debian-cis

elie/debian-cis

Fork 0

mirror of https://github.com/ovh/debian-cis.git synced 2025-08-04 06:11:16 +02:00

Commit Graph

Select branches

Hide Pull Requests

damcava35/deb12_scripts_2

damcava35/deb12_scripts_3

damcava35/deb12_scripts_4

damcava35/deb12_scripts_5

damcava35/deb12_scripts_6

damcava35/deb12_scripts_7

damcava35/deb12_scripts_8

damcava35/deb12_scripts_9

damcava35/fix_shellcheck_precommit

damcava35/new_scripts

damcava35/update_lib

dependabot/github_actions/luizm/action-sh-checker-0.9.0

dev/thibault.dewailly/deb12

dev/thibault.dewailly/set_hardening_level

dev/thibault.dewailly/syslogng_remotecheck

master

#1

#10

#100

#101

#102

#103

#104

#108

#11

#111

#112

#115

#118

#119

#12

#120

#121

#122

#123

#125

#127

#128

#129

#130

#131

#132

#133

#134

#135

#137

#139

#140

#141

#142

#143

#144

#145

#146

#147

#148

#149

#150

#151

#152

#153

#154

#156

#157

#159

#16

#160

#161

#164

#166

#168

#169

#170

#171

#172

#173

#174

#176

#177

#178

#179

#18

#180

#181

#184

#185

#186

#187

#188

#19

#190

#193

#194

#197

#198

#199

#2

#20

#202

#203

#204

#205

#206

#207

#208

#21

#210

#213

#214

#215

#216

#22

#221

#222

#223

#225

#226

#228

#229

#23

#232

#234

#236

#237

#238

#24

#242

#243

#243

#250

#250

#256

#257

#260

#261

#262

#263

#264

#265

#265

#266

#267

#268

#268

#271

#272

#273

#274

#276

#28

#29

#30

#31

#32

#35

#36

#37

#39

#4

#40

#41

#44

#45

#47

#49

#5

#54

#56

#57

#58

#59

#6

#6

#60

#66

#67

#69

#7

#72

#73

#75

#79

#80

#81

#82

#86

#88

#9

#90

#91

#94

#95

#96

#98

#99

latest

v1.1-1

v1.2-1

v1.3

v1.3-2

v1.3-3

v1.3-4

v2.0-4

v2.0-5

v2.0-6

v2.1-1

v2.1-2

v2.1-3

v2.1-4

v2.1-5

v2.1-6

v3.0

v3.0-1

v3.1-0

v3.1-1

v3.1-2

v3.1-3

v3.1-4

v3.1-5

v3.1-6

v3.2-0

v3.2-1

v3.2-2

v3.3-1

v3.4-1

v3.5-1

v3.6-1

v3.7-1

v3.8-1

v4.0-1

v4.1-1

v4.1-2

v4.1-3

v4.1-4

v4.1-5

1445aa00f7 feat: add debian12 scripts damcava35/deb12_scripts_9 damien cavagnini 2025-08-01 16:20:58 +02:00
0cf11ca4cf bring back missing "check_is_executable.sh" precommit damien cavagnini 2025-08-01 11:37:36 +02:00
c2598e484e feat: add debian12 scripts damcava35/deb12_scripts_5 damien cavagnini 2025-07-28 14:47:41 +02:00
c22ce20f9d feat: add debian12 scripts damcava35/deb12_scripts_8 damien cavagnini 2025-08-01 09:49:21 +02:00
ffab7bcb3e bring back missing "check_is_executable.sh" precommit damien cavagnini 2025-08-01 11:37:36 +02:00
6c93b453bc feat: add debian12 scripts damcava35/deb12_scripts_7 damien cavagnini 2025-07-31 12:16:03 +02:00
383a0a2ca6 refacto: systemd is-active / is-enabled damien cavagnini 2025-07-31 12:08:48 +02:00
a392d13cb0 refacto: systemd is-active / is-enabled damien cavagnini 2025-07-31 12:08:48 +02:00
2cab6eda26 update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
532c40d311 feat: add debian12 scripts damcava35/deb12_scripts_6 damien cavagnini 2025-07-30 10:09:28 +02:00
57aa0e6ef5 update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
b0ca64f589 feat: add new scripts for debian 12 damcava35/deb12_scripts_3 Damien Cavagnini 2025-07-18 15:05:32 +02:00
a7bc6a47f9 feat: add new checks for debian12 damcava35/deb12_scripts_4 damien cavagnini 2025-07-23 10:09:28 +02:00
eda302d55f add "apt_remove" in lib/utils.sh damien cavagnini 2025-07-22 10:45:58 +02:00
dc03314e34 update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
7c7730248e add "apt_remove" in lib/utils.sh damien cavagnini 2025-07-22 10:45:58 +02:00
f9f48ab630 update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
02756efd06 chore: add new scripts for debian 12 damcava35/deb12_scripts_2 Damien Cavagnini 2025-07-09 17:36:05 +02:00
b9ded91724 update lib/utils.sh Damien Cavagnini 2025-07-11 14:20:27 +02:00
15a59d6b2e feat: add 'is_service_active' in lib damien cavagnini 2025-07-28 16:04:11 +02:00
74346b222f update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
4a2e61a2fb chore: update script related to systemctl / service damcava35/update_lib Damien Cavagnini 2025-07-11 14:20:27 +02:00
e1e98a7270 update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
fbeac63e34 fix: shellcheck precommit (#276) master latest damcav35 2025-07-30 15:03:29 +02:00
8c53258daf fix: shellcheck precommit damcava35/fix_shellcheck_precommit damien cavagnini 2025-07-30 14:13:41 +02:00
c9f9137e59 feat: add some precommit (#274) damcav35 2025-07-22 11:14:41 +02:00
861ad71734 chore: rename some scripts damcava35/new_scripts Damien Cavagnini 2025-07-02 14:37:23 +02:00
68f629ed36 adding new scripts for debian12 Damien Cavagnini 2025-06-27 17:25:13 +02:00
51bc5825d6 refactor: is_kernel_option_enabled (#267) damcav35 2025-07-11 11:20:59 +02:00
ab0dba9f95 chore: drop debian 10 and below support (#264) v4.1-5 damcav35 2025-07-04 14:18:56 +02:00
f2c6f36b94 fix: ipv6_is_enabled related checks (#263) damcav35 2025-07-04 09:08:50 +02:00
6123a56653 fix: update record_mac_edit.sh to use apparmor instead of selinux (#262) damcav35 2025-07-03 09:27:09 +02:00
99e6694261 fix: "--only" option in "hardening.sh" (#261) damcav35 2025-07-02 14:22:20 +02:00
231db2bf93 fix: debian package does not include "versions" (#260) damcav35 2025-07-01 13:55:26 +02:00
be33848d81 Damcava35/set version (#257) damcav35 2025-07-01 08:41:55 +02:00
99bc575714 Damcava35/test pre commit (#256) damcav35 2025-06-23 10:23:43 +02:00
00e0a875c2 fix: add tinyproxy in HTTP proxies dev/thibault.dewailly/deb12 thibault.dewailly 2024-12-24 09:57:14 +00:00
38bf8c4bc0 feat: add tftp check thibault.dewailly 2024-12-24 09:54:51 +00:00
68f2c640b1 feat: enhance NIS check thibault.dewailly 2024-12-24 09:34:10 +00:00
7fa2d5f516 feat: add dnsmasq on DNS packages denylist thibault.dewailly 2024-12-24 09:17:02 +00:00
679df5b9cf feat: add restrict_ptrace_scope thibault.dewailly 2024-12-24 09:13:16 +00:00
1733d1f460 build(deps): bump luizm/action-sh-checker from 0.8.0 to 0.9.0 dependabot/github_actions/luizm/action-sh-checker-0.9.0 dependabot[bot] 2024-09-16 22:28:53 +00:00
9a225c6157 build(deps): bump dev-drprasad/delete-tag-and-release from 1.0.1 to 1.1 (#238) dependabot[bot] 2024-09-10 17:47:36 +02:00
6079b16611 fix: invalid behavior on sid/alternative in 5.3.4/99.5.4.5.1 (#237) Hugo COURTIAL 2024-04-09 17:12:31 +02:00
f7cdf438d4 build(deps): bump metcalfc/changelog-generator from 4.2.0 to 4.3.1 (#234) dependabot[bot] 2024-03-05 09:33:10 +01:00
43fc23ee40 fix: catch cidr network in ssh keys (#236) Isma399 2024-02-22 17:55:03 +01:00
3bd4078e70 fix: allow set-hardening-level option usage (#232) GoldenKiwi 2024-02-01 17:09:35 +01:00
a08b71adae fix: allow set-hardening-level option usage dev/thibault.dewailly/set_hardening_level thibault.dewailly 2024-02-01 14:54:09 +00:00
a45aa40ce4 bump to 4.1.4 v4.1-4 thibault.dewailly 2024-01-18 09:14:30 +00:00
730ab47437 allow multiple users in 5.2.18 (#228) lgaida 2024-01-10 17:07:02 +01:00
5313799193 Allow multiple exception users to be defined for 99.5.2.4_ssh_keys_from (#221) lgaida 2023-12-27 13:42:10 +01:00
73616af4eb Syslog-ng fixes and enhancements (#226) GoldenKiwi 2023-12-27 10:27:06 +01:00
796a561fe5 enh: add test for 4.2.1.6 dev/thibault.dewailly/syslogng_remotecheck thibault.dewailly 2023-12-27 08:58:12 +00:00
58f4ca0392 syslog-ng : fix remote host test and enhance Regex thibault.dewailly 2023-12-27 08:40:35 +00:00
c391723fe5 fix: Allow --only option to be called multiple times (#225) GoldenKiwi 2023-12-26 17:08:53 +01:00
71019a5512 fix: update Readme to clarify project usage (#223) GoldenKiwi 2023-12-26 09:57:15 +01:00
fb4df82fc4 fix: typo in README. Update example of --audit usage (#222) GoldenKiwi 2023-12-26 09:19:55 +01:00
c75244e3b2 bump to 4.1.3 v4.1-3 thibault.dewailly 2023-11-28 10:34:12 +00:00
de295b3a77 Adapt all scripts to yescrypt (#216) Stéphane Lesimple 2023-11-21 17:43:31 +01:00
693487c3a5 build(deps): bump metcalfc/changelog-generator from 4.1.0 to 4.2.0 (#214) dependabot[bot] 2023-11-14 15:44:50 +01:00
670c8c62f5 fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215) GoldenKiwi 2023-11-14 12:03:58 +01:00
0eb2e2ffde enh: remove ssh system sandbox check (#213) GoldenKiwi 2023-11-13 08:53:12 +01:00
d6c334182e build(deps): bump luizm/action-sh-checker from 0.7.0 to 0.8.0 (#210) dependabot[bot] 2023-11-10 15:05:25 +01:00
2188577fc9 feat: advertise Debian 12 compatibility in readme thibault.dewailly 2023-10-02 13:34:04 +00:00
0f59f73297 bump to 4.1.2 v4.1-2 thibault.dewailly 2023-10-02 13:17:00 +00:00
f888ce0d39 fix: root_dir is still /opt/cis-hardening for the moment (#208) GoldenKiwi 2023-10-02 14:50:52 +02:00
f6aa306127 bump to 4.1.1 v4.1-1 thibault.dewailly 2023-09-29 14:38:26 +00:00
ceea343ad9 fix: debian12 functional test pass is now mandatory (#207) GoldenKiwi 2023-09-29 16:34:25 +02:00
2e53dfb573 feat: Officialize Debian 12 support (#206) GoldenKiwi 2023-09-29 16:20:34 +02:00
08aff5d3fc Update the README to reflect on changes made in PR#204 (#205) P-EB 2023-09-29 09:21:40 +02:00
32886d3a3d Replace CIS_ROOT_DIR by a more flexible system (#204) P-EB 2023-09-25 14:24:01 +02:00
5370ec2ef6 feat: add nftables to firewall software allow list (#203) GoldenKiwi 2023-09-07 14:36:08 +02:00
9d3fb18e6b build(deps): bump actions/checkout from 3 to 4 (#202) dependabot[bot] 2023-09-05 17:07:12 +02:00
6e79fcd00a fix: correct debian version check on 5.2.15 configuration generation (#199) GoldenKiwi 2023-09-01 08:34:28 +02:00
27edec6d5f fix: chore, debug logs print correctly now (#197) GoldenKiwi 2023-08-31 14:40:27 +02:00
f2cc14c383 fix: chore debian manual update (#198) GoldenKiwi 2023-08-31 14:34:59 +02:00
46377fc255 build(deps): bump dev-drprasad/delete-tag-and-release (#184) dependabot[bot] 2023-08-30 10:32:29 +02:00
a468b29036 fix: added systemd-timesyncd to use_time_sync script (#189) (#190) Joseph 2023-08-30 16:28:03 +08:00
db9ff8a7fd Update warn messages on 2.2.15_mta_localhost.sh (#193) JugeHuge 2023-08-30 11:23:27 +03:00
6135c3d0e5 fix: enhance test 99.1.3 speed for large /etc/sudoers.d folders (#188) Stéphane Lesimple 2023-07-18 17:28:35 +02:00
a6ad528087 feat: Add experimental debian12 functionnal tests (#187) Tarik Megzari 2023-07-10 10:52:17 +02:00
bc98bedf73 bump to 4.0-1 v4.0-1 thibault.dewailly 2023-07-10 07:21:13 +00:00
873ef8827d fix: 99.1.3_acc_sudoers_no_all: fix a race condition (#186) Stéphane Lesimple 2023-07-03 17:05:45 +02:00
bd27cd0dae fix: change auditd file rule remediation (#179) GoldenKiwi 2023-05-05 12:32:22 +02:00
f28ffc244c fix: correct debian package compression override (#181) GoldenKiwi 2023-05-02 18:06:59 +02:00
19ce790a27 fix: ensure mountpoints are properly detected (#177) GoldenKiwi 2023-05-02 18:01:53 +02:00
47cf86237b fix: correct search in 5.4.5_default_timeout in apply mode (#178) GoldenKiwi 2023-05-02 17:57:35 +02:00
ccd9c1a7aa fix: force xz compression during .deb build (#180) GoldenKiwi 2023-05-02 15:24:32 +02:00
04457e7df2 feat: official Debian 11 compatibility (#176) GoldenKiwi 2023-05-02 14:16:19 +02:00
05521d5961 Bump luizm/action-sh-checker from 0.5.0 to 0.7.0 (#171) dependabot[bot] 2023-04-26 10:20:11 +02:00
06525f06f9 bump to 3.8-1 v3.8-1 thibault.dewailly 2023-03-23 10:03:37 +00:00
d5c1c63971 Bump luizm/action-sh-checker from 0.4.0 to 0.5.0 (#161) dependabot[bot] 2023-03-23 10:56:12 +01:00
7d93ddeb86 Bump metcalfc/changelog-generator from 3.0.0 to 4.1.0 (#169) dependabot[bot] 2023-03-23 10:50:46 +01:00
a35ecab377 Bump dev-drprasad/delete-tag-and-release from 0.2.0 to 0.2.1 (#170) dependabot[bot] 2023-03-23 10:47:09 +01:00
dc952b90df fix: timeout of 99.1.3 (#168) Stéphane Lesimple 2022-12-22 09:47:35 +01:00
82a217032d fix(6.2.9): Start from UID 1000 for home ownership check (#164) Tarik Megzari 2022-09-30 10:28:48 +02:00
e478a89bad bump to 3.7-1 (#160) v3.7-1 ymartin-ovh 2022-07-04 15:37:08 +02:00
371c23cd52 feat: add FIND_IGNORE_NOSUCHFILE_ERR flag (#159) ymartin-ovh 2022-07-04 14:29:25 +02:00
ea8334d516 bump to 3.6-1 (#157) v3.6-1 Tarik Megzari 2022-06-27 12:13:01 +02:00
987bb9c975 Bump luizm/action-sh-checker from 0.3.0 to 0.4.0 (#154) dependabot[bot] 2022-06-26 16:58:46 +02:00