elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 21:47:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
145 Commits 4 Branches 39 Tags 2.2 MiB
b41df080cf
Commit Graph

42 Commits

Author SHA1 Message Date
Charles Herlin
b41df080cf Add sudo management in main and utils 
* perform readonly checks as a regular user
    * sudo -n is used for checks requiring root privileges
    * increase accountability by providing log of individual access to sensitive files
 2018-03-13 10:38:25 +01:00
Stéphane Lesimple
dfaf4c2093 add hardening templating and several enhancements 2017-06-13 18:30:29 +02:00
Thibault Dewailly
78569b5583 Merge pull request #11 from speed47/dev/fix_does_pattern_exist_in_file 
handle ENOENT properly in does_pattern_exist_in_file()
 2017-05-19 18:30:21 +02:00
Stéphane Lesimple
f94dff5f3f handle ENOENT properly in does_pattern_exist_in_file\(\) 2017-05-18 18:31:24 +02:00
Stéphane Lesimple
70811c258d set a fixed-size prefix for logger 2017-05-18 18:27:02 +02:00
jeremydenoun
c278e7b1ec Remove test on _logger() function 
the original line contain test that can hide echo if we launch script with pipe or IO redirection
 2016-05-14 20:39:32 +02:00
thibault.dewailly
1bb8c5b387 Fixed replace in file function with proper substitution 2016-05-03 11:25:37 +02:00
kevin.tanguy
8bbac84f7b debian dependencies fix, rephrasing, revision bump 1.0-8. 2016-04-26 14:02:17 +02:00
Frank Denis
ccd40f4369 Rephrase confusing messages 2016-04-21 18:32:36 +02:00
thibault.dewailly
c5b4aa220d Added exit code to CIS_ROOT_DIR test def, optimized sed and sort 2016-04-20 18:06:08 +02:00
Stéphane Lesimple
76811c8a7f add --audit-all option 2016-04-20 18:06:08 +02:00
thibault.dewailly
a7f418d8a2 Corrected script names, added License, Completed README and corrected bug with too long logger messages 2016-04-19 13:51:28 +02:00
thibault.dewailly
5e4e017653 log format correction, loglevel defaults to info 2016-04-18 14:03:20 +02:00
thibault.dewailly
091eec57ee All configuration defaults to disabled README updated 2016-04-18 13:25:09 +02:00
thibault.dewailly
756fce8c2e Fixed disabled features, headers and preparing main script 2016-04-17 23:19:41 +02:00
thibault.dewailly
ef14c475fe Added argument parsing and test checks 2016-04-17 23:10:47 +02:00
thibault.dewailly
b24a415dce 13.1_remove_empty_password_field.sh 13.2_remove_legacy_passwd_entries.sh 13.3_remove_legacy_shadow_entries.sh 13.4_remove_legacy_group_entries.sh 13.5_find_0_uid_non_root_account.sh 13.6_sanitize_root_path.sh 2016-04-16 17:25:48 +02:00
thibault.dewailly
da30fa0b48 10.5_lock_inactive_user_account.sh 11.1_warning_banners.sh 11.2_remove_os_info_warning_banners.sh 11.3_graphical_warning_banners.sh 2016-04-15 23:38:48 +02:00
thibault.dewailly
9451842e84 9.2.1_enable_cracklib.sh 9.2.2_enable_lockout_failed_password.sh 9.2.3_limit_password_reuse.sh 9.3.10_disable_sshd_setenv.sh 9.3.11_sshd_ciphers.sh 9.3.12_sshd_idle_timeout.sh 9.3.13_sshd_limit_access.sh 9.3.14_ssh_banner.sh 9.3.2_sshd_loglevel.sh 9.3.1_sshd_protocol.sh 9.3.3_sshd_conf_perm_ownership.sh 9.3.4_disable_x11_forwarding.sh 9.3.5_sshd_maxauthtries.sh 9.3.6_enable_sshd_ignorerhosts.sh 9.3.7_disable_sshd_hostbasedauthentication.sh 9.3.8_disable_root_login.sh 9.3.9_disable_sshd_permitemptypasswords.sh 2016-04-15 14:24:45 +02:00
thibault.dewailly
586d6823fa 8.2.5_syslog-ng_remote_host.sh 8.2.6_remote_syslog-ng_acl.sh 8.3.1_install_tripwire.sh 2016-04-14 22:47:34 +02:00
thibault.dewailly
45dcda4402 8.2.1_install_syslog-ng.sh 8.2.2_enable_syslog-ng.sh 8.2.3_configure_syslog-ng.sh 8.2.4_set_logfile_perm.sh 2016-04-14 17:55:14 +02:00
thibault.dewailly
75e072f304 8.1.4_record_date_time_edit.sh 8.1.5_record_user_group_edit.sh 2016-04-14 14:07:00 +02:00
thibault.dewailly
47d017908d 8.1.1.3_keep_all_audit_logs.sh 8.1.3_audit_bootloader.sh 2016-04-14 13:11:56 +02:00
thibault.dewailly
115de36b34 7.3.1_disable_ipv6_router_advertisement.sh 2016-04-13 17:41:10 +02:00
thibault.dewailly
3ac82210f0 7.1.1_disable_ip_forwarding.sh 7.1.2_disable_send_packet_redirects.sh 2016-04-13 14:54:35 +02:00
thibault.dewailly
8b8547dc7d 6.16_disable_rsync.sh 2016-04-13 14:12:57 +02:00
thibault.dewailly
a54abb2496 6.2_disable_avahi_server.sh 6.3_disable_print_server.sh 6.4_disable_dhcp.sh 6.5_configure_ntp.sh 6.6_diable_ldap.sh 6.7_disable_nfs_rpc.sh 6.8_disable_dns_server.sh 2016-04-12 11:21:36 +02:00
thibault.dewailly
3596fec2df 4.2_enable_nx_support.sh 4.3_enable_randomized_vm_placement.sh 4.4_disable_prelink.sh 4.5_enable_apparmor.sh 5.1.1_disable_nis.sh 2016-04-11 16:53:57 +02:00
thibault.dewailly
f3e537072a 4.1_restrict_core_dumps.sh 2016-04-11 14:55:42 +02:00
thibault.dewailly
7a3dc9ba87 3.2_bootloader_permissions.sh 3.3_bootloader_password.sh 2016-04-11 11:38:50 +02:00
thibault.dewailly
ce76538f64 3.1_bootloader_ownership.sh fix 2016-04-11 08:55:44 +02:00
thibault.dewailly
f1dcd7431a 3.1_bootloader_ownership.sh 2016-04-07 08:43:37 +02:00
thibault.dewailly
f3cb9bfb16 2.25_disable_automounting.sh 2016-04-07 07:46:44 +02:00
thibault.dewailly
8269600088 2.19_disable_freevxfs.sh 2.20_disable_jffs2.sh 2.21_disable_hfs.sh 2.22_disable_hfsplus.sh 2.23_disable_squashfs.sh 2.24_disable_udf.sh 2016-04-07 07:22:04 +02:00
thibault.dewailly
0861a1407d 2.18_disable_cramfs.sh 2016-04-07 06:56:14 +02:00
thibault.dewailly
0bf935bb17 2.2_tmp_nodev.sh 2016-04-04 16:14:53 +02:00
thibault.dewailly
01b03f7aeb 2.1 Tmp Partition 2016-04-04 13:40:33 +02:00
thibault.dewailly
544b9f0619 1.1 Install updates 2016-04-04 11:25:45 +02:00
thibault.dewailly
bffc14a8da skeleton 2016-04-04 08:01:37 +02:00
thibault.dewailly
d76cf94b18 hardening : building basic configuration 2016-04-01 14:36:42 +02:00
thibault.dewailly
9a5e962cd4 Added basic Configuration files and skeleton scripts 2016-04-01 09:32:17 +02:00
thibault.dewailly
754cf6fd1d Initial Commit Basic folders 2016-04-01 07:50:08 +02:00