debian-cis

mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 05:27:01 +01:00

Author	SHA1	Message	Date
dependabot[bot]	a35ecab377	Bump dev-drprasad/delete-tag-and-release from 0.2.0 to 0.2.1 (#170 ) Bumps [dev-drprasad/delete-tag-and-release](https://github.com/dev-drprasad/delete-tag-and-release) from 0.2.0 to 0.2.1. - [Release notes](https://github.com/dev-drprasad/delete-tag-and-release/releases) - [Commits](https://github.com/dev-drprasad/delete-tag-and-release/compare/v0.2.0...v0.2.1) --- updated-dependencies: - dependency-name: dev-drprasad/delete-tag-and-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-03-23 10:47:09 +01:00
Stéphane Lesimple	dc952b90df	fix: timeout of 99.1.3 (#168 ) The 99.1.3_acc_sudoers_no_all.sh script can sometimes timeout on servers where /etc/sudoers.d/ has thousands of files. This patch makes it run roughly 5x faster, as tested on a server with 1500 files in sudoers.d/. Closes #167. Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com> Signed-off-by: Stephane Lesimple <stephane.lesimple@corp.ovh.com>	2022-12-22 09:47:35 +01:00
Tarik Megzari	82a217032d	fix(6.2.9): Start from UID 1000 for home ownership check (#164 ) Rename 6.2.3 and 6.2.9 checks to be more accurate Remove home existence check from 6.2.9 as it's handled by 6.2.3 Update tests accordingly Fixes #163 Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2022-09-30 10:28:48 +02:00
ymartin-ovh	e478a89bad	bump to 3.7-1 (#160 )	2022-07-04 15:37:08 +02:00
ymartin-ovh	371c23cd52	feat: add FIND_IGNORE_NOSUCHFILE_ERR flag (#159 ) This flag can be used to prevent find-related checks to fail because one part of filesystem disappear (ie. ephemeral directories or files)	2022-07-04 14:29:25 +02:00
Tarik Megzari	ea8334d516	bump to 3.6-1 (#157 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2022-06-27 12:13:01 +02:00
dependabot[bot]	987bb9c975	Bump luizm/action-sh-checker from 0.3.0 to 0.4.0 (#154 ) Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker) from 0.3.0 to 0.4.0. - [Release notes](https://github.com/luizm/action-sh-checker/releases) - [Commits](https://github.com/luizm/action-sh-checker/compare/v0.3.0...v0.4.0) --- updated-dependencies: - dependency-name: luizm/action-sh-checker dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-06-26 16:58:46 +02:00
dependabot[bot]	3031bb55d1	Bump actions-ecosystem/action-get-latest-tag from 1.5.0 to 1.6.0 (#153 ) Bumps [actions-ecosystem/action-get-latest-tag](https://github.com/actions-ecosystem/action-get-latest-tag) from 1.5.0 to 1.6.0. - [Release notes](https://github.com/actions-ecosystem/action-get-latest-tag/releases) - [Commits](https://github.com/actions-ecosystem/action-get-latest-tag/compare/v1.5.0...v1.6.0) --- updated-dependencies: - dependency-name: actions-ecosystem/action-get-latest-tag dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2022-06-24 17:55:26 +02:00
ymartin-ovh	66ccc6316a	feat: Filter the filesystem to check when the list is built. (#156 ) * feat: Attempt to filter-out filesystem that match exclusion regex.	2022-06-24 17:45:47 +02:00
Tarik Megzari	7a3145d7f1	bump to 3.5-1 (#152 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2022-03-23 18:40:25 +01:00
GoldenKiwi	5c072668d5	fix: add 10s wait timeout on iptables command (#151 ) When the tested server has its iptables heavily manipulated (e.g Kubernetes) The lock aquirement can sometimes fail, hence generating false positives The command will retry 10 times with a 1 second interval	2022-03-23 16:56:38 +01:00
GoldenKiwi	d1bd1eb2e7	bump to 3.4-1 (#150 )	2022-03-18 16:49:25 +01:00
GoldenKiwi	ad5c71c3ce	fix: allow passwd-, group- and shadow- debian default permissions (#149 )	2022-03-18 16:41:49 +01:00
dependabot[bot]	33964c0a3d	Bump EndBug/add-and-commit from 8.0.2 to 9 (#148 ) Bumps [EndBug/add-and-commit](https://github.com/EndBug/add-and-commit) from 8.0.2 to 9. - [Release notes](https://github.com/EndBug/add-and-commit/releases) - [Changelog](https://github.com/EndBug/add-and-commit/blob/main/CHANGELOG.md) - [Commits](https://github.com/EndBug/add-and-commit/compare/v8.0.2...v9) --- updated-dependencies: - dependency-name: EndBug/add-and-commit dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-14 15:36:48 +01:00
Tarik Megzari	8320d0eecc	CI: Fix release action (#147 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2022-03-03 12:02:12 +01:00
Tarik Megzari	a0d33ab158	Update changelog for release 3.3-1 (#146 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Co-authored-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2022-03-03 10:26:42 +01:00
Jan Schmidle	a6a22084e1	missing shadowtools backup files is ok (#132 ) * missing shadowtools backup files is ok * update corresponding test cases	2022-03-02 18:05:37 +01:00
Tarik Megzari	b962155a3c	fix: Avoid find failures on too many files (#144 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Co-authored-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2022-03-02 17:49:28 +01:00
dependabot[bot]	20bf51f65b	Bump actions/checkout from 2 to 3 (#145 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-02 00:14:50 +01:00
dependabot[bot]	adfe28470a	Bump metcalfc/changelog-generator from 1.0.0 to 3.0.0 (#133 ) Bumps [metcalfc/changelog-generator](https://github.com/metcalfc/changelog-generator) from 1.0.0 to 3.0.0. - [Release notes](https://github.com/metcalfc/changelog-generator/releases) - [Changelog](https://github.com/metcalfc/changelog-generator/blob/main/release-notes.png) - [Commits](https://github.com/metcalfc/changelog-generator/compare/v1.0.0...v3.0.0) --- updated-dependencies: - dependency-name: metcalfc/changelog-generator dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-01 23:48:57 +01:00
dependabot[bot]	c94ee10afe	Bump EndBug/add-and-commit from 7 to 8.0.2 (#142 ) Bumps [EndBug/add-and-commit](https://github.com/EndBug/add-and-commit) from 7 to 8.0.2. - [Release notes](https://github.com/EndBug/add-and-commit/releases) - [Changelog](https://github.com/EndBug/add-and-commit/blob/main/CHANGELOG.md) - [Commits](https://github.com/EndBug/add-and-commit/compare/v7...v8.0.2) --- updated-dependencies: - dependency-name: EndBug/add-and-commit dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-01 20:39:39 +01:00
dependabot[bot]	453a72b8c8	Bump actions-ecosystem/action-get-latest-tag from 1.4.1 to 1.5.0 (#143 ) Bumps [actions-ecosystem/action-get-latest-tag](https://github.com/actions-ecosystem/action-get-latest-tag) from 1.4.1 to 1.5.0. - [Release notes](https://github.com/actions-ecosystem/action-get-latest-tag/releases) - [Commits](https://github.com/actions-ecosystem/action-get-latest-tag/compare/v1.4.1...v1.5.0) --- updated-dependencies: - dependency-name: actions-ecosystem/action-get-latest-tag dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-03-01 20:28:33 +01:00
Tarik Megzari	bb03764918	fix: Catch unexpected failures (#140 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Co-authored-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2022-01-31 15:38:38 +01:00
Tarik Megzari	17d272420a	feat: Dissociate iptables pkg name from command (#137 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Co-authored-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2021-12-27 15:40:55 +01:00
Tarik Megzari	f1c1517bd2	Update changelog for release 3.2-2 (#135 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Co-authored-by: Tarik Megzari <tarik.megzari@corp.ovh.com>	2021-12-13 16:06:57 +01:00
tdenof	1341622335	Fix empty fstab test (#134 ) Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Co-authored-by: Thibault Dewailly <thibault.dewailly@corp.ovh.com>	2021-12-08 08:42:22 +01:00
thibault.dewailly	c8fcfed248	Update changelog for release 3.2-1	2021-12-01 11:04:56 +00:00
Sebastien BLAISOT	97914976c8	Skip NTP and Chrony config check if they are not installed (#120 ) Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-12-01 10:49:08 +01:00
Sebastien BLAISOT	66c8ccf495	Fix 3.4.2 audit rule (#123 ) Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-12-01 10:23:11 +01:00
Sebastien BLAISOT	b53bf1795c	Fix grub detection (#119 ) Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-12-01 08:58:32 +01:00
Sebastien BLAISOT	1a874b2b35	Allow grub.cfg permission to be 600 (#121 ) Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-11-30 18:47:19 +01:00
Sebastien BLAISOT	7266ec7cb4	Honor --set-log-level parameter (#127 ) Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-11-30 18:42:33 +01:00
Jan Schmidle	8f855ac159	fix: kernel module detection (#129 ) * fix: add filter to hfs * fix is_kernel_option_enabled check as the module in question could have dependencies which have been blacklisted as well we need to make sure that the comparison only checks for the module in question - the last line in the output. Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-10-20 14:51:29 +02:00
Sebastien BLAISOT	ad192c9457	Add silent mode and json summary (#128 ) Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>	2021-10-20 13:22:59 +02:00
Sebastien BLAISOT	3d2d97a727	FIX(1.7.1.4): don't abort script in case of unconfined processes (#130 )	2021-10-20 13:14:36 +02:00
Sebastien BLAISOT	6e2fb1570c	FIX(2.2.1.4): Validate debian default ntp config (#118 )	2021-10-15 16:19:51 +02:00
dependabot[bot]	faf5b155e5	Bump metcalfc/changelog-generator from v0.4.4 to v1.0.0 (#81 ) Bumps [metcalfc/changelog-generator](https://github.com/metcalfc/changelog-generator) from v0.4.4 to v1.0.0. - [Release notes](https://github.com/metcalfc/changelog-generator/releases) - [Changelog](https://github.com/metcalfc/changelog-generator/blob/main/release-notes.png) - [Commits](https://github.com/metcalfc/changelog-generator/compare/v0.4.4...e5306b306fa2e34f05258789e0e5c526c1bd4352) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thibault Ayanides <thibault.ayanides@ovhcloud.com>	2021-08-10 13:57:13 +02:00
dependabot[bot]	43887d4165	Bump luizm/action-sh-checker from 0.1.13 to 0.3.0 (#111 ) Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker) from 0.1.13 to 0.3.0. - [Release notes](https://github.com/luizm/action-sh-checker/releases) - [Commits](https://github.com/luizm/action-sh-checker/compare/v0.1.13...v0.3.0) --- updated-dependencies: - dependency-name: luizm/action-sh-checker dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2021-08-10 13:47:31 +02:00
dependabot[bot]	499ebf2f9b	Bump dev-drprasad/delete-tag-and-release from v0.1.3 to v0.2.0 (#72 ) Bumps [dev-drprasad/delete-tag-and-release](https://github.com/dev-drprasad/delete-tag-and-release) from v0.1.3 to v0.2.0. - [Release notes](https://github.com/dev-drprasad/delete-tag-and-release/releases) - [Commits](https://github.com/dev-drprasad/delete-tag-and-release/compare/v0.1.3...085c6969f18bad0de1b9f3fe6692a3cd01f64fe5) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thibault Ayanides <thibault.ayanides@ovhcloud.com>	2021-08-10 10:39:53 +02:00
Thibault Ayanides	afed5a9dce	99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112 )	2021-08-10 10:30:35 +02:00
dependabot[bot]	01c3d1b98c	Bump luizm/action-sh-checker from v0.1.12 to v0.1.13 (#73 ) Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker) from v0.1.12 to v0.1.13. - [Release notes](https://github.com/luizm/action-sh-checker/releases) - [Commits](https://github.com/luizm/action-sh-checker/compare/v0.1.12...164368daf52a9126460854f9c0de00abc079a350) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thibault Ayanides <thibault.ayanides@ovhcloud.com>	2021-08-10 09:43:59 +02:00
dependabot[bot]	25e899168f	Bump actions-ecosystem/action-get-latest-tag from 1 to 1.4.1 (#101 ) Bumps [actions-ecosystem/action-get-latest-tag](https://github.com/actions-ecosystem/action-get-latest-tag) from 1 to 1.4.1. - [Release notes](https://github.com/actions-ecosystem/action-get-latest-tag/releases) - [Commits](https://github.com/actions-ecosystem/action-get-latest-tag/compare/v1...v1.4.1) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Thibault Ayanides <thibault.ayanides@ovhcloud.com>	2021-08-10 09:36:28 +02:00
Thibault Ayanides	9a2e3a0e0d	Fix 5.4.5 pattern search (#108 ) fix #107	2021-08-09 10:49:56 +02:00
Thibault Ayanides	334d743125	fix EXCEPTIONS management (#104 ) * FIX(1.1.21, 6.1.10) fix EXCEPTIONS management * Update changelog * Refactor test for 6.1.10-14	2021-06-02 13:47:19 +02:00
Thibault Ayanides	4ed8adf790	Update changelog (#103 )	2021-05-28 15:06:48 +02:00
Thibault Ayanides	f4328deeb2	Fix unbound variable (#102 )	2021-05-28 15:00:58 +02:00
Thibault Ayanides	29505255ff	Update changelog (#99 )	2021-05-07 09:16:15 +02:00
Thibault Ayanides	9e6c9a0d8a	Accept lower values (#95 ) * IMP(5.2.23): accept lower value as valid * IMP(5.2.7): accept lower value as valid	2021-04-27 16:04:13 +02:00
Thibault Ayanides	1cade2e375	FIX(2.2.1.2): custom func not working for systemd (#90 ) fix #87	2021-04-27 13:49:05 +02:00
Thibault Ayanides	fc8a2b2561	FIX: add commands to sudoers (#91 )	2021-04-27 13:31:59 +02:00

1 2 3 4 5 ...

507 Commits