Commit Graph

59 Commits

Author SHA1 Message Date
Thibault Ayanides
bb9f60a939 IMP(12.7): test is automatically skipped on docker 2020-10-26 08:51:50 +01:00
Charles Herlin
c0e9b96ffc FIX: change name to fit check content (cracklib -> pwquality)
renamed:    bin/hardening/5.3.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_pwquality.sh
	renamed:    tests/hardening/5.3.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_pwquality.sh
2019-10-30 15:40:15 +01:00
Charles Herlin
d91fdbf84b Add missing tests CUPS, telnet and LDAP
new file:   bin/hardening/2.2.4_disable_print_server.sh
	new file:   bin/hardening/2.3.4_telnet_client_not_installed.sh
	new file:   bin/hardening/2.3.5_ldap_client_not_installed.sh
	new file:   tests/hardening/2.2.4_disable_print_server.sh
	new file:   tests/hardening/2.3.4_telnet_client_not_installed.sh
	new file:   tests/hardening/2.3.5_ldap_client_not_installed.sh
2019-10-21 14:45:25 +02:00
Charles Herlin
2b60594a06 Renum 2.6.x to 1.1.x for /var/tmp
renamed:    bin/hardening/2.6.4_var_tmp_noexec.sh -> bin/hardening/1.1.10_var_tmp_noexec.sh
	renamed:    bin/hardening/2.6.1_var_tmp_partition.sh -> bin/hardening/1.1.7_var_tmp_partition.sh
	renamed:    bin/hardening/2.6.2_var_tmp_nodev.sh -> bin/hardening/1.1.8_var_tmp_nodev.sh
	renamed:    bin/hardening/2.6.3_var_tmp_nosuid.sh -> bin/hardening/1.1.9_var_tmp_nosuid.sh
	renamed:    tests/hardening/2.6.4_var_tmp_noexec.sh -> tests/hardening/1.1.10_var_tmp_noexec.sh
	renamed:    tests/hardening/2.6.3_var_tmp_nosuid.sh -> tests/hardening/1.1.7_var_tmp_partition.sh
	renamed:    tests/hardening/2.6.2_var_tmp_nodev.sh -> tests/hardening/1.1.8_var_tmp_nodev.sh
	renamed:    tests/hardening/2.6.1_var_tmp_partition.sh -> tests/hardening/1.1.9_var_tmp_nosuid.sh
2019-10-21 12:21:22 +02:00
Charles Herlin
d6dae89966 Renum logrotate config 8.4 to 4.3
renamed:    8.4_configure_logrotate.sh -> 4.3_configure_logrotate.sh
	renamed:    ../../tests/hardening/8.4_configure_logrotate.sh -> ../../tests/hardening/4.3_configure_logrotate.sh
2019-10-18 17:32:41 +02:00
Charles Herlin
80b97940fa Renumbering custom 99.* scripts as newcomers to CIS benchmark
renamed:    bin/hardening/99.4_net_fw_default_policy_drop.sh -> bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh
	renamed:    bin/hardening/99.3.3_acc_pam_sha512.sh -> bin/hardening/5.3.4_acc_pam_sha512.sh
	renamed:    tests/hardening/99.4_net_fw_default_policy_drop.sh -> tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh
	renamed:    tests/hardening/99.3.3_acc_pam_sha512.sh -> tests/hardening/5.3.4_acc_pam_sha512.sh
2019-10-18 17:26:31 +02:00
Charles Herlin
609444a47f Renum User and Groups settings 13.x to 6.2.x
renamed:    bin/hardening/13.8_check_user_dot_file_perm.sh -> bin/hardening/6.2.10_check_user_dot_file_perm.sh
	renamed:    bin/hardening/13.19_find_user_forward_files.sh -> bin/hardening/6.2.11_find_user_forward_files.sh
	renamed:    bin/hardening/13.18_find_user_netrc_files.sh -> bin/hardening/6.2.12_find_user_netrc_files.sh
	renamed:    bin/hardening/13.9_set_perm_on_user_netrc.sh -> bin/hardening/6.2.13_set_perm_on_user_netrc.sh
	renamed:    bin/hardening/13.10_find_user_rhosts_files.sh -> bin/hardening/6.2.14_find_user_rhosts_files.sh
	renamed:    bin/hardening/13.11_find_passwd_group_inconsistencies.sh -> bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh
	renamed:    bin/hardening/13.14_check_duplicate_uid.sh -> bin/hardening/6.2.16_check_duplicate_uid.sh
	renamed:    bin/hardening/13.15_check_duplicate_gid.sh -> bin/hardening/6.2.17_check_duplicate_gid.sh
	renamed:    bin/hardening/13.16_check_duplicate_username.sh -> bin/hardening/6.2.18_check_duplicate_username.sh
	renamed:    bin/hardening/13.17_check_duplicate_groupname.sh -> bin/hardening/6.2.19_check_duplicate_groupname.sh
	renamed:    bin/hardening/13.1_remove_empty_password_field.sh -> bin/hardening/6.2.1_remove_empty_password_field.sh
	renamed:    bin/hardening/13.20_shadow_group_empty.sh -> bin/hardening/6.2.20_shadow_group_empty.sh
	renamed:    bin/hardening/13.2_remove_legacy_passwd_entries.sh -> bin/hardening/6.2.2_remove_legacy_passwd_entries.sh
	renamed:    bin/hardening/13.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.3_remove_legacy_shadow_entries.sh
	renamed:    bin/hardening/13.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.4_remove_legacy_group_entries.sh
	renamed:    bin/hardening/13.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.5_find_0_uid_non_root_account.sh
	renamed:    bin/hardening/13.6_sanitize_root_path.sh -> bin/hardening/6.2.6_sanitize_root_path.sh
	renamed:    bin/hardening/13.7_check_user_dir_perm.sh -> bin/hardening/6.2.8_check_user_dir_perm.sh
	renamed:    bin/hardening/13.12_users_valid_homedir.sh -> bin/hardening/6.2.9_users_valid_homedir.sh
	renamed:    tests/hardening/13.9_set_perm_on_user_netrc.sh -> tests/hardening/6.2.10_check_user_dot_file_perm.sh
	renamed:    tests/hardening/13.8_check_user_dot_file_perm.sh -> tests/hardening/6.2.11_find_user_forward_files.sh
	renamed:    tests/hardening/13.7_check_user_dir_perm.sh -> tests/hardening/6.2.12_find_user_netrc_files.sh
	renamed:    tests/hardening/13.6_sanitize_root_path.sh -> tests/hardening/6.2.13_set_perm_on_user_netrc.sh
	renamed:    tests/hardening/13.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh
	renamed:    tests/hardening/13.14_check_duplicate_uid.sh -> tests/hardening/6.2.16_check_duplicate_uid.sh
	renamed:    tests/hardening/13.15_check_duplicate_gid.sh -> tests/hardening/6.2.17_check_duplicate_gid.sh
	renamed:    tests/hardening/13.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.18_check_duplicate_username.sh
	renamed:    tests/hardening/13.2_remove_legacy_passwd_entries.sh -> tests/hardening/6.2.19_check_duplicate_groupname.sh
	renamed:    tests/hardening/13.20_shadow_group_empty.sh -> tests/hardening/6.2.1_remove_empty_password_field.sh
	renamed:    tests/hardening/13.1_remove_empty_password_field.sh -> tests/hardening/6.2.20_shadow_group_empty.sh
	renamed:    tests/hardening/13.19_find_user_forward_files.sh -> tests/hardening/6.2.2_remove_legacy_passwd_entries.sh
	renamed:    tests/hardening/13.18_find_user_netrc_files.sh -> tests/hardening/6.2.3_remove_legacy_shadow_entries.sh
	renamed:    tests/hardening/13.17_check_duplicate_groupname.sh -> tests/hardening/6.2.4_remove_legacy_group_entries.sh
	renamed:    tests/hardening/13.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.5_find_0_uid_non_root_account.sh
	renamed:    tests/hardening/13.16_check_duplicate_username.sh -> tests/hardening/6.2.6_sanitize_root_path.sh
	renamed:    tests/hardening/13.12_users_valid_homedir.sh -> tests/hardening/6.2.8_check_user_dir_perm.sh
	renamed:    tests/hardening/13.11_find_passwd_group_inconsistencies.sh -> tests/hardening/6.2.9_users_valid_homedir.sh
2019-09-12 17:43:12 +02:00
Charles Herlin
440aeaf45f Renum 12.x checks to 6.1.x Verify_System_File_Permissions
modified:   bin/hardening/12.4_etc_passwd_ownership.sh
	modified:   bin/hardening/12.5_etc_shadow_ownership.sh
	modified:   bin/hardening/12.6_etc_group_ownership.sh
	renamed:    bin/hardening/12.7_find_world_writable_file.sh -> bin/hardening/6.1.10_find_world_writable_file.sh
	renamed:    bin/hardening/12.8_find_unowned_files.sh -> bin/hardening/6.1.11_find_unowned_files.sh
	renamed:    bin/hardening/12.9_find_ungrouped_files.sh -> bin/hardening/6.1.12_find_ungrouped_files.sh
	renamed:    bin/hardening/12.10_find_suid_files.sh -> bin/hardening/6.1.13_find_suid_files.sh
	renamed:    bin/hardening/12.11_find_sgid_files.sh -> bin/hardening/6.1.14_find_sgid_files.sh
	renamed:    bin/hardening/12.1_etc_passwd_permissions.sh -> bin/hardening/6.1.2_etc_passwd_permissions.sh
	renamed:    bin/hardening/12.2_etc_shadow_permissions.sh -> bin/hardening/6.1.3_etc_shadow_permissions.sh
	renamed:    bin/hardening/12.3_etc_group_permissions.sh -> bin/hardening/6.1.4_etc_group_permissions.sh
	deleted:    tests/hardening/12.1_etc_passwd_permissions.sh
	deleted:    tests/hardening/12.2_etc_shadow_permissions.sh
	deleted:    tests/hardening/12.3_etc_group_permissions.sh
	renamed:    tests/hardening/12.7_find_world_writable_file.sh -> tests/hardening/6.1.10_find_world_writable_file.sh
	renamed:    tests/hardening/12.8_find_unowned_files.sh -> tests/hardening/6.1.11_find_unowned_files.sh
	renamed:    tests/hardening/12.9_find_ungrouped_files.sh -> tests/hardening/6.1.12_find_ungrouped_files.sh
	renamed:    tests/hardening/12.10_find_suid_files.sh -> tests/hardening/6.1.13_find_suid_files.sh
	renamed:    tests/hardening/12.11_find_sgid_files.sh -> tests/hardening/6.1.14_find_sgid_files.sh
	renamed:    tests/hardening/12.6_etc_group_ownership.sh -> tests/hardening/6.1.2_etc_passwd_permissions.sh
	renamed:    tests/hardening/12.5_etc_shadow_ownership.sh -> tests/hardening/6.1.3_etc_shadow_permissions.sh
	renamed:    tests/hardening/12.4_etc_passwd_ownership.sh -> tests/hardening/6.1.4_etc_group_permissions.sh
2019-09-12 16:44:45 +02:00
Charles Herlin
a085785321 Renum warning banners checks 11.x to 1.7.x
new file:   bin/hardening/1.7.1.1_remove_os_info_motd.sh
	renamed:    bin/hardening/11.2_remove_os_info_warning_banners.sh -> bin/hardening/1.7.1.2_remove_os_info_issue.sh
	new file:   bin/hardening/1.7.1.3_remove_os_info_issue_net.sh
	new file:   bin/hardening/1.7.1.4_motd_perms.sh
	new file:   bin/hardening/1.7.1.5_etc_issue_perms.sh
	new file:   bin/hardening/1.7.1.6_etc_issue_net_perms.sh
	renamed:    bin/hardening/11.3_graphical_warning_banners.sh -> bin/hardening/1.7.2_graphical_warning_banners.sh
	deleted:    bin/hardening/11.1_warning_banners.sh
	renamed:    tests/hardening/11.3_graphical_warning_banners.sh -> tests/hardening/1.7.1.1_remove_os_info_motd.sh
	renamed:    tests/hardening/11.2_remove_os_info_warning_banners.sh -> tests/hardening/1.7.1.2_remove_os_info_issue.sh
	renamed:    tests/hardening/11.1_warning_banners.sh -> tests/hardening/1.7.1.3_remove_os_info_issue_net.sh
	new file:   tests/hardening/1.7.1.4_warning_banners.sh
	new file:   tests/hardening/1.7.2_graphical_warning_banners.sh
2019-09-12 15:42:22 +02:00
Charles Herlin
fbb73d1953 Renum 10.x to 5.4.x
renamed:    bin/hardening/10.5_lock_inactive_user_account.sh -> bin/hardening/5.4.1.4_lock_inactive_user_account.sh
	renamed:    bin/hardening/10.2_disable_system_accounts.sh -> bin/hardening/5.4.2_disable_system_accounts.sh
	renamed:    bin/hardening/10.3_default_root_group.sh -> bin/hardening/5.4.3_default_root_group.sh
	renamed:    bin/hardening/10.4_default_umask.sh -> bin/hardening/5.4.4_default_umask.sh
	renamed:    tests/hardening/10.5_lock_inactive_user_account.sh -> tests/hardening/5.4.1.4_lock_inactive_user_account.sh
	renamed:    tests/hardening/10.2_disable_system_accounts.sh -> tests/hardening/5.4.2_disable_system_accounts.sh
	renamed:    tests/hardening/10.4_default_umask.sh -> tests/hardening/5.4.3_default_root_group.sh
	renamed:    tests/hardening/10.3_default_root_group.sh -> tests/hardening/5.4.4_default_umask.sh
2019-09-12 10:55:43 +02:00
Charles Herlin
47a9ffdc9c Renum login.defs 10.1.x to 5.4.1.x
renamed:    bin/hardening/10.1.1_set_password_exp_days.sh -> bin/hardening/5.4.1.1_set_password_exp_days.sh
	renamed:    bin/hardening/10.1.2_set_password_min_days_change.sh -> bin/hardening/5.4.1.2_set_password_min_days_change.sh
	renamed:    bin/hardening/10.1.3_set_password_exp_warning_days.sh -> bin/hardening/5.4.1.3_set_password_exp_warning_days.sh
	renamed:    tests/hardening/10.1.3_set_password_exp_warning_days.sh -> tests/hardening/5.4.1.1_set_password_exp_days.sh
	renamed:    tests/hardening/10.1.2_set_password_min_days_change.sh -> tests/hardening/5.4.1.2_set_password_min_days_change.sh
	renamed:    tests/hardening/10.1.1_set_password_exp_days.sh -> tests/hardening/5.4.1.3_set_password_exp_warning_days.sh
2019-09-12 10:43:48 +02:00
Charles Herlin
8a4a28a35b Renum 9.x tty and su checks
renamed:    bin/hardening/9.4_secure_tty.sh -> bin/hardening/5.5_secure_tty.sh
	renamed:    bin/hardening/9.5_restrict_su.sh -> bin/hardening/5.6_restrict_su.sh
	renamed:    tests/hardening/9.5_restrict_su.sh -> tests/hardening/5.5_secure_tty.sh
	renamed:    tests/hardening/9.4_secure_tty.sh -> tests/hardening/5.6_restrict_su.sh
2019-09-11 17:16:54 +02:00
Charles Herlin
9e61ca8367 Renum ssh config check 9.3.x to 5.2.x
Also renum 99.x checks that were included in CIS recommendations

	renamed:    bin/hardening/9.3.8_disable_root_login.sh -> bin/hardening/5.2.10_disable_root_login.sh
	renamed:    bin/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	renamed:    bin/hardening/9.3.10_disable_sshd_setenv.sh -> bin/hardening/5.2.12_disable_sshd_setenv.sh
	renamed:    bin/hardening/9.3.11_sshd_ciphers.sh -> bin/hardening/5.2.13_sshd_ciphers.sh
	renamed:    bin/hardening/99.5.2.2_ssh_cry_mac.sh -> bin/hardening/5.2.14_ssh_cry_mac.sh
	renamed:    bin/hardening/99.5.2.1_ssh_cry_kex.sh -> bin/hardening/5.2.15_ssh_cry_kex.sh
	renamed:    bin/hardening/9.3.12_sshd_idle_timeout.sh -> bin/hardening/5.2.16_sshd_idle_timeout.sh
	renamed:    bin/hardening/9.3.13_sshd_limit_access.sh -> bin/hardening/5.2.18_sshd_limit_access.sh
	renamed:    bin/hardening/9.3.14_ssh_banner.sh -> bin/hardening/5.2.19_ssh_banner.sh
	renamed:    bin/hardening/9.3.3_sshd_conf_perm_ownership.sh -> bin/hardening/5.2.1_sshd_conf_perm_ownership.sh
	renamed:    bin/hardening/9.3.1_sshd_protocol.sh -> bin/hardening/5.2.4_sshd_protocol.sh
	renamed:    bin/hardening/9.3.2_sshd_loglevel.sh -> bin/hardening/5.2.5_sshd_loglevel.sh
	renamed:    bin/hardening/9.3.4_disable_x11_forwarding.sh -> bin/hardening/5.2.6_disable_x11_forwarding.sh
	renamed:    bin/hardening/9.3.5_sshd_maxauthtries.sh -> bin/hardening/5.2.7_sshd_maxauthtries.sh
	renamed:    bin/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	renamed:    bin/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	renamed:    tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh -> tests/hardening/5.2.10_disable_root_login.sh
	renamed:    tests/hardening/9.3.8_disable_root_login.sh -> tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	renamed:    tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh -> tests/hardening/5.2.12_disable_sshd_setenv.sh
	renamed:    tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh -> tests/hardening/5.2.13_sshd_ciphers.sh
	renamed:    tests/hardening/99.5.2.2_ssh_cry_mac.sh -> tests/hardening/5.2.14_ssh_cry_mac.sh
	renamed:    tests/hardening/99.5.2.1_ssh_cry_kex.sh -> tests/hardening/5.2.15_ssh_cry_kex.sh
	renamed:    tests/hardening/9.3.5_sshd_maxauthtries.sh -> tests/hardening/5.2.16_sshd_idle_timeout.sh
	renamed:    tests/hardening/9.3.4_disable_x11_forwarding.sh -> tests/hardening/5.2.18_sshd_limit_access.sh
	renamed:    tests/hardening/9.3.3_sshd_conf_perm_ownership.sh -> tests/hardening/5.2.19_ssh_banner.sh
	renamed:    tests/hardening/9.3.1_sshd_protocol.sh -> tests/hardening/5.2.1_sshd_conf_perm_ownership.sh
	renamed:    tests/hardening/9.3.14_ssh_banner.sh -> tests/hardening/5.2.4_sshd_protocol.sh
	renamed:    tests/hardening/9.3.2_sshd_loglevel.sh -> tests/hardening/5.2.5_sshd_loglevel.sh
	renamed:    tests/hardening/9.3.13_sshd_limit_access.sh -> tests/hardening/5.2.6_disable_x11_forwarding.sh
	renamed:    tests/hardening/9.3.12_sshd_idle_timeout.sh -> tests/hardening/5.2.7_sshd_maxauthtries.sh
	renamed:    tests/hardening/9.3.11_sshd_ciphers.sh -> tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	renamed:    tests/hardening/9.3.10_disable_sshd_setenv.sh -> tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
2019-09-11 17:12:54 +02:00
Charles Herlin
c863a01305 Renum 9.2.x to 5.3.x Pam password settings
renamed:    bin/hardening/9.2.1_enable_cracklib.sh -> bin/hardening/5.3.1_enable_cracklib.sh
	renamed:    bin/hardening/9.2.2_enable_lockout_failed_password.sh -> bin/hardening/5.3.2_enable_lockout_failed_password.sh
	renamed:    bin/hardening/9.2.3_limit_password_reuse.sh -> bin/hardening/5.3.3_limit_password_reuse.sh
	renamed:    tests/hardening/9.2.1_enable_cracklib.sh -> tests/hardening/5.3.1_enable_cracklib.sh
	renamed:    tests/hardening/9.2.3_limit_password_reuse.sh -> tests/hardening/5.3.2_enable_lockout_failed_password.sh
	renamed:    tests/hardening/9.2.2_enable_lockout_failed_password.sh -> tests/hardening/5.3.3_limit_password_reuse.sh
2019-09-11 15:40:00 +02:00
Charles Herlin
124dde8254 Renum 9.1.x to 5.1.x cron checks
renamed:    bin/hardening/9.1.1_enable_cron.sh -> bin/hardening/5.1.1_enable_cron.sh
	renamed:    bin/hardening/9.1.2_crontab_perm_ownership.sh -> bin/hardening/5.1.2_crontab_perm_ownership.sh
	renamed:    bin/hardening/9.1.3_cron_hourly_perm_ownership.sh -> bin/hardening/5.1.3_cron_hourly_perm_ownership.sh
	renamed:    bin/hardening/9.1.4_cron_daily_perm_ownership.sh -> bin/hardening/5.1.4_cron_daily_perm_ownership.sh
	renamed:    bin/hardening/9.1.5_cron_weekly_perm_ownership.sh -> bin/hardening/5.1.5_cron_weekly_perm_ownership.sh
	renamed:    bin/hardening/9.1.6_cron_monthly_perm_ownership.sh -> bin/hardening/5.1.6_cron_monthly_perm_ownership.sh
	renamed:    bin/hardening/9.1.7_cron_d_perm_ownership.sh -> bin/hardening/5.1.7_cron_d_perm_ownership.sh
	renamed:    bin/hardening/9.1.8_cron_users.sh -> bin/hardening/5.1.8_cron_users.sh
	renamed:    tests/hardening/9.1.8_cron_users.sh -> tests/hardening/5.1.1_enable_cron.sh
	renamed:    tests/hardening/9.1.7_cron_d_perm_ownership.sh -> tests/hardening/5.1.2_crontab_perm_ownership.sh
	renamed:    tests/hardening/9.1.6_cron_monthly_perm_ownership.sh -> tests/hardening/5.1.3_cron_hourly_perm_ownership.sh
	renamed:    tests/hardening/9.1.5_cron_weekly_perm_ownership.sh -> tests/hardening/5.1.4_cron_daily_perm_ownership.sh
	renamed:    tests/hardening/9.1.4_cron_daily_perm_ownership.sh -> tests/hardening/5.1.5_cron_weekly_perm_ownership.sh
	renamed:    tests/hardening/9.1.3_cron_hourly_perm_ownership.sh -> tests/hardening/5.1.6_cron_monthly_perm_ownership.sh
	renamed:    tests/hardening/9.1.2_crontab_perm_ownership.sh -> tests/hardening/5.1.7_cron_d_perm_ownership.sh
	renamed:    tests/hardening/9.1.1_enable_cron.sh -> tests/hardening/5.1.8_cron_users.sh
2019-09-11 12:16:50 +02:00
Charles Herlin
65f92a7556 Renum 8.2.x to 4.2.2.x for syslog-ng
renamed:    bin/hardening/8.2.2_enable_syslog-ng.sh -> bin/hardening/4.2.2.1_enable_syslog-ng.sh
	renamed:    bin/hardening/8.2.3_configure_syslog-ng.sh -> bin/hardening/4.2.2.2_configure_syslog-ng.sh
	new file:   bin/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh
	renamed:    bin/hardening/8.2.5_syslog-ng_remote_host.sh -> bin/hardening/4.2.2.4_syslog-ng_remote_host.sh
	renamed:    bin/hardening/8.2.6_remote_syslog-ng_acl.sh -> bin/hardening/4.2.2.5_remote_syslog-ng_acl.sh
	renamed:    tests/hardening/8.2.6_remote_syslog-ng_acl.sh -> tests/hardening/4.2.2.1_enable_syslog-ng.sh
	renamed:    tests/hardening/8.2.3_configure_syslog-ng.sh -> tests/hardening/4.2.2.2_configure_syslog-ng.sh
	renamed:    tests/hardening/8.2.2_enable_syslog-ng.sh -> tests/hardening/4.2.2.3_syslog_ng_logfiles_perm.sh
	renamed:    tests/hardening/8.2.5_syslog-ng_remote_host.sh -> tests/hardening/4.2.2.4_syslog-ng_remote_host.sh
	new file:   tests/hardening/4.2.2.5_remote_syslog-ng_acl.sh
2019-09-11 11:52:24 +02:00
Charles Herlin
00dd3ef591 Renum 8.1.x auditing configuration
renamed:    bin/hardening/8.1.1.1_audit_log_storage.sh -> bin/hardening/4.1.1.1_audit_log_storage.sh
	renamed:    bin/hardening/8.1.1.2_halt_when_audit_log_full.sh -> bin/hardening/4.1.1.2_halt_when_audit_log_full.sh
	renamed:    bin/hardening/8.1.1.3_keep_all_audit_logs.sh -> bin/hardening/4.1.1.3_keep_all_audit_logs.sh
	renamed:    bin/hardening/8.1.10_record_dac_edit.sh -> bin/hardening/4.1.10_record_dac_edit.sh
	renamed:    bin/hardening/8.1.11_record_failed_access_file.sh -> bin/hardening/4.1.11_record_failed_access_file.sh
	renamed:    bin/hardening/8.1.12_record_privileged_commands.sh -> bin/hardening/4.1.12_record_privileged_commands.sh
	renamed:    bin/hardening/8.1.13_record_successful_mount.sh -> bin/hardening/4.1.13_record_successful_mount.sh
	renamed:    bin/hardening/8.1.14_record_file_deletions.sh -> bin/hardening/4.1.14_record_file_deletions.sh
	renamed:    bin/hardening/8.1.15_record_sudoers_edit.sh -> bin/hardening/4.1.15_record_sudoers_edit.sh
	renamed:    bin/hardening/8.1.16_record_sudo_usage.sh -> bin/hardening/4.1.16_record_sudo_usage.sh
	renamed:    bin/hardening/8.1.17_record_kernel_modules.sh -> bin/hardening/4.1.17_record_kernel_modules.sh
	renamed:    bin/hardening/8.1.18_freeze_auditd_conf.sh -> bin/hardening/4.1.18_freeze_auditd_conf.sh
	renamed:    bin/hardening/8.1.2_enable_auditd.sh -> bin/hardening/4.1.2_enable_auditd.sh
	renamed:    bin/hardening/8.1.3_audit_bootloader.sh -> bin/hardening/4.1.3_audit_bootloader.sh
	renamed:    bin/hardening/8.1.4_record_date_time_edit.sh -> bin/hardening/4.1.4_record_date_time_edit.sh
	renamed:    bin/hardening/8.1.5_record_user_group_edit.sh -> bin/hardening/4.1.5_record_user_group_edit.sh
	renamed:    bin/hardening/8.1.6_record_network_edit.sh -> bin/hardening/4.1.6_record_network_edit.sh
	renamed:    bin/hardening/8.1.7_record_mac_edit.sh -> bin/hardening/4.1.7_record_mac_edit.sh
	renamed:    bin/hardening/8.1.8_record_login_logout.sh -> bin/hardening/4.1.8_record_login_logout.sh
	renamed:    bin/hardening/8.1.9_record_session_init.sh -> bin/hardening/4.1.9_record_session_init.sh
	renamed:    tests/hardening/8.1.9_record_session_init.sh -> tests/hardening/4.1.1.1_audit_log_storage.sh
	renamed:    tests/hardening/8.1.8_record_login_logout.sh -> tests/hardening/4.1.1.2_halt_when_audit_log_full.sh
	renamed:    tests/hardening/8.1.7_record_mac_edit.sh -> tests/hardening/4.1.1.3_keep_all_audit_logs.sh
	renamed:    tests/hardening/8.1.6_record_network_edit.sh -> tests/hardening/4.1.10_record_dac_edit.sh
	renamed:    tests/hardening/8.1.5_record_user_group_edit.sh -> tests/hardening/4.1.11_record_failed_access_file.sh
	renamed:    tests/hardening/8.1.4_record_date_time_edit.sh -> tests/hardening/4.1.12_record_privileged_commands.sh
	renamed:    tests/hardening/8.1.3_audit_bootloader.sh -> tests/hardening/4.1.13_record_successful_mount.sh
	renamed:    tests/hardening/8.1.2_enable_auditd.sh -> tests/hardening/4.1.14_record_file_deletions.sh
	renamed:    tests/hardening/8.1.18_freeze_auditd_conf.sh -> tests/hardening/4.1.15_record_sudoers_edit.sh
	renamed:    tests/hardening/8.1.17_record_kernel_modules.sh -> tests/hardening/4.1.16_record_sudo_usage.sh
	renamed:    tests/hardening/8.1.16_record_sudo_usage.sh -> tests/hardening/4.1.17_record_kernel_modules.sh
	renamed:    tests/hardening/8.1.15_record_sudoers_edit.sh -> tests/hardening/4.1.18_freeze_auditd_conf.sh
	renamed:    tests/hardening/8.1.14_record_file_deletions.sh -> tests/hardening/4.1.2_enable_auditd.sh
	renamed:    tests/hardening/8.1.13_record_successful_mount.sh -> tests/hardening/4.1.3_audit_bootloader.sh
	renamed:    tests/hardening/8.1.12_record_privileged_commands.sh -> tests/hardening/4.1.4_record_date_time_edit.sh
	renamed:    tests/hardening/8.1.11_record_failed_access_file.sh -> tests/hardening/4.1.5_record_user_group_edit.sh
	renamed:    tests/hardening/8.1.10_record_dac_edit.sh -> tests/hardening/4.1.6_record_network_edit.sh
	renamed:    tests/hardening/8.1.1.3_keep_all_audit_logs.sh -> tests/hardening/4.1.7_record_mac_edit.sh
	renamed:    tests/hardening/8.1.1.2_halt_when_audit_log_full.sh -> tests/hardening/4.1.8_record_login_logout.sh
	renamed:    tests/hardening/8.1.1.1_audit_log_storage.sh -> tests/hardening/4.1.9_record_session_init.sh
2019-09-09 16:45:54 +02:00
Charles Herlin
032aaa7c79 Renumber 7.5.x and 7.6
renamed:    bin/hardening/7.5.1_disable_dccp.sh -> bin/hardening/3.4.1_disable_dccp.sh
	renamed:    bin/hardening/7.5.2_disable_sctp.sh -> bin/hardening/3.4.2_disable_sctp.sh
	renamed:    bin/hardening/7.5.3_disable_rds.sh -> bin/hardening/3.4.3_disable_rds.sh
	renamed:    bin/hardening/7.5.4_disable_tipc.sh -> bin/hardening/3.4.4_disable_tipc.sh
	renamed:    bin/hardening/7.6_disable_wireless.sh -> bin/hardening/3.6_disable_wireless.sh
	renamed:    tests/hardening/7.6_disable_wireless.sh -> tests/hardening/3.4.1_disable_dccp.sh
	renamed:    tests/hardening/7.5.4_disable_tipc.sh -> tests/hardening/3.4.2_disable_sctp.sh
	renamed:    tests/hardening/7.5.3_disable_rds.sh -> tests/hardening/3.4.3_disable_rds.sh
	renamed:    tests/hardening/7.5.2_disable_sctp.sh -> tests/hardening/3.4.4_disable_tipc.sh
	renamed:    tests/hardening/7.5.1_disable_dccp.sh -> tests/hardening/3.6_disable_wireless.sh
2019-08-30 17:18:26 +02:00
Charles Herlin
68f9f56192 Renumber 7.4.x tcp wrappers
renamed:    bin/hardening/7.4.1_install_tcp_wrapper.sh -> bin/hardening/3.3.1_install_tcp_wrapper.sh
	renamed:    bin/hardening/7.4.2_hosts_allow.sh -> bin/hardening/3.3.2_hosts_allow.sh
	renamed:    bin/hardening/7.4.4_hosts_deny.sh -> bin/hardening/3.3.3_hosts_deny.sh
	renamed:    bin/hardening/7.4.3_hosts_allow_permissions.sh -> bin/hardening/3.3.4_hosts_allow_permissions.sh
	renamed:    bin/hardening/7.4.5_hosts_deny_permissions.sh -> bin/hardening/3.3.5_hosts_deny_permissions.sh
	renamed:    tests/hardening/7.4.5_hosts_deny_permissions.sh -> tests/hardening/3.3.1_install_tcp_wrapper.sh
	renamed:    tests/hardening/7.4.4_hosts_deny.sh -> tests/hardening/3.3.2_hosts_allow.sh
	renamed:    tests/hardening/7.4.3_hosts_allow_permissions.sh -> tests/hardening/3.3.3_hosts_deny.sh
	renamed:    tests/hardening/7.4.2_hosts_allow.sh -> tests/hardening/3.3.4_hosts_allow_permissions.sh
	renamed:    tests/hardening/7.4.1_install_tcp_wrapper.sh -> tests/hardening/3.3.5_hosts_deny_permissions.sh
2019-08-30 17:11:03 +02:00
Charles Herlin
c5674c3627 Renumber network params 7.1.x, 7.2.x and 7.3
renamed:    bin/hardening/7.1.1_disable_ip_forwarding.sh -> bin/hardening/3.1.1_disable_ip_forwarding.sh
	renamed:    bin/hardening/7.1.2_disable_send_packet_redirects.sh -> bin/hardening/3.1.2_disable_send_packet_redirects.sh
	renamed:    bin/hardening/7.2.1_disable_source_routed_packets.sh -> bin/hardening/3.2.1_disable_source_routed_packets.sh
	renamed:    bin/hardening/7.2.2_disable_icmp_redirect.sh -> bin/hardening/3.2.2_disable_icmp_redirect.sh
	renamed:    bin/hardening/7.2.3_disable_secure_icmp_redirect.sh -> bin/hardening/3.2.3_disable_secure_icmp_redirect.sh
	renamed:    bin/hardening/7.2.4_log_martian_packets.sh -> bin/hardening/3.2.4_log_martian_packets.sh
	renamed:    bin/hardening/7.2.5_ignore_broadcast_requests.sh -> bin/hardening/3.2.5_ignore_broadcast_requests.sh
	renamed:    bin/hardening/7.2.8_enable_tcp_syn_cookies.sh -> bin/hardening/3.2.8_enable_tcp_syn_cookies.sh
	renamed:    bin/hardening/7.3.1_disable_ipv6_router_advertisement.sh -> bin/hardening/3.2.9_disable_ipv6_router_advertisement.sh
	renamed:    bin/hardening/7.3.3_disable_ipv6.sh -> bin/hardening/3.7_disable_ipv6.sh
	deleted:    bin/hardening/7.2.6_enable_bad_error_message_protection.sh
	deleted:    bin/hardening/7.2.7_enable_source_route_validation.sh
	deleted:    bin/hardening/7.3.2_disable_ipv6_redirect.sh
	renamed:    tests/hardening/7.3.3_disable_ipv6.sh -> tests/hardening/3.1.1_disable_ip_forwarding.sh
	renamed:    tests/hardening/7.3.2_disable_ipv6_redirect.sh -> tests/hardening/3.1.2_disable_send_packet_redirects.sh
	renamed:    tests/hardening/7.3.1_disable_ipv6_router_advertisement.sh -> tests/hardening/3.2.1_disable_source_routed_packets.sh
	renamed:    tests/hardening/7.2.8_enable_tcp_syn_cookies.sh -> tests/hardening/3.2.2_disable_icmp_redirect.sh
	renamed:    tests/hardening/7.2.7_enable_source_route_validation.sh -> tests/hardening/3.2.3_disable_secure_icmp_redirect.sh
	renamed:    tests/hardening/7.2.6_enable_bad_error_message_protection.sh -> tests/hardening/3.2.4_log_martian_packets.sh
	renamed:    tests/hardening/7.2.5_ignore_broadcast_requests.sh -> tests/hardening/3.2.5_ignore_broadcast_requests.sh
	renamed:    tests/hardening/7.2.4_log_martian_packets.sh -> tests/hardening/3.2.8_enable_tcp_syn_cookies.sh
	renamed:    tests/hardening/7.2.3_disable_secure_icmp_redirect.sh -> tests/hardening/3.2.9_disable_ipv6_router_advertisement.sh
	renamed:    tests/hardening/7.2.2_disable_icmp_redirect.sh -> tests/hardening/3.7_disable_ipv6.sh
	deleted:    tests/hardening/7.1.1_disable_ip_forwarding.sh
	deleted:    tests/hardening/7.1.2_disable_send_packet_redirects.sh
	deleted:    tests/hardening/7.2.1_disable_source_routed_packets.sh
2019-08-30 14:14:29 +02:00
Charles Herlin
e205dc7481 Renumber special purpose services 6.x
new file:   bin/hardening/2.2.1.1_use_time_sync.sh
	renamed:    bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh
	new file:   bin/hardening/2.2.1.3_configure_chrony.sh
	renamed:    bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh
	renamed:    bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh
	renamed:    bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh
	renamed:    bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh
	renamed:    bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh
	renamed:    bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh
	renamed:    bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh
	renamed:    bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh
	renamed:    bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh
	renamed:    bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh
	renamed:    bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh
	renamed:    bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh
	renamed:    bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh
	renamed:    bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh
	deleted:    bin/hardening/6.3_disable_print_server.sh
	new file:   tests/hardening/2.2.1.1_use_time_sync.sh
	renamed:    tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh
	renamed:    tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh
	renamed:    tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh
	renamed:    tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh
	renamed:    tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh
	renamed:    tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh
	renamed:    tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh
	renamed:    tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh
	renamed:    tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh
	renamed:    tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh
	renamed:    tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh
	renamed:    tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh
	renamed:    tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh
	renamed:    tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh
	renamed:    tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh
	renamed:    tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
Charles Herlin
fbdf3b72ed Renumbering OS services checks and removing obsolete ones
new file:   bin/hardening/2.1.1_disable_xinetd.sh
	renamed:    bin/hardening/5.1.8_disable_inetd.sh -> bin/hardening/2.1.2_disable_bsd_inetd.sh
	renamed:    bin/hardening/5.1.1_disable_nis.sh -> bin/hardening/2.3.1_disable_nis.sh
	renamed:    bin/hardening/5.1.3_disable_rsh_client.sh -> bin/hardening/2.3.2_disable_rsh_client.sh
	renamed:    bin/hardening/5.1.5_disable_talk_client.sh -> bin/hardening/2.3.3_disable_talk_client.sh
	deleted:    bin/hardening/5.1.2_disable_rsh.sh
	deleted:    bin/hardening/5.1.4_disable_talk.sh
	deleted:    bin/hardening/5.1.6_disable_telnet_server.sh
	deleted:    bin/hardening/5.1.7_disable_tftp_server.sh
	deleted:    bin/hardening/5.2_disable_chargen.sh
	deleted:    bin/hardening/5.3_disable_daytime.sh
	deleted:    bin/hardening/5.4_disable_echo.sh
	deleted:    bin/hardening/5.5_disable_discard.sh
	deleted:    bin/hardening/5.6_disable_time.sh
	renamed:    tests/hardening/5.6_disable_time.sh -> tests/hardening/2.1.1_disable_xinetd.sh
	renamed:    tests/hardening/5.5_disable_discard.sh -> tests/hardening/2.3.1_disable_nis.sh
	renamed:    tests/hardening/5.4_disable_echo.sh -> tests/hardening/2.3.2_disable_rsh_client.sh
	renamed:    tests/hardening/5.3_disable_daytime.sh -> tests/hardening/2.3.3_disable_talk_client.sh
	deleted:    tests/hardening/5.1.1_disable_nis.sh
	deleted:    tests/hardening/5.1.2_disable_rsh.sh
	deleted:    tests/hardening/5.1.3_disable_rsh_client.sh
	deleted:    tests/hardening/5.1.4_disable_talk.sh
	deleted:    tests/hardening/5.1.5_disable_talk_client.sh
	deleted:    tests/hardening/5.1.6_disable_telnet_server.sh
	deleted:    tests/hardening/5.1.7_disable_tftp_server.sh
	deleted:    tests/hardening/5.1.8_disable_inetd.sh
	deleted:    tests/hardening/5.2_disable_chargen.sh
2019-08-29 10:33:23 +02:00
Charles Herlin
6365f58b4c Renumbering 4.x checks
renamed:    4.1_restrict_core_dumps.sh -> 1.5.1_restrict_core_dumps.sh
	renamed:    4.2_enable_nx_support.sh -> 1.5.2_enable_nx_support.sh
	renamed:    4.3_enable_randomized_vm_placement.sh -> 1.5.3_enable_randomized_vm_placement.sh
	renamed:    4.4_disable_prelink.sh -> 1.5.4_disable_prelink.sh
	renamed:    ../../tests/hardening/4.4_disable_prelink.sh -> ../../tests/hardening/1.5.1_restrict_core_dumps.sh
	renamed:    ../../tests/hardening/4.3_enable_randomized_vm_placement.sh -> ../../tests/hardening/1.5.2_enable_nx_support.sh
	renamed:    ../../tests/hardening/4.2_enable_nx_support.sh -> ../../tests/hardening/1.5.3_enable_randomized_vm_placement.sh
	renamed:    ../../tests/hardening/4.1_restrict_core_dumps.sh -> ../../tests/hardening/1.5.4_disable_prelink.sh
2019-08-28 17:26:27 +02:00
Charles Herlin
fe25b1ba38 Renumbering of bootloader checks
renamed:    3.1_bootloader_ownership.sh -> 1.4.1_bootloader_ownership.sh
	renamed:    3.3_bootloader_password.sh -> 1.4.2_bootloader_password.sh
	renamed:    3.4_root_password.sh -> 1.4.3_root_password.sh
	deleted:    3.2_bootloader_permissions.sh
	renamed:    ../../tests/hardening/3.4_root_password.sh -> ../../tests/hardening/1.4.1_bootloader_ownership.sh
	renamed:    ../../tests/hardening/3.3_bootloader_password.sh -> ../../tests/hardening/1.4.2_bootloader_password.sh
	renamed:    ../../tests/hardening/3.1_bootloader_ownership.sh -> ../../tests/hardening/1.4.3_root_password.sh
2019-08-28 17:19:59 +02:00
Charles Herlin
0b85d16c16 First batch of renaming to comply to comply to 8v2 and 9 pdf
renamed:    2.19_disable_freevxfs.sh -> 1.1.1.1_disable_freevxfs.sh
	renamed:    2.20_disable_jffs2.sh -> 1.1.1.2_disable_jffs2.sh
	renamed:    2.21_disable_hfs.sh -> 1.1.1.3_disable_hfs.sh
	renamed:    2.22_disable_hfsplus.sh -> 1.1.1.4_disable_hfsplus.sh
	renamed:    2.24_disable_udf.sh -> 1.1.1.5_disable_udf.sh
	renamed:    2.7_var_log_partition.sh -> 1.1.11_var_log_partition.sh
	renamed:    2.8_var_log_audit_partition.sh -> 1.1.12_var_log_audit_partition.sh
	renamed:    2.9_home_partition.sh -> 1.1.13_home_partition.sh
	renamed:    2.10_home_nodev.sh -> 1.1.14_home_nodev.sh
	renamed:    2.14_run_shm_nodev.sh -> 1.1.15_run_shm_nodev.sh
	renamed:    2.15_run_shm_nosuid.sh -> 1.1.16_run_shm_nosuid.sh
	renamed:    2.16_run_shm_noexec.sh -> 1.1.17_run_shm_noexec.sh
	renamed:    2.11_removable_device_nodev.sh -> 1.1.18_removable_device_nodev.sh
	renamed:    2.13_removable_device_nosuid.sh -> 1.1.19_removable_device_nosuid.sh
	renamed:    2.12_removable_device_noexec.sh -> 1.1.20_removable_device_noexec.sh
	renamed:    2.17_sticky_bit_world_writable_folder.sh -> 1.1.21_sticky_bit_world_writable_folder.sh
	renamed:    2.25_disable_automounting.sh -> 1.1.22_disable_automounting.sh
	renamed:    2.1_tmp_partition.sh -> 1.1.2_tmp_partition.sh
	renamed:    2.2_tmp_nodev.sh -> 1.1.3_tmp_nodev.sh
	renamed:    2.3_tmp_nosuid.sh -> 1.1.4_tmp_nosuid.sh
	renamed:    2.4_tmp_noexec.sh -> 1.1.5_tmp_noexec.sh
	renamed:    2.5_var_partition.sh -> 1.1.6_var_partition.sh
	renamed:    1.1_install_updates.sh -> 1.8_install_updates.sh
2019-08-27 15:30:47 +02:00
Thibault Ayanides
88e3a515ef 5.2.17_sshd_login_grace_time 2020-10-05 17:26:13 +02:00
Thibault Ayanides
55c1cdbdde 5.2.3_ssh_host_public_keys_perm_ownership 2020-10-05 17:05:47 +02:00
Thibault Ayanides
6f5d714b55 5.2.2_ssh_host_private_keys_perm_ownership 2020-10-05 17:05:26 +02:00
Thibault Ayanides
d6e5803252 4.2.4_logs_permissions 2020-10-05 13:17:44 +02:00
Thibault Ayanides
922f28c200 4.2.3_install_syslog-ng 2020-09-30 17:03:10 +02:00
Charles Herlin
5a1a70bbd3 FIX(test/10.2): backup and restore /etc/passwd after test 2019-08-28 12:30:13 +02:00
Charles Herlin
a4969e6ba6 IMP(99.3.1): improve check with disabled passwords 2019-08-28 11:49:01 +02:00
Charles Herlin
96f3b74334 FIX(10.2): improve test to check multiple login shells
fix IFS bug
add test
2019-08-28 11:47:49 +02:00
Charles Herlin
1ec77dbb56 FIX(13.15): fix code that did not show duplicated group
Add tests
Apply shellcheck recommendations
2019-03-28 17:51:02 +01:00
Charles Herlin
8f87d75293 FIX(99.5.4): fix regex to allow other authkey options than "from" 2019-03-15 18:17:48 +01:00
Charles Herlin
02673826a0 FIX(8.2.x): fix grep and find in audit scripts 2019-03-18 16:19:05 +01:00
Charles Herlin
be1ad3e581 IMP(99.5.4): add conf to check only listed users 2019-03-05 10:49:45 +01:00
Charles Herlin
9ada868f43 IMP(8.2.4): add exceptions in check and apply
Apply shellcheck recommendations
2019-03-01 12:12:42 +01:00
Charles Herlin
41ccd5655a CHORE(test 8.2.5): removed useless cleanup line 2019-02-26 15:19:05 +01:00
Charles Herlin
e46a85dc6c FIX(9.3.2): dismiss test for initial after e7d9977
LogLevel not consistent at install time between debian versions
Easier to dismiss this check's result at the first step
2019-02-26 15:16:06 +01:00
Charles Herlin
1caf0f489a FIX(12.1x): fix tests exception for mail after da6acb0b
Installing syslog-ng in Dockerfile added some suid/sgid binaries that
needed to be treated as exception in test scenarii
2019-02-26 15:08:21 +01:00
Charles Herlin
de7dfe5956 CHORE(2.1x): use "readlink -e" instead of custom func
Removed get_partition_from_symlink()
2019-02-26 15:06:51 +01:00
Charles Herlin
8031c388c6 IMP(9.3.2): Comply with Debian9 guide: verbose ssh loglevel 2019-02-25 15:16:02 +01:00
Charles Herlin
f7f2f614aa IMP(9.3.2): Add custom configuration management
Add create_config to allow user to customize their conf

Improve tests
Apply shellcheck recommendations
2019-02-22 15:40:01 +01:00
Charles Herlin
605a768fe1 IMP(13.13): Add exceptions for home directories not owned by owner
Fill tests

Apply shellcheck recommendations
2019-02-22 15:22:58 +01:00
Charles Herlin
80a1146af7 IMP(8.2.5): find multiline pattern in files (syslog)
Add func to find pattern in file that spreads over multiple lines
The func will remove commented lines (that begin with '#')
and consider the file as one long line.
Thus, this is not possible to look for pattern at beginning of line
with this func ('^' and '$')

Improved pattern in 8.2.5

Add syslog-ng to installed dependencies in Dockerfiles

Fixed multifile arguments when looking for pattern that got broken
in d2bbf754 due to "nocase" and _does_pattern_exist_in_file wrapper
Please note that you can only look for pattern in ONE FILE at once
Fixed 8.2.5 and 8.3.2 with for loop on files and 'FOUND' flag
You now need to specify each and every file to look for or embed a
'find' command as follow :
`FILES="$SYSLOG_BASEDIR/syslog-ng.conf $(find $SYSLOG_BASEDIR/conf.d/)"`

Improved test files
Applied shellcheck recommendations
2019-02-22 12:39:41 +01:00
Charles Herlin
7408216957 IMP(2.1x): Retrieve actual partition when symlink
Add function to retrieve actual partition from symlink in lib/utils.sh
Using this func in all 3 audit scripts

Improved tests to test this func

Apply shellcheck recommendations
Trim trailing spaces
2019-02-22 12:22:14 +01:00
Charles Herlin
ac76942ca7 CHORE(tests): cleanup test files 2019-02-18 18:08:19 +01:00
Charles Herlin
cf42666833 FIX(tests): change sed in conf file disabled->audit following d6172ad
In test cases, changed in sed command "disabled" to "audit" to enable
apply part, following this commit
d6172ad Change default status disabled -> audit when no conf file

 5f28036 - Change default status to audit for file with custom
  `create_config` (Charles Herlin Thu Feb 14 14:33:21 2019 +0100)
2019-02-15 17:42:17 +01:00
Charles Herlin
6cbe8f572f CHORE(tests): Cleanup test files 2019-02-18 18:10:22 +01:00