elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
544 Commits 4 Branches 39 Tags 2.2 MiB
fb4df82fc4
Commit Graph

13 Commits

Author SHA1 Message Date
Stéphane Lesimple
de295b3a77
Adapt all scripts to yescrypt (#216) 
* Revert "fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215)"

This reverts commit 670c8c62f5.

We still want to verify the preexisting hashes in /etc/shadow,
even if the PAM configuration is correct for new passwords (5.3.4).

* Adapt 5.3.4, 99.5.4.5.1 and 99.5.4.5.2 to yescrypt
 2023-11-21 17:43:31 +01:00
P-EB
32886d3a3d
Replace CIS_ROOT_DIR by a more flexible system (#204) 
* Replace CIS_ROOT_DIR by a more flexible system

* Try to adapt the logic change to the functional tests
 2023-09-25 14:24:01 +02:00
GoldenKiwi
04457e7df2
feat: official Debian 11 compatibility (#176) 
Introduce Debian 11 compatibility
Based on CIS_Debian_Linux_11_Benchmark_v1.0.0

After review, here are the notable changes :
 - Harden /var/log more (noexec,nodev,nosuid)
 - Harden /var/log/audit more (noexec,nodev,nosuid)
 - Harden /home more (nosuid)
 - Disable cramfs
 - Fix 5.3.4_acc_pam_sha512.sh
 - Deprecate Debian 9 and remove useless docker images

NB : more audit log rules have been introduced and will be inserted in the checks later
Fix #158
 2023-05-02 14:16:19 +02:00
Thibault Ayanides
87e242a42d Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
Thibault Ayanides
7f990b5e53 Add new checks (blank for now) 2020-12-22 14:42:45 +01:00
Thibault Ayanides
dee0ebc821 IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
Thibault Ayanides
b9e129d8fe IMP(shellcheck): disable sed replacement (SC2001) 
Shellcheck recommands to replace sed by shell expansions in 'simple' cases.
However, the replacement here is likely to lead to erros, so we disable this rule.
Moreover, it does'nt really add readability.
 2020-12-10 08:34:57 +01:00
Thibault Ayanides
3a342b784a IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
Thibault Ayanides
dba1dae963 IMP(shellcheck): quoting harmless variables (SC2086) 2020-11-27 09:29:11 +01:00
Thibault Ayanides
c17d04ecc2 IMP(shellcheck): comply with shellcheck rules 
I added shellcheck prefixes to fix:
 * SC1091 (following sourced files)
 * SC2034 (unused variables)
 2020-11-27 09:18:00 +01:00
Thibault Ayanides
cccc0881e9 IMP(shellcheck): add run-shellcheck prefix 2020-11-23 17:10:37 +01:00
Thibault Ayanides
9aac4c3504 IMP(5.3.4): improve check 2020-10-29 16:47:34 +01:00
Charles Herlin
80b97940fa Renumbering custom 99.* scripts as newcomers to CIS benchmark 
renamed:    bin/hardening/99.4_net_fw_default_policy_drop.sh -> bin/hardening/3.5.1.1_net_fw_default_policy_drop.sh
	renamed:    bin/hardening/99.3.3_acc_pam_sha512.sh -> bin/hardening/5.3.4_acc_pam_sha512.sh
	renamed:    tests/hardening/99.4_net_fw_default_policy_drop.sh -> tests/hardening/3.5.1.1_net_fw_default_policy_drop.sh
	renamed:    tests/hardening/99.3.3_acc_pam_sha512.sh -> tests/hardening/5.3.4_acc_pam_sha512.sh
 2019-10-18 17:26:31 +02:00