elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-21 13:07:01 +01:00
Code Issues Packages Projects Releases Wiki Activity
458 Commits 4 Branches 39 Tags 2.2 MiB
fc8a2b2561
Commit Graph

458 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thibault Ayanides
fc8a2b2561
FIX: add commands to sudoers (#91) 2021-04-27 13:31:59 +02:00
Thibault Ayanides
cadc25c28c
Dir exceptions (#96) 
* IMP(1.1.21): add EXCEPTIONS
* IMP(6.1.10): add EXCEPTIONS
 2021-04-26 17:05:22 +02:00
Thibault Ayanides
8c6c9a7571 IMP(tests): checks that stderr is empty 
Fix #97
 2021-04-26 17:01:19 +02:00
Thibault Ayanides
dd41988933 Update changelog 2021-04-13 11:00:29 +02:00
Thibault Ayanides
f6c6e6a0a8 FIX(4.1.11): add SUDO to find suid files 2021-04-13 11:00:29 +02:00
Thibault Ayanides
d26ad48416 Update changelog 2021-04-02 09:25:41 +02:00
Thibault Ayanides
d110a2aa19 Ignore case for sshd conf 
fix #85
 2021-04-02 09:25:41 +02:00
Thibault Ayanides
cbd81b8ab2
Update changelog (#82) 2021-03-26 12:16:50 +01:00
Thibault Ayanides
1c51e4cec4
Check that package are installed before launching check (#69) 
* FIX(1.6.1,1.7.1.x): check if apparmor and grub is installed

* FIX(2.2.15): check package install

* FIX(4.2.x): check package install

* FIX(5.1.x): check crontab files exist

* FIX(5.2.1): check package install

* FIX(99.3.3.x): check conf file exist

* Remove useless SUDO_CMD

* Deal with non existant /run/shm

* Replace exit code 128 by exit code 2

fix #65

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
 2021-03-25 14:01:57 +01:00
Thibault Ayanides
f8ac58700d
FIX(4.1.1.4): bad pattern (#67) 
fix #61
 2021-03-25 13:50:08 +01:00
Thibault Ayanides
1c1393c7e3
Fix div function to manage 0 on numerator (#79) 
fix #77

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
 2021-03-23 08:36:36 +01:00
Thibault Ayanides
c50f200c5c FIX(5.4.5.2): explicit sha512 
fix #74
 2021-03-22 15:22:50 +01:00
Simão Gomes Viana
c0ecc9cd6f README: fix spelling and spacing in first line 2021-03-19 08:36:31 +01:00
Thibault Ayanides
fb5be208ef Update changelog 2021-03-15 08:25:26 +01:00
jeremydenoun
b44fb47c3a
add log details to be more comprehensive (#49) 
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
 2021-02-17 12:04:11 +01:00
jeremydenoun
84ac4db90f
fix incorrect path from ls (#45) 
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
 2021-02-17 12:00:13 +01:00
Thibault Ayanides
40fb536d4e
Add missing HARDENING_LEVEL (#44) 
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
 2021-02-17 11:51:51 +01:00
Thibault Ayanides
d1b371f410
Add is_ipv6_disabled (#57) 
Modify some checks to make it pass when ipv6 is diabled

fix #50

	modified:   bin/hardening/3.1.1_disable_ipv6.sh
	modified:   bin/hardening/3.3.1_disable_source_routed_packets.sh
	modified:   bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh
	modified:   lib/utils.sh

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
 2021-02-17 11:45:20 +01:00
Thibault Ayanides
6ab1cab3ce
IMP(5.1.8): allow more restrictive permissions (#59) 
fix #52

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
 2021-02-17 11:40:31 +01:00
Thibault Ayanides
1a7dd5893a
Use pam_faillock instead of pam_tally for bullseye (#56) 
Fix #55
See https://github.com/linux-pam/linux-pam/releases/tag/v1.4.0
pam_tally is deprecated and replaced by pam_faillock

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
 2021-02-17 11:36:58 +01:00
Thibault Ayanides
fa111bc0d0
Update mac and kex to match debian10 CIS (#60) 
fix #53

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
 2021-02-17 11:31:22 +01:00
Thibault Ayanides
460843ffb3
Fix #51 (#58) 2021-02-17 11:19:38 +01:00
jeremydenoun
896d277d95
fix #46 bug (#47) 
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
 2021-02-11 14:00:18 +01:00
Thibault Ayanides
6ae05f3fa2
Add dealing with debian 11 
* ADD: add dockerfile for debian11
* FIX: fix crontab file not found on debian11 blank
* Add workflow for debian11
* FIX: fix debian version func to manage debian11
* Add dealing with unsupported version and distro
* Add 99.99 check that check if distro version is supported
* Use global var for debian major and distro

fix #26
 2021-02-08 13:54:24 +01:00
Thibault Ayanides
449c695415 IMP: improve partition detection in container 
fix #27
 2021-02-08 09:07:09 +01:00
dependabot[bot]
2d6550fb13
Bump dev-drprasad/delete-tag-and-release from v0.1.2 to v0.1.3 (#41) 
Bumps [dev-drprasad/delete-tag-and-release](https://github.com/dev-drprasad/delete-tag-and-release) from v0.1.2 to v0.1.3.
- [Release notes](https://github.com/dev-drprasad/delete-tag-and-release/releases)
- [Commits](https://github.com/dev-drprasad/delete-tag-and-release/compare/v0.1.2...3c280cb168f9f46f0036f47c7f57bba2ec18f61c)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2021-02-04 16:23:41 +01:00
jeremydenoun
0b6ea0d97e
IMP: add multiple Improvements 
* add new kernel module detection (enable & listing)  with detection of monolithic kernel
* change way to detect if file system type is disabled
* add global IS_CONTAINER variable
* disable test for 3.4.x to be consistent with others
* add cli options to override configuration loglevel
 2021-02-04 16:21:49 +01:00
dependabot[bot]
ec9e2addc2 Bump luizm/action-sh-checker from v0.1.10 to v0.1.12 
Bumps [luizm/action-sh-checker](https://github.com/luizm/action-sh-checker) from v0.1.10 to v0.1.12.
- [Release notes](https://github.com/luizm/action-sh-checker/releases)
- [Commits](https://github.com/luizm/action-sh-checker/compare/v0.1.10...442951059cb22d260c6e69309ae59cb7bb2334b8)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-02-01 13:08:50 +01:00
Thibault Ayanides
ed1baa724e IMP: mark some checks as useless 2021-01-25 13:02:52 +01:00
Thibault Ayanides
bd4ddfc398 ADD(3.4.x): add checks and tests 2021-01-25 13:02:52 +01:00
Thibault Ayanides
5a72d986ea IMP(3.1-3.x): add comprehensive tests 2021-01-25 13:02:52 +01:00
Thibault Ayanides
c51513e083 IMP(1.8.1.4-6): add comprehensive tests 2021-01-25 13:02:52 +01:00
Thibault Ayanides
6127f2fe67 IMP(4.2.2.x): improve dealing with default conf 
The default for journald is Compress=yes and ForwardToSyslog=yes
So we check that Compress=no and ForwardToSyslog=no are not in the conf file.
 2021-01-25 13:02:52 +01:00
Thibault Serti
6efefa07ac
Update shellcheck workflow 
fix #34
 2021-01-22 14:45:01 +01:00
jeremydenoun
dce926a536
Add default variable to avoid unbound variable 
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
 2021-01-22 10:02:44 +01:00
jeremydenoun
0edb837f80
Remove bc dependency 
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
 2021-01-22 09:31:53 +01:00
jeremydenoun
1c2e171655
Fix ovh/debian-cis:#25 (#28) 
Co-authored-by: Jeremy Denoun <jeremy.denoun@iguanesolutions.com>
 2021-01-21 16:01:34 +01:00
dependabot[bot]
4a652a94c6 Bump EndBug/add-and-commit from v6 to v7 
Bumps [EndBug/add-and-commit](https://github.com/EndBug/add-and-commit) from v6 to v7.
- [Release notes](https://github.com/EndBug/add-and-commit/releases)
- [Changelog](https://github.com/EndBug/add-and-commit/blob/master/CHANGELOG.md)
- [Commits](https://github.com/EndBug/add-and-commit/compare/v6...b3c7c1e078a023d75fb0bd326e02962575ce0519)

Signed-off-by: dependabot[bot] <support@github.com>
 2021-01-18 15:52:46 +01:00
Thibault Ayanides
89780550e6 Fix badges on README 2021-01-18 15:47:41 +01:00
Thibault Ayanides
047421f2d8 Regenerate man pages (Github action) 2021-01-18 15:47:41 +01:00
Thibault Ayanides
124aeea5cc Fix debian package build via github actions 2021-01-18 15:47:41 +01:00
Thibault Ayanides
8de9817035 Update LICENSE 2021-01-18 15:47:41 +01:00
Thibault Ayanides
3217429679 Regenerate man pages (Github action) 2021-01-18 11:45:13 +01:00
Thibault Ayanides
af38e4f404 Update changelog 2021-01-18 11:45:13 +01:00
Thibault Ayanides
efb14ea0a9 Add compile manual github action 2021-01-18 11:45:13 +01:00
Thibault Ayanides
8029da6157 Add manual 2021-01-18 11:45:13 +01:00
Thibault Ayanides
4281ed330a Update compat in debian package 2021-01-18 11:45:13 +01:00
Thibault Ayanides
aa90093f24 Add dependabot action 2021-01-18 11:45:13 +01:00
Thibault Ayanides
0ab210183b Beautify README.md 2021-01-18 11:45:13 +01:00
Thibault Ayanides
8f5e3c2ef8 Bump shellcheck action version 2021-01-18 11:45:13 +01:00