dee0ebc821
IMP(shellcheck): quote variables
2020-12-10 09:50:33 +01:00
b9e129d8fe
IMP(shellcheck): disable sed replacement (SC2001)
...
Shellcheck recommands to replace sed by shell expansions in 'simple' cases.
However, the replacement here is likely to lead to erros, so we disable this rule.
Moreover, it does'nt really add readability.
2020-12-10 08:34:57 +01:00
36528b55e0
IMP(shellcheck): replace deprecated egrep (SC2196)
2020-12-10 08:20:26 +01:00
1c56bd9930
IMP(shellcheck): remove $() in if condition (SC2091)
2020-12-10 08:16:23 +01:00
b09b75a51e
IMP(shellcheck): quote variables (SC2086)
2020-12-07 17:11:32 +01:00
6826f377e6
IMP(shellcheck): quote variables (SC2086)
2020-12-07 16:49:11 +01:00
e2f7426664
IMP(shellcheck): quoting variables
2020-12-07 15:53:14 +01:00
ac66cdacd0
IMP(shellcheck): fix quote placement in awk (SC1083)
2020-12-07 15:01:22 +01:00
8012234096
IMP(shellcheck): fix harmless warnings
2020-12-07 14:53:10 +01:00
63835dd10c
IMP(shellcheck): add curly bracket to var (SC1087)
2020-12-07 13:54:57 +01:00
ef800954f4
IMP(shellcheck): refactor continue (SC2104)
2020-12-07 13:32:14 +01:00
addd48c4dd
IMP(shellcheck): add prefix to follow scripts (SC1090)
2020-12-07 13:26:51 +01:00
72bb3e2b84
IMP(shellcheck): replace -a in condition by && (SC2166)
2020-12-04 15:29:19 +01:00
d371b8d057
IMP(shellcheck): replace ! -z by -n (SC2236)
2020-12-04 15:14:18 +01:00
eaf56ca25e
IMP(shellcheck): quote variables (SC2086)
2020-12-04 15:04:22 +01:00
3a342b784a
IMP(shfmt): add shell formatter
2020-12-04 14:08:01 +01:00
dba1dae963
IMP(shellcheck): quoting harmless variables (SC2086)
2020-11-27 09:29:11 +01:00
c17d04ecc2
IMP(shellcheck): comply with shellcheck rules
...
I added shellcheck prefixes to fix:
* SC1091 (following sourced files)
* SC2034 (unused variables)
2020-11-27 09:18:00 +01:00
cccc0881e9
IMP(shellcheck): add run-shellcheck prefix
2020-11-23 17:10:37 +01:00
f4e0aafacc
IMP(5.2.3): fix possible permissions for 5.2.3
2020-11-30 14:27:20 +01:00
d40a85085d
FIX: fix issue, we had to run audit twice
...
First one as root to create conf files with good owner and permissions, and then with secaudit.
Now first run with --create-config-files-only and the normally with --audit.
2020-11-20 10:05:14 +01:00
467e5f178c
fixup! IMP(4.5): rename to 1.6.1.2 improve test
2020-11-17 13:02:02 +01:00
d244a2e810
fixup! IMP(4.5): rename to 1.6.1.2 improve test
2020-11-17 12:56:10 +01:00
d640a467e2
fixup! IMP(4.1.x): add tests for each checks
2020-11-16 16:54:51 +01:00
7b8cca20d6
FIX(4.1.1.2): fix auditd apply
2020-11-09 11:48:48 +01:00
a6de243808
Rename 6.1.2,6.1.3,6.1.4 to be CIS9 compliant
2020-11-09 09:00:34 +01:00
ffd5b28840
FIX: fix apt autoremove to be non interactive
...
modified: bin/hardening/2.2.10_disable_http_server.sh
modified: bin/hardening/2.2.11_disable_imap_pop.sh
modified: bin/hardening/2.2.12_disable_samba.sh
modified: bin/hardening/2.2.14_disable_snmp_server.sh
modified: bin/hardening/2.2.2_disable_xwindow_system.sh
modified: bin/hardening/2.2.3_disable_avahi_server.sh
modified: bin/hardening/2.2.4_disable_print_server.sh
modified: bin/hardening/2.2.5_disable_dhcp.sh
modified: bin/hardening/2.2.6_disable_ldap.sh
modified: bin/hardening/2.2.7_disable_nfs_rpc.sh
modified: bin/hardening/2.2.8_disable_dns_server.sh
modified: bin/hardening/2.2.9_disable_ftp.sh
modified: bin/hardening/2.3.1_disable_nis.sh
modified: bin/hardening/2.3.2_disable_rsh_client.sh
modified: bin/hardening/2.3.3_disable_talk_client.sh
modified: bin/hardening/2.3.4_telnet_client_not_installed.sh
modified: bin/hardening/2.3.5_ldap_client_not_installed.sh
2020-11-06 14:51:26 +01:00
ce1e87b1a3
IMP(4.5): rename to 1.6.1.2 improve test
2020-11-06 11:09:22 +01:00
ee4b2417c2
IMP(4.1.x): add tests for each checks
2020-11-02 15:47:27 +01:00
17e43753b9
IMP(5.4.1.1-3): add tests and rename some variables
2020-10-30 09:39:42 +01:00
9aac4c3504
IMP(5.3.4): improve check
2020-10-29 16:47:34 +01:00
8af91dd6a8
IMP(5.3.1,5.3.2): add tests and upgrade PAM conf
2020-10-29 16:45:15 +01:00
feefee28e4
IMP(5.3.1): add test and config function for check
2020-10-29 15:35:56 +01:00
774af39a34
IMP(5.2.x): add tests and default_config
...
I added tests from 5.2.4 to 5.2.19 and default_config files in the
checks. This checks concern sshd conf (ciphers, mac, rootlogin, ...)
modifié : bin/hardening/5.2.4_sshd_protocol.sh
modifié : bin/hardening/5.2.6_disable_x11_forwarding.sh
modifié : bin/hardening/5.2.7_sshd_maxauthtries.sh
modifié : bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh
modifié : bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
modifié : bin/hardening/5.2.10_disable_root_login.sh
modifié : bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
modifié : bin/hardening/5.2.12_disable_sshd_setenv.sh
modifié : bin/hardening/5.2.13_sshd_ciphers.sh
modifié : bin/hardening/5.2.16_sshd_idle_timeout.sh
modifié : bin/hardening/5.2.17_sshd_login_grace_time.sh
modifié : tests/hardening/5.2.4_sshd_protocol.sh
modifié : tests/hardening/5.2.5_sshd_loglevel.sh
modifié : tests/hardening/5.2.6_disable_x11_forwarding.sh
modifié : tests/hardening/5.2.7_sshd_maxauthtries.sh
modifié : tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh
modifié : tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh
modifié : tests/hardening/5.2.10_disable_root_login.sh
modifié : tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh
modifié : tests/hardening/5.2.12_disable_sshd_setenv.sh
modifié : tests/hardening/5.2.13_sshd_ciphers.sh
modifié : tests/hardening/5.2.16_sshd_idle_timeout.sh
modifié : tests/hardening/5.2.17_sshd_login_grace_time.sh
modifié : tests/hardening/5.2.18_sshd_limit_access.sh
modifié : tests/hardening/5.2.19_ssh_banner.sh
2020-10-29 11:18:31 +01:00
fbd26ceefa
Fix race condition on /etc/passwd, /etc/shadow and /etc/group
2020-11-16 14:09:12 +01:00
501ce8c651
IMP(5.2.3): 640 permission is now ok for the check
2020-11-16 14:08:42 +01:00
829ee8631f
Revert to previous check (8.2.4 in old num)
2020-11-16 14:06:39 +01:00
3c7a03445c
FIX(3.1.1): fix unbound variable issue
2020-11-12 10:15:41 +01:00
03c8e25ff3
FIX(99.5.4): fix test (permission denied on authorized_keys)
2020-11-05 15:05:12 +01:00
a7afb1099a
IMP(6.2.8): fix bug where /sbin/nologin was considered as a valid shell
2020-11-05 11:25:52 +01:00
6aae84f4b2
FIX(2.3.18): Re-add telnet server check
...
Renaming for 2.3.4 anbd 2.3.5 to have naming consistency.
nouveau fichier : bin/hardening/2.2.18_disable_telnet_server.sh
renommé : bin/hardening/2.3.4_telnet_client_not_installed.sh -> bin/hardening/2.3.4_disable_telnet_client.sh
renommé : bin/hardening/2.3.5_ldap_client_not_installed.sh -> bin/hardening/2.3.5_disable_ldap_client.sh
renommé : tests/hardening/2.3.4_telnet_client_not_installed.sh -> tests/hardening/2.2.18_disable_telnet_server.sh
renommé : tests/hardening/2.3.5_ldap_client_not_installed.sh -> tests/hardening/2.3.4_disable_telnet_client.sh
nouveau fichier : tests/hardening/2.3.5_disable_ldap_client.sh
2020-11-03 09:38:13 +01:00
668dc80bb8
FIX(3.1.1,3.2.1,3.2.2): don't check for IPv6 options if IPv6 is disabled
2020-11-02 17:16:11 +01:00
c2090b74b3
FIX(2.2.12): smbd enabling check was wrong
2020-11-02 16:53:04 +01:00
26c119c4a1
ADD(3.2.7): add check mysteriously deleted during renaming
2020-10-30 16:09:25 +01:00
aff5d708e8
ADD(3.2.6): add check mysteriously deleted during renaming
2020-10-30 16:09:21 +01:00
b266982a3c
ADD(6.2.7): add check mysteriously deleted during renaming
2020-10-30 16:01:18 +01:00
a0b025deac
Fix final printf command
...
The final printf bugs on non US system.
A fix is to truncate the percentage to 2 decimals with bc and not with
printf.
modifié : bin/hardening.sh
2020-10-30 14:56:27 +01:00
ccef85ebe3
IMP(4.2.4): use functions in utils
2020-10-30 14:49:16 +01:00
258da6b4a1
CLEAN(4.2.2): delete 4.2.2, duplicate with 4.2.3
2020-10-30 14:40:48 +01:00
9eb6bac993
FIX(6.2.9): fix EXCEPTIONS unbound variable error
2020-10-28 15:04:41 +01:00