	modified:   bin/hardening/2.2.14_disable_snmp_server.sh
	modified:   bin/hardening/2.2.2_disable_xwindow_system.sh
	modified:   bin/hardening/2.2.3_disable_avahi_server.sh
	modified:   bin/hardening/2.2.4_disable_print_server.sh
	modified:   bin/hardening/2.2.5_disable_dhcp.sh
	modified:   bin/hardening/2.2.6_disable_ldap.sh
	modified:   bin/hardening/2.2.7_disable_nfs_rpc.sh
	modified:   bin/hardening/2.2.8_disable_dns_server.sh
	modified:   bin/hardening/2.2.9_disable_ftp.sh
	modified:   bin/hardening/2.3.1_disable_nis.sh
	modified:   bin/hardening/2.3.2_disable_rsh_client.sh
	modified:   bin/hardening/2.3.3_disable_talk_client.sh
	modified:   bin/hardening/2.3.4_telnet_client_not_installed.sh
	modified:   bin/hardening/2.3.5_ldap_client_not_installed.sh
 2020-11-06 14:51:26 +01:00
Thibault Ayanides
ce1e87b1a3 IMP(4.5): rename to 1.6.1.2 improve test 2020-11-06 11:09:22 +01:00
Thibault Ayanides
ee4b2417c2 IMP(4.1.x): add tests for each checks 2020-11-02 15:47:27 +01:00
Thibault Ayanides
17e43753b9 IMP(5.4.1.1-3): add tests and rename some variables 2020-10-30 09:39:42 +01:00
Thibault Ayanides
9aac4c3504 IMP(5.3.4): improve check 2020-10-29 16:47:34 +01:00
Thibault Ayanides
8af91dd6a8 IMP(5.3.1,5.3.2): add tests and upgrade PAM conf 2020-10-29 16:45:15 +01:00
Thibault Ayanides
feefee28e4 IMP(5.3.1): add test and config function for check 2020-10-29 15:35:56 +01:00
Thibault Ayanides
774af39a34 IMP(5.2.x): add tests and default_config 
I added tests from 5.2.4 to 5.2.19 and default_config files in the
checks. This checks concern sshd conf (ciphers, mac, rootlogin, ...)

	modifié :         bin/hardening/5.2.4_sshd_protocol.sh
	modifié :         bin/hardening/5.2.6_disable_x11_forwarding.sh
	modifié :         bin/hardening/5.2.7_sshd_maxauthtries.sh
	modifié :         bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	modifié :         bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	modifié :         bin/hardening/5.2.10_disable_root_login.sh
	modifié :         bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	modifié :         bin/hardening/5.2.12_disable_sshd_setenv.sh
	modifié :         bin/hardening/5.2.13_sshd_ciphers.sh
	modifié :         bin/hardening/5.2.16_sshd_idle_timeout.sh
	modifié :         bin/hardening/5.2.17_sshd_login_grace_time.sh
	modifié :         tests/hardening/5.2.4_sshd_protocol.sh
	modifié :         tests/hardening/5.2.5_sshd_loglevel.sh
	modifié :         tests/hardening/5.2.6_disable_x11_forwarding.sh
	modifié :         tests/hardening/5.2.7_sshd_maxauthtries.sh
	modifié :         tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	modifié :         tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	modifié :         tests/hardening/5.2.10_disable_root_login.sh
	modifié :         tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	modifié :         tests/hardening/5.2.12_disable_sshd_setenv.sh
	modifié :         tests/hardening/5.2.13_sshd_ciphers.sh
	modifié :         tests/hardening/5.2.16_sshd_idle_timeout.sh
	modifié :         tests/hardening/5.2.17_sshd_login_grace_time.sh
	modifié :         tests/hardening/5.2.18_sshd_limit_access.sh
	modifié :         tests/hardening/5.2.19_ssh_banner.sh
 2020-10-29 11:18:31 +01:00
Thibault Ayanides
fbd26ceefa Fix race condition on /etc/passwd, /etc/shadow and /etc/group 2020-11-16 14:09:12 +01:00
Thibault Ayanides
501ce8c651 IMP(5.2.3): 640 permission is now ok for the check 2020-11-16 14:08:42 +01:00
Thibault Ayanides
829ee8631f Revert to previous check (8.2.4 in old num) 2020-11-16 14:06:39 +01:00
Thibault
3c7a03445c FIX(3.1.1): fix unbound variable issue 2020-11-12 10:15:41 +01:00
Thibault Ayanides
03c8e25ff3 FIX(99.5.4): fix test (permission denied on authorized_keys) 2020-11-05 15:05:12 +01:00