debian-cis

mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 21:47:02 +01:00

Author	SHA1	Message	Date
Stéphane Lesimple	de295b3a77	Adapt all scripts to yescrypt (#216 ) * Revert "fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215)" This reverts commit `670c8c62f5`. We still want to verify the preexisting hashes in /etc/shadow, even if the PAM configuration is correct for new passwords (5.3.4). * Adapt 5.3.4, 99.5.4.5.1 and 99.5.4.5.2 to yescrypt	2023-11-21 17:43:31 +01:00
P-EB	32886d3a3d	Replace CIS_ROOT_DIR by a more flexible system (#204 ) * Replace CIS_ROOT_DIR by a more flexible system * Try to adapt the logic change to the functional tests	2023-09-25 14:24:01 +02:00
GoldenKiwi	04457e7df2	feat: official Debian 11 compatibility (#176 ) Introduce Debian 11 compatibility Based on CIS_Debian_Linux_11_Benchmark_v1.0.0 After review, here are the notable changes : - Harden /var/log more (noexec,nodev,nosuid) - Harden /var/log/audit more (noexec,nodev,nosuid) - Harden /home more (nosuid) - Disable cramfs - Fix 5.3.4_acc_pam_sha512.sh - Deprecate Debian 9 and remove useless docker images NB : more audit log rules have been introduced and will be inserted in the checks later Fix #158	2023-05-02 14:16:19 +02:00
Thibault Ayanides	3a342b784a	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
Thibault Ayanides	4add6ddc33	IMP(shellcheck): add prefix to define shell (SC2148)	2020-11-27 09:22:47 +01:00
Charles Herlin	80b97940fa	Renumbering custom 99.* scripts as newcomers to CIS benchmark renamed: bin/hardening/99.4_net_fw_default_policy_drop.sh -> bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh renamed: bin/hardening/99.3.3_acc_pam_sha512.sh -> bin/hardening/5.3.4_acc_pam_sha512.sh renamed: tests/hardening/99.4_net_fw_default_policy_drop.sh -> tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh renamed: tests/hardening/99.3.3_acc_pam_sha512.sh -> tests/hardening/5.3.4_acc_pam_sha512.sh	2019-10-18 17:26:31 +02:00

6 Commits