Charles Herlin
d60922ab9d
Redirect stderr to avoid printing "no such file" error
2018-03-19 18:06:47 +01:00
Charles Herlin
39246bc175
resolve #SOC-30 Also check /etc/security/limits.d/ for core dump limit
2018-03-15 09:50:05 +01:00
Charles Herlin
47857774b4
Fix SOC-28, add test if file exist, if not issue error
2018-03-14 14:04:02 +01:00
Charles Herlin
b41df080cf
Add sudo management in main and utils
...
* perform readonly checks as a regular user
* sudo -n is used for checks requiring root privileges
* increase accountability by providing log of individual access to sensitive files
2018-03-13 10:38:25 +01:00
Julien Delayen
b5a952e0f0
changelog: Update to 1.1-1
...
- Add hardening templating and several enhancements
- CIS_ROOT_DIR management
- Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
- Debian packaging clean up
Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2018-02-02 11:54:10 +01:00
Julien Delayen
b0141494a9
debian: Remove useless {shlibs:Depends}
...
This fixes the following issue:
Depends field of package cis-hardening:
unknown substitution variable ${shlibs:Depends}
Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:51:45 +01:00
Julien Delayen
f21259c79d
debian: Fix lintian warning
...
The following error is highlighted by lintian:
depends-on-essential-package-without-using-version: bash
bash is always present and does not need to be specified
in debian/control.
See: https://lintian.debian.org/tags/depends-on-essential-package-without-using-version.html
Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:51:45 +01:00
Julien Delayen
fe167d29c7
debian: Remove auto-generated files from conffiles
...
The policy for configuration files having changed,
the files are not present in the package anymore.
Remove them from debian/conffiles.
Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:51:30 +01:00
Thibault Dewailly
321063fe7c
Merge pull request #31 in IAAS/cis-hardening from dev/cherlin/update-cis-scripts to master
...
* commit 'f97fbb47f701fd81a6dcdabb1d2e961943386eb5':
Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
2017-12-05 11:38:15 +01:00
Thibault Dewailly
73c640f4d1
Merge pull request #28 in IAAS/cis-hardening from dev/cherlin/cis-root-dir-in-env to master
...
* commit '5b11b1628a690e0bbd9d34cd5b83dbe74ac6fba7':
Expand tabs to 4 spaces and trim trailing spaces
Remove unnecessary CIS_ROOT_DIR empty assignation
Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management
Changing CIS_ROOT_DIR management in env in bin/hardening.sh
Change src/skel to allow setting CIS_ROOT_DIR in env and not just sourcing /etc/default/cis-hardening. Making the whole lib more versatile.
2017-12-05 11:32:45 +01:00
Charles Herlin
5b11b1628a
Expand tabs to 4 spaces and trim trailing spaces
2017-11-17 15:13:27 +01:00
Charles Herlin
f97fbb47f7
Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
2017-11-10 14:48:51 +01:00
Charles Herlin
725aaa39e5
Remove unnecessary CIS_ROOT_DIR empty assignation
2017-10-25 17:44:56 +02:00
Charles Herlin
cbfd04272b
Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management
2017-10-25 14:50:39 +02:00
Charles Herlin
c70d6120f8
Changing CIS_ROOT_DIR management in env in bin/hardening.sh
2017-10-25 14:48:54 +02:00
Charles Herlin
d1cbe7526c
Change src/skel to allow setting CIS_ROOT_DIR in env and not just sourcing /etc/default/cis-hardening. Making the whole lib more versatile.
2017-10-23 14:50:11 +02:00
Thibault Dewailly
b6aba4cc88
Merge pull request #12 from speed47/dev/enhancements
...
Hardening Classification
subs enhancements as well as bug fixes
2017-09-28 13:22:59 +02:00
Kevin Tanguy
a352c8cd2e
Merge pull request #27 in IAAS/cis-hardening from dev/thibault.dewailly/fixwildcards to master
...
* commit 'a4dc5bdaf5ec7f4d1c49533608b279d7101e23cd':
No more wildcards in file list to be more resilient
2017-06-15 10:43:31 +02:00
Stéphane Lesimple
dfaf4c2093
add hardening templating and several enhancements
2017-06-13 18:30:29 +02:00
thibault.dewailly
a4dc5bdaf5
No more wildcards in file list to be more resilient
2017-06-13 15:36:06 +02:00
Thibault Dewailly
02f643f390
Merge pull request #26 in IAAS/cis-hardening from dev/kevin.tanguy/packagebump to master
...
* commit '11ab51679bcb5cac893a190d1db22aebdc56ece0':
Debian package revision bump 1.0-11
2017-06-08 09:41:43 +02:00
kevin.tanguy
11ab51679b
Debian package revision bump 1.0-11
2017-06-06 09:38:02 +02:00
Thibault Dewailly
78569b5583
Merge pull request #11 from speed47/dev/fix_does_pattern_exist_in_file
...
handle ENOENT properly in does_pattern_exist_in_file()
2017-05-19 18:30:21 +02:00
Thibault Dewailly
4fcdf32dec
Merge pull request #10 from speed47/dev/beautifyprint
...
set a fixed-size prefix for logger
2017-05-19 17:20:47 +02:00
Stéphane Lesimple
f94dff5f3f
handle ENOENT properly in does_pattern_exist_in_file\(\)
2017-05-18 18:31:24 +02:00
Stéphane Lesimple
70811c258d
set a fixed-size prefix for logger
2017-05-18 18:27:02 +02:00
Thibault Dewailly
438b047d0e
Merge pull request #9 from Joorem/10.1.3-fix-option-name
...
[10.1.3] set the good value for $OPTIONS
2017-05-04 09:28:42 +02:00
Jérôme Le Gal
4c2107cbea
[10.1.3] set the good value for $OPTIONS
2017-05-03 23:08:48 +02:00
Kevin Tanguy
425683f7f4
Merge pull request #25 in IAAS/cis-hardening from dev/thibault.dewailly/fixShadowParsing to master
...
* commit '0f11b08ffb593285f745e3e249f3aaf83a6f5362':
[Debian 8] Fixed comments for debian 8 compliance
[10.2] Fixed result parsing in case of spaces in passwd list
2017-03-14 16:19:33 +01:00
thibault.dewailly
0f11b08ffb
[Debian 8] Fixed comments for debian 8 compliance
2017-03-14 15:42:08 +01:00
thibault.dewailly
717a794e45
[10.2] Fixed result parsing in case of spaces in passwd list
2017-03-10 17:26:55 +01:00
thibault.dewailly
d630c87541
Merge branch 'master' of github.com:ovh/debian-cis
2016-07-04 11:45:41 +02:00
Thibault Dewailly
370c97efab
Merge pull request #7 from MatthieuDestrez/fixPermitEmptyPassword
...
fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh, was …
2016-07-04 11:44:40 +02:00
Matthieu Destrez
1e47226bd4
fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh, was PermitRootLogin instead of PermitEmptyPassword
2016-06-29 15:12:21 +02:00
Thibault Dewailly
bb9b467bf2
Merge pull request #24 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
...
* commit '39950ab163b5e45d6271194a2e81a8dedb31aa3d':
Debian package revision bump 1.0-10
2016-05-18 09:44:02 +02:00
Kevin Tanguy
39950ab163
Debian package revision bump 1.0-10
2016-05-18 09:06:14 +02:00
Thibault Dewailly
f9889434e4
Merge pull request #5 from jeremydenoun/fix-echo
...
Script output should be usefull with pipe or redirection
2016-05-17 13:28:37 +02:00
jeremydenoun
c278e7b1ec
Remove test on _logger() function
...
the original line contain test that can hide echo if we launch script with pipe or IO redirection
2016-05-14 20:39:32 +02:00
Thibault Dewailly
d133d2ff3b
Merge pull request #23 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
...
* commit '84a5d0e0d8270b68e2c534c38b0ef34f62754a31':
Debian package revision bump 1.0-9
2016-05-03 13:24:15 +02:00
Kevin Tanguy
84a5d0e0d8
Debian package revision bump 1.0-9
2016-05-03 12:34:12 +02:00
Kevin Tanguy
4d6a5e7a60
Merge pull request #22 in IAAS/cis-hardening from dev/thibault.dewailly/fix to master
...
* commit '1bb8c5b387673e2c069a41ca4fc793b1d4c0869b':
Fixed replace in file function with proper substitution
tripwire : fixed typo on postinstall helper
fix 99.1 Apply TMOUT Variable
2016-05-03 11:27:39 +02:00
thibault.dewailly
1bb8c5b387
Fixed replace in file function with proper substitution
2016-05-03 11:25:37 +02:00
thibault.dewailly
3b9718239d
tripwire : fixed typo on postinstall helper
2016-05-02 11:11:07 +02:00
thibault.dewailly
59e3008b4c
fix 99.1 Apply TMOUT Variable
2016-05-02 10:45:32 +02:00
Thibault Dewailly
b80db095f3
Merge pull request #20 in IAAS/cis-hardening from dev/kevin.tanguy/rephrasingAllOver to master
...
* commit '8bbac84f7b0023cbcf9150cc18023ba5a219501c':
debian dependencies fix, rephrasing, revision bump 1.0-8.
2016-04-26 14:57:54 +02:00
kevin.tanguy
8bbac84f7b
debian dependencies fix, rephrasing, revision bump 1.0-8.
2016-04-26 14:02:17 +02:00
Thibault Dewailly
c6c58fd1b7
Merge pull request #19 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
...
* commit '0927c1db92534eddcc4612829e61dbb1c8b82e17':
Debian package revision bump 1.0-7
2016-04-25 09:21:10 +02:00
Kevin Tanguy
0927c1db92
Debian package revision bump 1.0-7
2016-04-25 09:19:46 +02:00
Thibault Dewailly
7b73604461
Merge pull request #18 in IAAS/cis-hardening from dev/thibault.dewailly/fix6.15 to master
...
* commit 'c1a45d1df172e0f3c715759b3dd71873fd58559d':
Fixed 6.15 netstat analysis
2016-04-25 08:41:43 +02:00
thibault.dewailly
c1a45d1df1
Fixed 6.15 netstat analysis
2016-04-22 17:23:21 +02:00