debian-cis

elie/debian-cis

Fork 0

mirror of https://github.com/ovh/debian-cis.git synced 2025-08-30 19:34:07 +02:00

Commit Graph

Select branches

Hide Pull Requests

damcava35/deb12_scripts_10

damcava35/deb12_scripts_11

damcava35/deb12_scripts_12

damcava35/deb12_scripts_13

damcava35/deb12_scripts_2

damcava35/deb12_scripts_3

damcava35/fix_hardening_level

damcava35/fix_quickstart

damcava35/fix_shellcheck_precommit

damcava35/fix_systemctl

damcava35/new_scripts

damcava35/update_lib

dev/thibault.dewailly/deb12

dev/thibault.dewailly/set_hardening_level

dev/thibault.dewailly/syslogng_remotecheck

master

#1

#10

#100

#101

#102

#103

#104

#108

#11

#111

#112

#115

#118

#119

#12

#120

#121

#122

#123

#125

#127

#128

#129

#130

#131

#132

#133

#134

#135

#137

#139

#140

#141

#142

#143

#144

#145

#146

#147

#148

#149

#150

#151

#152

#153

#154

#156

#157

#159

#16

#160

#161

#164

#166

#168

#169

#170

#171

#172

#173

#174

#176

#177

#178

#179

#18

#180

#181

#184

#185

#186

#187

#188

#19

#190

#193

#194

#197

#198

#199

#2

#20

#202

#203

#204

#205

#206

#207

#208

#21

#210

#213

#214

#215

#216

#22

#221

#222

#223

#225

#226

#228

#229

#23

#232

#234

#236

#237

#238

#24

#242

#243

#250

#256

#257

#260

#261

#262

#263

#264

#265

#266

#267

#268

#271

#272

#273

#274

#276

#277

#278

#279

#28

#280

#281

#282

#284

#285

#286

#287

#288

#289

#29

#290

#291

#292

#293

#294

#294

#30

#31

#32

#35

#36

#37

#39

#4

#40

#41

#44

#45

#47

#49

#5

#54

#56

#57

#58

#59

#6

#6

#60

#66

#67

#69

#7

#72

#73

#75

#79

#80

#81

#82

#86

#88

#9

#90

#91

#94

#95

#96

#98

#99

latest

v1.1-1

v1.2-1

v1.3

v1.3-2

v1.3-3

v1.3-4

v2.0-4

v2.0-5

v2.0-6

v2.1-1

v2.1-2

v2.1-3

v2.1-4

v2.1-5

v2.1-6

v3.0

v3.0-1

v3.1-0

v3.1-1

v3.1-2

v3.1-3

v3.1-4

v3.1-5

v3.1-6

v3.2-0

v3.2-1

v3.2-2

v3.3-1

v3.4-1

v3.5-1

v3.6-1

v3.7-1

v3.8-1

v4.0-1

v4.1-1

v4.1-2

v4.1-3

v4.1-4

v4.1-5

d171310d81 feat: add debian12 scripts damcava35/deb12_scripts_10 damien cavagnini 2025-08-04 15:43:24 +02:00
d587fc3e97 fix ssh related tests damien cavagnini 2025-08-05 15:09:10 +02:00
f0075600e1 feat: add debian12 scripts (#293) master latest damcav35 2025-08-22 13:38:23 +02:00
fde8d2beeb feat: add debian12 scripts (#292) damcav35 2025-08-19 12:01:34 +02:00
b89e608575 feat: add debian12 scripts (#291) damcav35 2025-08-18 16:11:37 +02:00
605963dc3e feat: add debian12 scripts (#290) damcav35 2025-08-14 14:41:04 +02:00
8aeb22fb60 Damcava35/deb12 scripts 5 (#289) damcav35 2025-08-14 12:25:25 +02:00
3bbc6c435a feat: add debian12 scripts damcava35/deb12_scripts_13 damien cavagnini 2025-08-12 11:38:16 +02:00
94f110d9b3 Damcava35/deb12 scripts 4 (#287) damcav35 2025-08-12 14:42:37 +02:00
f85f1f25e7 build(deps): bump actions/checkout from 4 to 5 (#288) dependabot[bot] 2025-08-12 14:02:48 +02:00
37b4f5982e feat: add debian12 scripts damcava35/deb12_scripts_12 damien cavagnini 2025-08-08 16:12:00 +02:00
4be1a9d9e4 feat: add debian12 scripts damcava35/deb12_scripts_11 damien cavagnini 2025-08-05 16:23:52 +02:00
8e89f79b8c fix: quickstart README (#286) damcav35 2025-08-08 08:36:05 +02:00
1024f957c0 fix: quickstart README damcava35/fix_quickstart damien cavagnini 2025-08-07 18:33:57 +02:00
1926758707 fix: --set-hardening-level is messing with configuration files (#285) damcav35 2025-08-07 17:03:09 +02:00
f07e508eea fix: --set-hardening-level is messing with configuration files damcava35/fix_hardening_level damien cavagnini 2025-08-07 16:50:17 +02:00
4b4faf62b3 Fix typo 'paswword' to 'password' in password_last_change_past.sh (#280) Edmund Lodewijks 2025-08-07 16:10:08 +02:00
6b1ce6787d fix: issue #283 (#284) damcav35 2025-08-07 16:08:51 +02:00
83211972c4 fix: issue #283 damcava35/fix_systemctl damien cavagnini 2025-08-07 14:28:25 +02:00
fe8f0bd0b4 build(deps): bump metcalfc/changelog-generator from 4.3.1 to 4.6.2 (#281) dependabot[bot] 2025-08-07 10:54:32 +02:00
b0e46dd658 Damcava35/deb12 scripts 3 (#279) damcav35 2025-08-06 16:50:52 +02:00
f33f644aeb feat: add new scripts for debian 12 damcava35/deb12_scripts_3 Damien Cavagnini 2025-07-18 15:05:32 +02:00
1bf6cabc89 add "apt_remove" in lib/utils.sh damien cavagnini 2025-07-22 10:45:58 +02:00
4b9e7d0b33 chore: add new scripts for debian 12 (#278) damcav35 2025-08-06 15:03:51 +02:00
b0edb0e565 chore: add new scripts for debian 12 damcava35/deb12_scripts_2 Damien Cavagnini 2025-07-09 17:36:05 +02:00
28d38e5f82 build(deps): bump luizm/action-sh-checker from 0.8.0 to 0.9.0 (#243) dependabot[bot] 2025-08-06 11:42:38 +02:00
a9d2e76cdb Damcava35/update lib (#277) damcav35 2025-08-06 11:13:49 +02:00
be790670c7 chore: update script related to systemctl / service damcava35/update_lib Damien Cavagnini 2025-07-11 14:20:27 +02:00
f018ecc857 update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
80b73b73b9 Damcava35/new scripts (#265) damcav35 2025-08-06 10:49:21 +02:00
106b01dac8 chore: rename some scripts damcava35/new_scripts Damien Cavagnini 2025-07-02 14:37:23 +02:00
381f4e15c6 adding new scripts for debian12 Damien Cavagnini 2025-06-27 17:25:13 +02:00
fbeac63e34 fix: shellcheck precommit (#276) damcav35 2025-07-30 15:03:29 +02:00
8c53258daf fix: shellcheck precommit damcava35/fix_shellcheck_precommit damien cavagnini 2025-07-30 14:13:41 +02:00
c9f9137e59 feat: add some precommit (#274) damcav35 2025-07-22 11:14:41 +02:00
51bc5825d6 refactor: is_kernel_option_enabled (#267) damcav35 2025-07-11 11:20:59 +02:00
ab0dba9f95 chore: drop debian 10 and below support (#264) v4.1-5 damcav35 2025-07-04 14:18:56 +02:00
f2c6f36b94 fix: ipv6_is_enabled related checks (#263) damcav35 2025-07-04 09:08:50 +02:00
6123a56653 fix: update record_mac_edit.sh to use apparmor instead of selinux (#262) damcav35 2025-07-03 09:27:09 +02:00
99e6694261 fix: "--only" option in "hardening.sh" (#261) damcav35 2025-07-02 14:22:20 +02:00
231db2bf93 fix: debian package does not include "versions" (#260) damcav35 2025-07-01 13:55:26 +02:00
be33848d81 Damcava35/set version (#257) damcav35 2025-07-01 08:41:55 +02:00
99bc575714 Damcava35/test pre commit (#256) damcav35 2025-06-23 10:23:43 +02:00
00e0a875c2 fix: add tinyproxy in HTTP proxies dev/thibault.dewailly/deb12 thibault.dewailly 2024-12-24 09:57:14 +00:00
38bf8c4bc0 feat: add tftp check thibault.dewailly 2024-12-24 09:54:51 +00:00
68f2c640b1 feat: enhance NIS check thibault.dewailly 2024-12-24 09:34:10 +00:00
7fa2d5f516 feat: add dnsmasq on DNS packages denylist thibault.dewailly 2024-12-24 09:17:02 +00:00
679df5b9cf feat: add restrict_ptrace_scope thibault.dewailly 2024-12-24 09:13:16 +00:00
9a225c6157 build(deps): bump dev-drprasad/delete-tag-and-release from 1.0.1 to 1.1 (#238) dependabot[bot] 2024-09-10 17:47:36 +02:00
6079b16611 fix: invalid behavior on sid/alternative in 5.3.4/99.5.4.5.1 (#237) Hugo COURTIAL 2024-04-09 17:12:31 +02:00
f7cdf438d4 build(deps): bump metcalfc/changelog-generator from 4.2.0 to 4.3.1 (#234) dependabot[bot] 2024-03-05 09:33:10 +01:00
43fc23ee40 fix: catch cidr network in ssh keys (#236) Isma399 2024-02-22 17:55:03 +01:00
3bd4078e70 fix: allow set-hardening-level option usage (#232) GoldenKiwi 2024-02-01 17:09:35 +01:00
a08b71adae fix: allow set-hardening-level option usage dev/thibault.dewailly/set_hardening_level thibault.dewailly 2024-02-01 14:54:09 +00:00
a45aa40ce4 bump to 4.1.4 v4.1-4 thibault.dewailly 2024-01-18 09:14:30 +00:00
730ab47437 allow multiple users in 5.2.18 (#228) lgaida 2024-01-10 17:07:02 +01:00
5313799193 Allow multiple exception users to be defined for 99.5.2.4_ssh_keys_from (#221) lgaida 2023-12-27 13:42:10 +01:00
73616af4eb Syslog-ng fixes and enhancements (#226) GoldenKiwi 2023-12-27 10:27:06 +01:00
796a561fe5 enh: add test for 4.2.1.6 dev/thibault.dewailly/syslogng_remotecheck thibault.dewailly 2023-12-27 08:58:12 +00:00
58f4ca0392 syslog-ng : fix remote host test and enhance Regex thibault.dewailly 2023-12-27 08:40:35 +00:00
c391723fe5 fix: Allow --only option to be called multiple times (#225) GoldenKiwi 2023-12-26 17:08:53 +01:00
71019a5512 fix: update Readme to clarify project usage (#223) GoldenKiwi 2023-12-26 09:57:15 +01:00
fb4df82fc4 fix: typo in README. Update example of --audit usage (#222) GoldenKiwi 2023-12-26 09:19:55 +01:00
c75244e3b2 bump to 4.1.3 v4.1-3 thibault.dewailly 2023-11-28 10:34:12 +00:00
de295b3a77 Adapt all scripts to yescrypt (#216) Stéphane Lesimple 2023-11-21 17:43:31 +01:00
693487c3a5 build(deps): bump metcalfc/changelog-generator from 4.1.0 to 4.2.0 (#214) dependabot[bot] 2023-11-14 15:44:50 +01:00
670c8c62f5 fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215) GoldenKiwi 2023-11-14 12:03:58 +01:00
0eb2e2ffde enh: remove ssh system sandbox check (#213) GoldenKiwi 2023-11-13 08:53:12 +01:00
d6c334182e build(deps): bump luizm/action-sh-checker from 0.7.0 to 0.8.0 (#210) dependabot[bot] 2023-11-10 15:05:25 +01:00
2188577fc9 feat: advertise Debian 12 compatibility in readme thibault.dewailly 2023-10-02 13:34:04 +00:00
0f59f73297 bump to 4.1.2 v4.1-2 thibault.dewailly 2023-10-02 13:17:00 +00:00
f888ce0d39 fix: root_dir is still /opt/cis-hardening for the moment (#208) GoldenKiwi 2023-10-02 14:50:52 +02:00
f6aa306127 bump to 4.1.1 v4.1-1 thibault.dewailly 2023-09-29 14:38:26 +00:00
ceea343ad9 fix: debian12 functional test pass is now mandatory (#207) GoldenKiwi 2023-09-29 16:34:25 +02:00
2e53dfb573 feat: Officialize Debian 12 support (#206) GoldenKiwi 2023-09-29 16:20:34 +02:00
08aff5d3fc Update the README to reflect on changes made in PR#204 (#205) P-EB 2023-09-29 09:21:40 +02:00
32886d3a3d Replace CIS_ROOT_DIR by a more flexible system (#204) P-EB 2023-09-25 14:24:01 +02:00
5370ec2ef6 feat: add nftables to firewall software allow list (#203) GoldenKiwi 2023-09-07 14:36:08 +02:00
9d3fb18e6b build(deps): bump actions/checkout from 3 to 4 (#202) dependabot[bot] 2023-09-05 17:07:12 +02:00
6e79fcd00a fix: correct debian version check on 5.2.15 configuration generation (#199) GoldenKiwi 2023-09-01 08:34:28 +02:00
27edec6d5f fix: chore, debug logs print correctly now (#197) GoldenKiwi 2023-08-31 14:40:27 +02:00
f2cc14c383 fix: chore debian manual update (#198) GoldenKiwi 2023-08-31 14:34:59 +02:00
46377fc255 build(deps): bump dev-drprasad/delete-tag-and-release (#184) dependabot[bot] 2023-08-30 10:32:29 +02:00
a468b29036 fix: added systemd-timesyncd to use_time_sync script (#189) (#190) Joseph 2023-08-30 16:28:03 +08:00
db9ff8a7fd Update warn messages on 2.2.15_mta_localhost.sh (#193) JugeHuge 2023-08-30 11:23:27 +03:00
6135c3d0e5 fix: enhance test 99.1.3 speed for large /etc/sudoers.d folders (#188) Stéphane Lesimple 2023-07-18 17:28:35 +02:00
a6ad528087 feat: Add experimental debian12 functionnal tests (#187) Tarik Megzari 2023-07-10 10:52:17 +02:00
bc98bedf73 bump to 4.0-1 v4.0-1 thibault.dewailly 2023-07-10 07:21:13 +00:00
873ef8827d fix: 99.1.3_acc_sudoers_no_all: fix a race condition (#186) Stéphane Lesimple 2023-07-03 17:05:45 +02:00
bd27cd0dae fix: change auditd file rule remediation (#179) GoldenKiwi 2023-05-05 12:32:22 +02:00
f28ffc244c fix: correct debian package compression override (#181) GoldenKiwi 2023-05-02 18:06:59 +02:00
19ce790a27 fix: ensure mountpoints are properly detected (#177) GoldenKiwi 2023-05-02 18:01:53 +02:00
47cf86237b fix: correct search in 5.4.5_default_timeout in apply mode (#178) GoldenKiwi 2023-05-02 17:57:35 +02:00
ccd9c1a7aa fix: force xz compression during .deb build (#180) GoldenKiwi 2023-05-02 15:24:32 +02:00
04457e7df2 feat: official Debian 11 compatibility (#176) GoldenKiwi 2023-05-02 14:16:19 +02:00
05521d5961 Bump luizm/action-sh-checker from 0.5.0 to 0.7.0 (#171) dependabot[bot] 2023-04-26 10:20:11 +02:00
06525f06f9 bump to 3.8-1 v3.8-1 thibault.dewailly 2023-03-23 10:03:37 +00:00
d5c1c63971 Bump luizm/action-sh-checker from 0.4.0 to 0.5.0 (#161) dependabot[bot] 2023-03-23 10:56:12 +01:00
7d93ddeb86 Bump metcalfc/changelog-generator from 3.0.0 to 4.1.0 (#169) dependabot[bot] 2023-03-23 10:50:46 +01:00
a35ecab377 Bump dev-drprasad/delete-tag-and-release from 0.2.0 to 0.2.1 (#170) dependabot[bot] 2023-03-23 10:47:09 +01:00