Commit Graph

446 Commits

Author SHA1 Message Date
Thibault Ayanides
c17d04ecc2 IMP(shellcheck): comply with shellcheck rules
I added shellcheck prefixes to fix:
 * SC1091 (following sourced files)
 * SC2034 (unused variables)
2020-11-27 09:18:00 +01:00
Thibault Ayanides
cccc0881e9 IMP(shellcheck): add run-shellcheck prefix 2020-11-23 17:10:37 +01:00
Thibault Ayanides
9c3aa51982 Update changelog 2020-11-30 15:16:36 +01:00
Thibault Ayanides
b994ca11a7 FIX(main): fix small bug in main
The bug (introduced in 2.1-2) leaded to an error in the test that evaluates forcedstatus
2020-11-30 15:10:39 +01:00
Thibault Ayanides
f4e0aafacc IMP(5.2.3): fix possible permissions for 5.2.3 2020-11-30 14:27:20 +01:00
Thibault Ayanides
d40a85085d FIX: fix issue, we had to run audit twice
First one as root to create conf files with good owner and permissions, and then with secaudit.
Now first run with --create-config-files-only and the normally with --audit.
2020-11-20 10:05:14 +01:00
Thibault Ayanides
467e5f178c fixup! IMP(4.5): rename to 1.6.1.2 improve test 2020-11-17 13:02:02 +01:00
Thibault Ayanides
d244a2e810 fixup! IMP(4.5): rename to 1.6.1.2 improve test 2020-11-17 12:56:10 +01:00
Thibault Ayanides
84bff4ac88 fixup! Move to most recent docker image for buster 2020-11-16 17:07:08 +01:00
Thibault Ayanides
d640a467e2 fixup! IMP(4.1.x): add tests for each checks 2020-11-16 16:54:51 +01:00
Thibault Ayanides
9bfb7efca1 Update changelog 2020-11-16 16:39:47 +01:00
Thibault Ayanides
7b8cca20d6 FIX(4.1.1.2): fix auditd apply 2020-11-09 11:48:48 +01:00
Thibault Ayanides
a6de243808 Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant 2020-11-09 09:00:34 +01:00
Thibault Ayanides
7e8c976722 Add disclaimer when checks don't require comprehensive checks
modified:   tests/hardening/1.1.1.1_disable_freevxfs.sh
	modified:   tests/hardening/1.1.1.2_disable_jffs2.sh
	modified:   tests/hardening/1.1.1.3_disable_hfs.sh
	modified:   tests/hardening/1.1.1.4_disable_hfsplus.sh
	modified:   tests/hardening/1.1.1.5_disable_udf.sh
	modified:   tests/hardening/1.1.1.6_disable_cramfs.sh
	modified:   tests/hardening/1.1.1.7_disable_squashfs.sh
	modified:   tests/hardening/1.1.10_var_tmp_noexec.sh
	modified:   tests/hardening/1.1.11_var_log_partition.sh
	modified:   tests/hardening/1.1.12_var_log_audit_partition.sh
	modified:   tests/hardening/1.1.13_home_partition.sh
	modified:   tests/hardening/1.1.14_home_nodev.sh
	modified:   tests/hardening/1.1.18_removable_device_nodev.sh
	modified:   tests/hardening/1.1.19_removable_device_nosuid.sh
	modified:   tests/hardening/1.1.20_removable_device_noexec.sh
	modified:   tests/hardening/1.1.2_tmp_partition.sh
	modified:   tests/hardening/1.1.3_tmp_nodev.sh
	modified:   tests/hardening/1.1.4_tmp_nosuid.sh
	modified:   tests/hardening/1.1.5_tmp_noexec.sh
	modified:   tests/hardening/1.1.6_var_partition.sh
	modified:   tests/hardening/1.1.7_var_tmp_partition.sh
	modified:   tests/hardening/1.1.8_var_tmp_nodev.sh
	modified:   tests/hardening/1.1.9_var_tmp_nosuid.sh
	modified:   tests/hardening/1.8_install_updates.sh
	modified:   tests/hardening/2.2.10_disable_http_server.sh
	modified:   tests/hardening/2.2.11_disable_imap_pop.sh
	modified:   tests/hardening/2.2.12_disable_samba.sh
	modified:   tests/hardening/2.2.13_disable_http_proxy.sh
	modified:   tests/hardening/2.2.14_disable_snmp_server.sh
	modified:   tests/hardening/2.2.2_disable_xwindow_system.sh
	modified:   tests/hardening/2.2.3_disable_avahi_server.sh
	modified:   tests/hardening/2.2.4_disable_print_server.sh
	modified:   tests/hardening/2.2.5_disable_dhcp.sh
	modified:   tests/hardening/2.2.6_disable_ldap.sh
	modified:   tests/hardening/2.2.7_disable_nfs_rpc.sh
	modified:   tests/hardening/2.2.8_disable_dns_server.sh
	modified:   tests/hardening/2.2.9_disable_ftp.sh
	modified:   tests/hardening/2.3.1_disable_nis.sh
	modified:   tests/hardening/2.3.2_disable_rsh_client.sh
	modified:   tests/hardening/2.3.3_disable_talk_client.sh
	modified:   tests/hardening/2.3.4_telnet_client_not_installed.sh
	modified:   tests/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 16:20:10 +01:00
Thibault Ayanides
ffd5b28840 FIX: fix apt autoremove to be non interactive
modified:   bin/hardening/2.2.10_disable_http_server.sh
	modified:   bin/hardening/2.2.11_disable_imap_pop.sh
	modified:   bin/hardening/2.2.12_disable_samba.sh
	modified:   bin/hardening/2.2.14_disable_snmp_server.sh
	modified:   bin/hardening/2.2.2_disable_xwindow_system.sh
	modified:   bin/hardening/2.2.3_disable_avahi_server.sh
	modified:   bin/hardening/2.2.4_disable_print_server.sh
	modified:   bin/hardening/2.2.5_disable_dhcp.sh
	modified:   bin/hardening/2.2.6_disable_ldap.sh
	modified:   bin/hardening/2.2.7_disable_nfs_rpc.sh
	modified:   bin/hardening/2.2.8_disable_dns_server.sh
	modified:   bin/hardening/2.2.9_disable_ftp.sh
	modified:   bin/hardening/2.3.1_disable_nis.sh
	modified:   bin/hardening/2.3.2_disable_rsh_client.sh
	modified:   bin/hardening/2.3.3_disable_talk_client.sh
	modified:   bin/hardening/2.3.4_telnet_client_not_installed.sh
	modified:   bin/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 14:51:26 +01:00
Thibault Ayanides
ce1e87b1a3 IMP(4.5): rename to 1.6.1.2 improve test 2020-11-06 11:09:22 +01:00
Thibault Ayanides
b5865947ba Move to most recent docker image for buster 2020-11-06 10:11:46 +01:00
Thibault Ayanides
ee4b2417c2 IMP(4.1.x): add tests for each checks 2020-11-02 15:47:27 +01:00
Thibault Ayanides
5568065c35 IMP(4.1.3): skip on docker (bootloader) 2020-11-02 15:46:45 +01:00
Thibault Ayanides
91a2824246 IMP(5.6): add test 2020-10-30 09:48:36 +01:00
Thibault Ayanides
47f8b7b677 IMP(5.4.4): add test 2020-10-30 09:48:27 +01:00
Thibault Ayanides
728011f846 IMP(5.4.3): add purposely failing test 2020-10-30 09:40:28 +01:00
Thibault Ayanides
17e43753b9 IMP(5.4.1.1-3): add tests and rename some variables 2020-10-30 09:39:42 +01:00
Thibault Ayanides
9aac4c3504 IMP(5.3.4): improve check 2020-10-29 16:47:34 +01:00
Thibault Ayanides
8af91dd6a8 IMP(5.3.1,5.3.2): add tests and upgrade PAM conf 2020-10-29 16:45:15 +01:00
Thibault Ayanides
feefee28e4 IMP(5.3.1): add test and config function for check 2020-10-29 15:35:56 +01:00
Thibault Ayanides
774af39a34 IMP(5.2.x): add tests and default_config
I added tests from 5.2.4 to 5.2.19 and default_config files in the
checks. This checks concern sshd conf (ciphers, mac, rootlogin, ...)

	modifié :         bin/hardening/5.2.4_sshd_protocol.sh
	modifié :         bin/hardening/5.2.6_disable_x11_forwarding.sh
	modifié :         bin/hardening/5.2.7_sshd_maxauthtries.sh
	modifié :         bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	modifié :         bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	modifié :         bin/hardening/5.2.10_disable_root_login.sh
	modifié :         bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	modifié :         bin/hardening/5.2.12_disable_sshd_setenv.sh
	modifié :         bin/hardening/5.2.13_sshd_ciphers.sh
	modifié :         bin/hardening/5.2.16_sshd_idle_timeout.sh
	modifié :         bin/hardening/5.2.17_sshd_login_grace_time.sh
	modifié :         tests/hardening/5.2.4_sshd_protocol.sh
	modifié :         tests/hardening/5.2.5_sshd_loglevel.sh
	modifié :         tests/hardening/5.2.6_disable_x11_forwarding.sh
	modifié :         tests/hardening/5.2.7_sshd_maxauthtries.sh
	modifié :         tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	modifié :         tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	modifié :         tests/hardening/5.2.10_disable_root_login.sh
	modifié :         tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	modifié :         tests/hardening/5.2.12_disable_sshd_setenv.sh
	modifié :         tests/hardening/5.2.13_sshd_ciphers.sh
	modifié :         tests/hardening/5.2.16_sshd_idle_timeout.sh
	modifié :         tests/hardening/5.2.17_sshd_login_grace_time.sh
	modifié :         tests/hardening/5.2.18_sshd_limit_access.sh
	modifié :         tests/hardening/5.2.19_ssh_banner.sh
2020-10-29 11:18:31 +01:00
Thibault Ayanides
e288835381 Update changelog 2020-11-16 14:21:47 +01:00
Thibault Ayanides
fbd26ceefa Fix race condition on /etc/passwd, /etc/shadow and /etc/group 2020-11-16 14:09:12 +01:00
Thibault Ayanides
501ce8c651 IMP(5.2.3): 640 permission is now ok for the check 2020-11-16 14:08:42 +01:00
Thibault Ayanides
829ee8631f Revert to previous check (8.2.4 in old num) 2020-11-16 14:06:39 +01:00
Thibault Ayanides
6620a82f34 Update changelog 2020-11-12 10:17:32 +01:00
Thibault
3c7a03445c FIX(3.1.1): fix unbound variable issue 2020-11-12 10:15:41 +01:00
Thibault Ayanides
03c8e25ff3 FIX(99.5.4): fix test (permission denied on authorized_keys) 2020-11-05 15:05:12 +01:00
Thibault Ayanides
7b73eac6d6 FIX: fix test for CDS 2020-11-05 14:24:57 +01:00
Thibault Ayanides
67649ec407 IMP: dismiss for count some tests on blank host 2020-11-05 12:06:14 +01:00
Thibault Ayanides
a7afb1099a IMP(6.2.8): fix bug where /sbin/nologin was considered as a valid shell 2020-11-05 11:25:52 +01:00
Thibault Ayanides
fe568561bf IMP: Better cleanup after tests 2020-11-05 10:13:14 +01:00
Thibault Ayanides
4dc8701132 Update changelog 2020-10-30 16:43:48 +01:00
Thibault Ayanides
6aae84f4b2 FIX(2.3.18): Re-add telnet server check
Renaming for 2.3.4 anbd 2.3.5 to have naming consistency.

	nouveau fichier : bin/hardening/2.2.18_disable_telnet_server.sh
	renommé :         bin/hardening/2.3.4_telnet_client_not_installed.sh -> bin/hardening/2.3.4_disable_telnet_client.sh
	renommé :         bin/hardening/2.3.5_ldap_client_not_installed.sh -> bin/hardening/2.3.5_disable_ldap_client.sh
	renommé :         tests/hardening/2.3.4_telnet_client_not_installed.sh -> tests/hardening/2.2.18_disable_telnet_server.sh
	renommé :         tests/hardening/2.3.5_ldap_client_not_installed.sh -> tests/hardening/2.3.4_disable_telnet_client.sh
	nouveau fichier : tests/hardening/2.3.5_disable_ldap_client.sh
2020-11-03 09:38:13 +01:00
Thibault Ayanides
668dc80bb8 FIX(3.1.1,3.2.1,3.2.2): don't check for IPv6 options if IPv6 is disabled 2020-11-02 17:16:11 +01:00
Thibault Ayanides
c2090b74b3 FIX(2.2.12): smbd enabling check was wrong 2020-11-02 16:53:04 +01:00
Thibault Ayanides
26c119c4a1 ADD(3.2.7): add check mysteriously deleted during renaming 2020-10-30 16:09:25 +01:00
Thibault Ayanides
aff5d708e8 ADD(3.2.6): add check mysteriously deleted during renaming 2020-10-30 16:09:21 +01:00
Thibault Ayanides
b266982a3c ADD(6.2.7): add check mysteriously deleted during renaming 2020-10-30 16:01:18 +01:00
Thibault Ayanides
a0b025deac Fix final printf command
The final printf bugs on non US system.
A fix is to truncate the percentage to 2 decimals with bc and not with
printf.
	modifié :         bin/hardening.sh
2020-10-30 14:56:27 +01:00
Thibault Ayanides
ccef85ebe3 IMP(4.2.4): use functions in utils 2020-10-30 14:49:16 +01:00
Thibault Ayanides
258da6b4a1 CLEAN(4.2.2): delete 4.2.2, duplicate with 4.2.3 2020-10-30 14:40:48 +01:00
Thibault Ayanides
9eb6bac993 FIX(6.2.9): fix EXCEPTIONS unbound variable error 2020-10-28 15:04:41 +01:00
Thibault Ayanides
df802b4882 Fix spelling mistakes and numbering in comments 2020-10-28 10:09:10 +01:00