elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-09-03 05:08:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
583 Commits 17 Branches 40 Tags
latest
Commit Graph

8 Commits

Author SHA1 Message Date
damcav35
9bd170438c Damcava35/deb12 scripts 10 (#294) 
* fix ssh related tests

As letting sshd active will mess with others scripts later

* feat: add debian12 scripts

- nftables_loopback_is_configured.sh 	-> 4.2.6
- nftables_established_connections.sh 	-> 4.2.7
- iptables_flushed_with_nftables.sh 	-> 4.2.3
- ufw_loopback_is_configured.sh 	-> 4.1.4
- ufw_outbound_connection.sh 		-> 4.1.5
- ufw_default_deny.sh 			-> 4.1.7
- ufw_rules_them_all.sh 		-> 4.1.6

---------

Co-authored-by: damien cavagnini <damien.cavagnini@corp.ovh.com>
 2025-09-02 13:57:12 +02:00
damcav35
f0075600e1 feat: add debian12 scripts (#293) 
- nftables_is_enabled.sh 		-> 4.2.9
- nftables_has_table.sh 		-> 4.2.4
- nftables_has_base_chains.sh 		-> 4.2.5
- nftables_rules_permanent.sh		-> 4.2.10
- nftables_default_deniy_policy.sh	-> 4.2.8

Co-authored-by: damien cavagnini <damien.cavagnini@corp.ovh.com>
 2025-08-22 13:38:23 +02:00
damcav35
94f110d9b3 Damcava35/deb12 scripts 4 (#287) 
* fix: ipv6 may be enabled on a single interface

* feat: add new checks for debian12

systemd_timesyncd_is_enabled_and_running.sh	-> 2.3.2.2
rpcbind_is_disabled.sh				-> 2.1.12
ftp_client_not_installed.sh			-> 2.2.6
chrony_with_chrony_user.sh			-> 2.3.3.2
ipv6_is_enabled.sh				-> 3.1.1

---------

Co-authored-by: damien cavagnini <damien.cavagnini@corp.ovh.com>
Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
 2025-08-12 14:42:37 +02:00
damcav35
b0e46dd658 Damcava35/deb12 scripts 3 (#279) 
* add "apt_remove" in lib/utils.sh

in order to manage DEBIAN_FRONTEND

* feat: add new scripts for debian 12

- tftp_is_disabled              ->      2.1.16
- network_services_listening    ->      2.1.22
- use_time_sync                 ->      2.3.1.1
Update the existing script to check there is only one installed

- chrony_is_enabled_and_running ->      2.3.3.3

---------

Co-authored-by: damien cavagnini <damien.cavagnini@corp.ovh.com>
 2025-08-06 16:50:52 +02:00
Thibault Ayanides
fc8a2b2561 FIX: add commands to sudoers (#91) 2021-04-27 13:31:59 +02:00
Thibault Ayanides
8da1107532 ADD(1.7.x): add apparmor checks 2020-12-23 10:46:51 +01:00
Charles Herlin
6ede832685 FIX(sudoers): add missing test 2019-02-15 16:45:03 +01:00
Charles Herlin
b1f85d3f99 Add sudo management in main and utils 
* perform readonly checks as a regular user
    * sudo -n is used for checks requiring root privileges
    * increase accountability by providing log of individual access to sensitive files
 2017-11-09 15:45:42 +01:00