Commit Graph

148 Commits

Author SHA1 Message Date
Charles Herlin
d60922ab9d Redirect stderr to avoid printing "no such file" error 2018-03-19 18:06:47 +01:00
Charles Herlin
39246bc175 resolve #SOC-30 Also check /etc/security/limits.d/ for core dump limit 2018-03-15 09:50:05 +01:00
Charles Herlin
47857774b4 Fix SOC-28, add test if file exist, if not issue error 2018-03-14 14:04:02 +01:00
Charles Herlin
b41df080cf Add sudo management in main and utils
* perform readonly checks as a regular user
    * sudo -n is used for checks requiring root privileges
    * increase accountability by providing log of individual access to sensitive files
2018-03-13 10:38:25 +01:00
Julien Delayen
b5a952e0f0 changelog: Update to 1.1-1
- Add hardening templating and several enhancements
- CIS_ROOT_DIR management
- Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
- Debian packaging clean up

Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2018-02-02 11:54:10 +01:00
Julien Delayen
b0141494a9 debian: Remove useless {shlibs:Depends}
This fixes the following issue:

Depends field of package cis-hardening:
unknown substitution variable ${shlibs:Depends}

Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:51:45 +01:00
Julien Delayen
f21259c79d debian: Fix lintian warning
The following error is highlighted by lintian:
depends-on-essential-package-without-using-version: bash

bash is always present and does not need to be specified
in debian/control.

See: https://lintian.debian.org/tags/depends-on-essential-package-without-using-version.html

Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:51:45 +01:00
Julien Delayen
fe167d29c7 debian: Remove auto-generated files from conffiles
The policy for configuration files having changed,
the files are not present in the package anymore.
Remove them from debian/conffiles.

Signed-off-by: Julien Delayen <julien.delayen@corp.ovh.com>
2017-12-14 14:51:30 +01:00
Thibault Dewailly
321063fe7c Merge pull request #31 in IAAS/cis-hardening from dev/cherlin/update-cis-scripts to master
* commit 'f97fbb47f701fd81a6dcdabb1d2e961943386eb5':
  Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers
2017-12-05 11:38:15 +01:00
Thibault Dewailly
73c640f4d1 Merge pull request #28 in IAAS/cis-hardening from dev/cherlin/cis-root-dir-in-env to master
* commit '5b11b1628a690e0bbd9d34cd5b83dbe74ac6fba7':
  Expand tabs to 4 spaces and trim trailing spaces
  Remove unnecessary CIS_ROOT_DIR empty assignation
  Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management
  Changing CIS_ROOT_DIR management in env in bin/hardening.sh
  Change src/skel to allow setting CIS_ROOT_DIR in env and not just sourcing /etc/default/cis-hardening. Making the whole lib more versatile.
2017-12-05 11:32:45 +01:00
Charles Herlin
5b11b1628a Expand tabs to 4 spaces and trim trailing spaces 2017-11-17 15:13:27 +01:00
Charles Herlin
f97fbb47f7 Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers 2017-11-10 14:48:51 +01:00
Charles Herlin
725aaa39e5 Remove unnecessary CIS_ROOT_DIR empty assignation 2017-10-25 17:44:56 +02:00
Charles Herlin
cbfd04272b Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management 2017-10-25 14:50:39 +02:00
Charles Herlin
c70d6120f8 Changing CIS_ROOT_DIR management in env in bin/hardening.sh 2017-10-25 14:48:54 +02:00
Charles Herlin
d1cbe7526c Change src/skel to allow setting CIS_ROOT_DIR in env and not just sourcing /etc/default/cis-hardening. Making the whole lib more versatile. 2017-10-23 14:50:11 +02:00
Thibault Dewailly
b6aba4cc88 Merge pull request #12 from speed47/dev/enhancements
Hardening Classification
subs enhancements as well as bug fixes
2017-09-28 13:22:59 +02:00
Kevin Tanguy
a352c8cd2e Merge pull request #27 in IAAS/cis-hardening from dev/thibault.dewailly/fixwildcards to master
* commit 'a4dc5bdaf5ec7f4d1c49533608b279d7101e23cd':
  No more wildcards in file list to be more resilient
2017-06-15 10:43:31 +02:00
Stéphane Lesimple
dfaf4c2093 add hardening templating and several enhancements 2017-06-13 18:30:29 +02:00
thibault.dewailly
a4dc5bdaf5 No more wildcards in file list to be more resilient 2017-06-13 15:36:06 +02:00
Thibault Dewailly
02f643f390 Merge pull request #26 in IAAS/cis-hardening from dev/kevin.tanguy/packagebump to master
* commit '11ab51679bcb5cac893a190d1db22aebdc56ece0':
  Debian package revision bump 1.0-11
2017-06-08 09:41:43 +02:00
kevin.tanguy
11ab51679b Debian package revision bump 1.0-11 2017-06-06 09:38:02 +02:00
Thibault Dewailly
78569b5583 Merge pull request #11 from speed47/dev/fix_does_pattern_exist_in_file
handle ENOENT properly in does_pattern_exist_in_file()
2017-05-19 18:30:21 +02:00
Thibault Dewailly
4fcdf32dec Merge pull request #10 from speed47/dev/beautifyprint
set a fixed-size prefix for logger
2017-05-19 17:20:47 +02:00
Stéphane Lesimple
f94dff5f3f handle ENOENT properly in does_pattern_exist_in_file\(\) 2017-05-18 18:31:24 +02:00
Stéphane Lesimple
70811c258d set a fixed-size prefix for logger 2017-05-18 18:27:02 +02:00
Thibault Dewailly
438b047d0e Merge pull request #9 from Joorem/10.1.3-fix-option-name
[10.1.3] set the good value for $OPTIONS
2017-05-04 09:28:42 +02:00
Jérôme Le Gal
4c2107cbea [10.1.3] set the good value for $OPTIONS 2017-05-03 23:08:48 +02:00
Kevin Tanguy
425683f7f4 Merge pull request #25 in IAAS/cis-hardening from dev/thibault.dewailly/fixShadowParsing to master
* commit '0f11b08ffb593285f745e3e249f3aaf83a6f5362':
  [Debian 8] Fixed comments for debian 8 compliance
  [10.2] Fixed result parsing in case of spaces in passwd list
2017-03-14 16:19:33 +01:00
thibault.dewailly
0f11b08ffb [Debian 8] Fixed comments for debian 8 compliance 2017-03-14 15:42:08 +01:00
thibault.dewailly
717a794e45 [10.2] Fixed result parsing in case of spaces in passwd list 2017-03-10 17:26:55 +01:00
thibault.dewailly
d630c87541 Merge branch 'master' of github.com:ovh/debian-cis 2016-07-04 11:45:41 +02:00
Thibault Dewailly
370c97efab Merge pull request #7 from MatthieuDestrez/fixPermitEmptyPassword
fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh, was …
2016-07-04 11:44:40 +02:00
Matthieu Destrez
1e47226bd4
fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh, was PermitRootLogin instead of PermitEmptyPassword 2016-06-29 15:12:21 +02:00
Thibault Dewailly
bb9b467bf2 Merge pull request #24 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
* commit '39950ab163b5e45d6271194a2e81a8dedb31aa3d':
  Debian package revision bump 1.0-10
2016-05-18 09:44:02 +02:00
Kevin Tanguy
39950ab163 Debian package revision bump 1.0-10 2016-05-18 09:06:14 +02:00
Thibault Dewailly
f9889434e4 Merge pull request #5 from jeremydenoun/fix-echo
Script output should be usefull with pipe or redirection
2016-05-17 13:28:37 +02:00
jeremydenoun
c278e7b1ec Remove test on _logger() function
the original line contain test that can hide echo if we launch script with pipe or IO redirection
2016-05-14 20:39:32 +02:00
Thibault Dewailly
d133d2ff3b Merge pull request #23 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
* commit '84a5d0e0d8270b68e2c534c38b0ef34f62754a31':
  Debian package revision bump 1.0-9
2016-05-03 13:24:15 +02:00
Kevin Tanguy
84a5d0e0d8 Debian package revision bump 1.0-9 2016-05-03 12:34:12 +02:00
Kevin Tanguy
4d6a5e7a60 Merge pull request #22 in IAAS/cis-hardening from dev/thibault.dewailly/fix to master
* commit '1bb8c5b387673e2c069a41ca4fc793b1d4c0869b':
  Fixed replace in file function with proper substitution
  tripwire : fixed typo on postinstall helper
  fix 99.1 Apply TMOUT Variable
2016-05-03 11:27:39 +02:00
thibault.dewailly
1bb8c5b387 Fixed replace in file function with proper substitution 2016-05-03 11:25:37 +02:00
thibault.dewailly
3b9718239d tripwire : fixed typo on postinstall helper 2016-05-02 11:11:07 +02:00
thibault.dewailly
59e3008b4c fix 99.1 Apply TMOUT Variable 2016-05-02 10:45:32 +02:00
Thibault Dewailly
b80db095f3 Merge pull request #20 in IAAS/cis-hardening from dev/kevin.tanguy/rephrasingAllOver to master
* commit '8bbac84f7b0023cbcf9150cc18023ba5a219501c':
  debian dependencies fix, rephrasing, revision bump 1.0-8.
2016-04-26 14:57:54 +02:00
kevin.tanguy
8bbac84f7b debian dependencies fix, rephrasing, revision bump 1.0-8. 2016-04-26 14:02:17 +02:00
Thibault Dewailly
c6c58fd1b7 Merge pull request #19 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master
* commit '0927c1db92534eddcc4612829e61dbb1c8b82e17':
  Debian package revision bump 1.0-7
2016-04-25 09:21:10 +02:00
Kevin Tanguy
0927c1db92 Debian package revision bump 1.0-7 2016-04-25 09:19:46 +02:00
Thibault Dewailly
7b73604461 Merge pull request #18 in IAAS/cis-hardening from dev/thibault.dewailly/fix6.15 to master
* commit 'c1a45d1df172e0f3c715759b3dd71873fd58559d':
  Fixed 6.15 netstat analysis
2016-04-25 08:41:43 +02:00
thibault.dewailly
c1a45d1df1 Fixed 6.15 netstat analysis 2016-04-22 17:23:21 +02:00