Commit Graph

235 Commits

Author SHA1 Message Date
dee0ebc821 IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
b9e129d8fe IMP(shellcheck): disable sed replacement (SC2001)
Shellcheck recommands to replace sed by shell expansions in 'simple' cases.
However, the replacement here is likely to lead to erros, so we disable this rule.
Moreover, it does'nt really add readability.
2020-12-10 08:34:57 +01:00
36528b55e0 IMP(shellcheck): replace deprecated egrep (SC2196) 2020-12-10 08:20:26 +01:00
1c56bd9930 IMP(shellcheck): remove $() in if condition (SC2091) 2020-12-10 08:16:23 +01:00
b09b75a51e IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
6826f377e6 IMP(shellcheck): quote variables (SC2086) 2020-12-07 16:49:11 +01:00
e2f7426664 IMP(shellcheck): quoting variables 2020-12-07 15:53:14 +01:00
ac66cdacd0 IMP(shellcheck): fix quote placement in awk (SC1083) 2020-12-07 15:01:22 +01:00
8012234096 IMP(shellcheck): fix harmless warnings 2020-12-07 14:53:10 +01:00
63835dd10c IMP(shellcheck): add curly bracket to var (SC1087) 2020-12-07 13:54:57 +01:00
ef800954f4 IMP(shellcheck): refactor continue (SC2104) 2020-12-07 13:32:14 +01:00
addd48c4dd IMP(shellcheck): add prefix to follow scripts (SC1090) 2020-12-07 13:26:51 +01:00
72bb3e2b84 IMP(shellcheck): replace -a in condition by && (SC2166) 2020-12-04 15:29:19 +01:00
d371b8d057 IMP(shellcheck): replace ! -z by -n (SC2236) 2020-12-04 15:14:18 +01:00
eaf56ca25e IMP(shellcheck): quote variables (SC2086) 2020-12-04 15:04:22 +01:00
3a342b784a IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
dba1dae963 IMP(shellcheck): quoting harmless variables (SC2086) 2020-11-27 09:29:11 +01:00
c17d04ecc2 IMP(shellcheck): comply with shellcheck rules
I added shellcheck prefixes to fix:
 * SC1091 (following sourced files)
 * SC2034 (unused variables)
2020-11-27 09:18:00 +01:00
cccc0881e9 IMP(shellcheck): add run-shellcheck prefix 2020-11-23 17:10:37 +01:00
f4e0aafacc IMP(5.2.3): fix possible permissions for 5.2.3 2020-11-30 14:27:20 +01:00
d40a85085d FIX: fix issue, we had to run audit twice
First one as root to create conf files with good owner and permissions, and then with secaudit.
Now first run with --create-config-files-only and the normally with --audit.
2020-11-20 10:05:14 +01:00
467e5f178c fixup! IMP(4.5): rename to 1.6.1.2 improve test 2020-11-17 13:02:02 +01:00
d244a2e810 fixup! IMP(4.5): rename to 1.6.1.2 improve test 2020-11-17 12:56:10 +01:00
d640a467e2 fixup! IMP(4.1.x): add tests for each checks 2020-11-16 16:54:51 +01:00
7b8cca20d6 FIX(4.1.1.2): fix auditd apply 2020-11-09 11:48:48 +01:00
a6de243808 Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant 2020-11-09 09:00:34 +01:00
ffd5b28840 FIX: fix apt autoremove to be non interactive
modified:   bin/hardening/2.2.10_disable_http_server.sh
	modified:   bin/hardening/2.2.11_disable_imap_pop.sh
	modified:   bin/hardening/2.2.12_disable_samba.sh
	modified:   bin/hardening/2.2.14_disable_snmp_server.sh
	modified:   bin/hardening/2.2.2_disable_xwindow_system.sh
	modified:   bin/hardening/2.2.3_disable_avahi_server.sh
	modified:   bin/hardening/2.2.4_disable_print_server.sh
	modified:   bin/hardening/2.2.5_disable_dhcp.sh
	modified:   bin/hardening/2.2.6_disable_ldap.sh
	modified:   bin/hardening/2.2.7_disable_nfs_rpc.sh
	modified:   bin/hardening/2.2.8_disable_dns_server.sh
	modified:   bin/hardening/2.2.9_disable_ftp.sh
	modified:   bin/hardening/2.3.1_disable_nis.sh
	modified:   bin/hardening/2.3.2_disable_rsh_client.sh
	modified:   bin/hardening/2.3.3_disable_talk_client.sh
	modified:   bin/hardening/2.3.4_telnet_client_not_installed.sh
	modified:   bin/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 14:51:26 +01:00
ce1e87b1a3 IMP(4.5): rename to 1.6.1.2 improve test 2020-11-06 11:09:22 +01:00
ee4b2417c2 IMP(4.1.x): add tests for each checks 2020-11-02 15:47:27 +01:00
17e43753b9 IMP(5.4.1.1-3): add tests and rename some variables 2020-10-30 09:39:42 +01:00
9aac4c3504 IMP(5.3.4): improve check 2020-10-29 16:47:34 +01:00
8af91dd6a8 IMP(5.3.1,5.3.2): add tests and upgrade PAM conf 2020-10-29 16:45:15 +01:00
feefee28e4 IMP(5.3.1): add test and config function for check 2020-10-29 15:35:56 +01:00
774af39a34 IMP(5.2.x): add tests and default_config
I added tests from 5.2.4 to 5.2.19 and default_config files in the
checks. This checks concern sshd conf (ciphers, mac, rootlogin, ...)

	modifié :         bin/hardening/5.2.4_sshd_protocol.sh
	modifié :         bin/hardening/5.2.6_disable_x11_forwarding.sh
	modifié :         bin/hardening/5.2.7_sshd_maxauthtries.sh
	modifié :         bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	modifié :         bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	modifié :         bin/hardening/5.2.10_disable_root_login.sh
	modifié :         bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	modifié :         bin/hardening/5.2.12_disable_sshd_setenv.sh
	modifié :         bin/hardening/5.2.13_sshd_ciphers.sh
	modifié :         bin/hardening/5.2.16_sshd_idle_timeout.sh
	modifié :         bin/hardening/5.2.17_sshd_login_grace_time.sh
	modifié :         tests/hardening/5.2.4_sshd_protocol.sh
	modifié :         tests/hardening/5.2.5_sshd_loglevel.sh
	modifié :         tests/hardening/5.2.6_disable_x11_forwarding.sh
	modifié :         tests/hardening/5.2.7_sshd_maxauthtries.sh
	modifié :         tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
	modifié :         tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
	modifié :         tests/hardening/5.2.10_disable_root_login.sh
	modifié :         tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
	modifié :         tests/hardening/5.2.12_disable_sshd_setenv.sh
	modifié :         tests/hardening/5.2.13_sshd_ciphers.sh
	modifié :         tests/hardening/5.2.16_sshd_idle_timeout.sh
	modifié :         tests/hardening/5.2.17_sshd_login_grace_time.sh
	modifié :         tests/hardening/5.2.18_sshd_limit_access.sh
	modifié :         tests/hardening/5.2.19_ssh_banner.sh
2020-10-29 11:18:31 +01:00
fbd26ceefa Fix race condition on /etc/passwd, /etc/shadow and /etc/group 2020-11-16 14:09:12 +01:00
501ce8c651 IMP(5.2.3): 640 permission is now ok for the check 2020-11-16 14:08:42 +01:00
829ee8631f Revert to previous check (8.2.4 in old num) 2020-11-16 14:06:39 +01:00
3c7a03445c FIX(3.1.1): fix unbound variable issue 2020-11-12 10:15:41 +01:00
03c8e25ff3 FIX(99.5.4): fix test (permission denied on authorized_keys) 2020-11-05 15:05:12 +01:00
a7afb1099a IMP(6.2.8): fix bug where /sbin/nologin was considered as a valid shell 2020-11-05 11:25:52 +01:00
6aae84f4b2 FIX(2.3.18): Re-add telnet server check
Renaming for 2.3.4 anbd 2.3.5 to have naming consistency.

	nouveau fichier : bin/hardening/2.2.18_disable_telnet_server.sh
	renommé :         bin/hardening/2.3.4_telnet_client_not_installed.sh -> bin/hardening/2.3.4_disable_telnet_client.sh
	renommé :         bin/hardening/2.3.5_ldap_client_not_installed.sh -> bin/hardening/2.3.5_disable_ldap_client.sh
	renommé :         tests/hardening/2.3.4_telnet_client_not_installed.sh -> tests/hardening/2.2.18_disable_telnet_server.sh
	renommé :         tests/hardening/2.3.5_ldap_client_not_installed.sh -> tests/hardening/2.3.4_disable_telnet_client.sh
	nouveau fichier : tests/hardening/2.3.5_disable_ldap_client.sh
2020-11-03 09:38:13 +01:00
668dc80bb8 FIX(3.1.1,3.2.1,3.2.2): don't check for IPv6 options if IPv6 is disabled 2020-11-02 17:16:11 +01:00
c2090b74b3 FIX(2.2.12): smbd enabling check was wrong 2020-11-02 16:53:04 +01:00
26c119c4a1 ADD(3.2.7): add check mysteriously deleted during renaming 2020-10-30 16:09:25 +01:00
aff5d708e8 ADD(3.2.6): add check mysteriously deleted during renaming 2020-10-30 16:09:21 +01:00
b266982a3c ADD(6.2.7): add check mysteriously deleted during renaming 2020-10-30 16:01:18 +01:00
a0b025deac Fix final printf command
The final printf bugs on non US system.
A fix is to truncate the percentage to 2 decimals with bc and not with
printf.
	modifié :         bin/hardening.sh
2020-10-30 14:56:27 +01:00
ccef85ebe3 IMP(4.2.4): use functions in utils 2020-10-30 14:49:16 +01:00
258da6b4a1 CLEAN(4.2.2): delete 4.2.2, duplicate with 4.2.3 2020-10-30 14:40:48 +01:00
9eb6bac993 FIX(6.2.9): fix EXCEPTIONS unbound variable error 2020-10-28 15:04:41 +01:00