debian-cis

elie/debian-cis

Fork 0

mirror of https://github.com/ovh/debian-cis.git synced 2025-07-14 21:02:18 +02:00

Commit Graph

Select branches

Hide Pull Requests

damcava35/deb12_scripts_2

damcava35/drop_debian10

damcava35/fix_only

damcava35/fix_packaging

damcava35/is_ip_v6_enabled

damcava35/issue_195

damcava35/issue_249

damcava35/new_scripts

damcava35/set_version

damcava35/test_pre_commit

damcava35/update_lib

dependabot/github_actions/luizm/action-sh-checker-0.9.0

dev/thibault.dewailly/deb12

dev/thibault.dewailly/set_hardening_level

dev/thibault.dewailly/syslogng_remotecheck

master

#1

#10

#100

#101

#102

#103

#104

#108

#11

#111

#112

#115

#118

#119

#12

#120

#121

#122

#123

#125

#127

#128

#129

#130

#131

#132

#133

#134

#135

#137

#139

#140

#141

#142

#143

#144

#145

#146

#147

#148

#149

#150

#151

#152

#153

#154

#156

#157

#159

#16

#160

#161

#164

#166

#168

#169

#170

#171

#172

#173

#174

#176

#177

#178

#179

#18

#180

#181

#184

#185

#186

#187

#188

#19

#190

#193

#194

#197

#198

#199

#2

#20

#202

#203

#204

#205

#206

#207

#208

#21

#210

#213

#214

#215

#216

#22

#221

#222

#223

#225

#226

#228

#229

#23

#232

#234

#236

#237

#238

#24

#242

#243

#243

#250

#250

#256

#257

#260

#261

#262

#263

#264

#265

#265

#266

#267

#268

#268

#28

#29

#30

#31

#32

#35

#36

#37

#39

#4

#40

#41

#44

#45

#47

#49

#5

#54

#56

#57

#58

#59

#6

#6

#60

#66

#67

#69

#7

#72

#73

#75

#79

#80

#81

#82

#86

#88

#9

#90

#91

#94

#95

#96

#98

#99

latest

v1.1-1

v1.2-1

v1.3

v1.3-2

v1.3-3

v1.3-4

v2.0-4

v2.0-5

v2.0-6

v2.1-1

v2.1-2

v2.1-3

v2.1-4

v2.1-5

v2.1-6

v3.0

v3.0-1

v3.1-0

v3.1-1

v3.1-2

v3.1-3

v3.1-4

v3.1-5

v3.1-6

v3.2-0

v3.2-1

v3.2-2

v3.3-1

v3.4-1

v3.5-1

v3.6-1

v3.7-1

v3.8-1

v4.0-1

v4.1-1

v4.1-2

v4.1-3

v4.1-4

v4.1-5

16b77cada2 chore: add new scripts for debian 12 damcava35/deb12_scripts_2 Damien Cavagnini 2025-07-09 17:36:05 +02:00
861ad71734 chore: rename some scripts damcava35/new_scripts Damien Cavagnini 2025-07-02 14:37:23 +02:00
68f629ed36 adding new scripts for debian12 Damien Cavagnini 2025-06-27 17:25:13 +02:00
a61c2cb70e update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
efeabd58a3 chore: update script related to systemctl / service damcava35/update_lib Damien Cavagnini 2025-07-11 14:20:27 +02:00
ccd99c41e6 update lib/utils.sh Damien Cavagnini 2025-07-10 10:22:06 +02:00
51bc5825d6 refactor: is_kernel_option_enabled (#267) master latest damcav35 2025-07-11 11:20:59 +02:00
3753a72723 refactor: is_kernel_option_enabled damcava35/issue_249 Damien Cavagnini 2025-07-07 15:30:22 +02:00
ab0dba9f95 chore: drop debian 10 and below support (#264) v4.1-5 damcav35 2025-07-04 14:18:56 +02:00
5ee187c7ca chore: drop debian 10 and below support damcava35/drop_debian10 Damien Cavagnini 2025-07-03 13:14:10 +02:00
f2c6f36b94 fix: ipv6_is_enabled related checks (#263) damcav35 2025-07-04 09:08:50 +02:00
7c9f4c4fa0 fix: ipv6_is_enabled related checks damcava35/is_ip_v6_enabled Damien Cavagnini 2025-07-03 10:44:04 +02:00
6123a56653 fix: update record_mac_edit.sh to use apparmor instead of selinux (#262) damcav35 2025-07-03 09:27:09 +02:00
ef05f97f77 fix: update record_mac_edit.sh to use apparmor instead of selinux damcava35/issue_195 Damien Cavagnini 2025-07-02 16:49:53 +02:00
99e6694261 fix: "--only" option in "hardening.sh" (#261) damcav35 2025-07-02 14:22:20 +02:00
0272945ca2 fix: "--only" option in "hardening.sh" damcava35/fix_only Damien Cavagnini 2025-07-02 10:43:37 +02:00
231db2bf93 fix: debian package does not include "versions" (#260) damcav35 2025-07-01 13:55:26 +02:00
e6092a03f6 fix: debian package does not include "versions" damcava35/fix_packaging Damien Cavagnini 2025-07-01 13:04:24 +02:00
be33848d81 Damcava35/set version (#257) damcav35 2025-07-01 08:41:55 +02:00
ecd32e8904 fix: some tests are failing damcava35/set_version Damien Cavagnini 2025-06-25 12:03:17 +02:00
b6965e73ec chore: remove CIS recommendation numbers from bin/hardening scripts Damien Cavagnini 2025-06-25 16:15:32 +02:00
aebb65889e chore: configure current repository as a version Damien Cavagnini 2025-06-25 09:22:29 +02:00
300095cfa1 feat: add "--set-version" option Damien Cavagnini 2025-06-24 10:30:20 +02:00
99bc575714 Damcava35/test pre commit (#256) damcav35 2025-06-23 10:23:43 +02:00
02f7e3699d feat: add basic pre commit damcava35/test_pre_commit Damien Cavagnini 2025-06-18 11:15:06 +02:00
d36436d5c9 fix: add missing test 2.1.2_disable_bsd_intetd.sh Damien Cavagnini 2025-06-18 11:08:08 +02:00
38393a1950 chore: make linter happy for existing code Damien Cavagnini 2025-06-18 11:50:19 +02:00
00e0a875c2 fix: add tinyproxy in HTTP proxies dev/thibault.dewailly/deb12 thibault.dewailly 2024-12-24 09:57:14 +00:00
38bf8c4bc0 feat: add tftp check thibault.dewailly 2024-12-24 09:54:51 +00:00
68f2c640b1 feat: enhance NIS check thibault.dewailly 2024-12-24 09:34:10 +00:00
7fa2d5f516 feat: add dnsmasq on DNS packages denylist thibault.dewailly 2024-12-24 09:17:02 +00:00
679df5b9cf feat: add restrict_ptrace_scope thibault.dewailly 2024-12-24 09:13:16 +00:00
1733d1f460 build(deps): bump luizm/action-sh-checker from 0.8.0 to 0.9.0 dependabot/github_actions/luizm/action-sh-checker-0.9.0 dependabot[bot] 2024-09-16 22:28:53 +00:00
9a225c6157 build(deps): bump dev-drprasad/delete-tag-and-release from 1.0.1 to 1.1 (#238) dependabot[bot] 2024-09-10 17:47:36 +02:00
6079b16611 fix: invalid behavior on sid/alternative in 5.3.4/99.5.4.5.1 (#237) Hugo COURTIAL 2024-04-09 17:12:31 +02:00
f7cdf438d4 build(deps): bump metcalfc/changelog-generator from 4.2.0 to 4.3.1 (#234) dependabot[bot] 2024-03-05 09:33:10 +01:00
43fc23ee40 fix: catch cidr network in ssh keys (#236) Isma399 2024-02-22 17:55:03 +01:00
3bd4078e70 fix: allow set-hardening-level option usage (#232) GoldenKiwi 2024-02-01 17:09:35 +01:00
a08b71adae fix: allow set-hardening-level option usage dev/thibault.dewailly/set_hardening_level thibault.dewailly 2024-02-01 14:54:09 +00:00
a45aa40ce4 bump to 4.1.4 v4.1-4 thibault.dewailly 2024-01-18 09:14:30 +00:00
730ab47437 allow multiple users in 5.2.18 (#228) lgaida 2024-01-10 17:07:02 +01:00
5313799193 Allow multiple exception users to be defined for 99.5.2.4_ssh_keys_from (#221) lgaida 2023-12-27 13:42:10 +01:00
73616af4eb Syslog-ng fixes and enhancements (#226) GoldenKiwi 2023-12-27 10:27:06 +01:00
796a561fe5 enh: add test for 4.2.1.6 dev/thibault.dewailly/syslogng_remotecheck thibault.dewailly 2023-12-27 08:58:12 +00:00
58f4ca0392 syslog-ng : fix remote host test and enhance Regex thibault.dewailly 2023-12-27 08:40:35 +00:00
c391723fe5 fix: Allow --only option to be called multiple times (#225) GoldenKiwi 2023-12-26 17:08:53 +01:00
71019a5512 fix: update Readme to clarify project usage (#223) GoldenKiwi 2023-12-26 09:57:15 +01:00
fb4df82fc4 fix: typo in README. Update example of --audit usage (#222) GoldenKiwi 2023-12-26 09:19:55 +01:00
c75244e3b2 bump to 4.1.3 v4.1-3 thibault.dewailly 2023-11-28 10:34:12 +00:00
de295b3a77 Adapt all scripts to yescrypt (#216) Stéphane Lesimple 2023-11-21 17:43:31 +01:00
693487c3a5 build(deps): bump metcalfc/changelog-generator from 4.1.0 to 4.2.0 (#214) dependabot[bot] 2023-11-14 15:44:50 +01:00
670c8c62f5 fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215) GoldenKiwi 2023-11-14 12:03:58 +01:00
0eb2e2ffde enh: remove ssh system sandbox check (#213) GoldenKiwi 2023-11-13 08:53:12 +01:00
d6c334182e build(deps): bump luizm/action-sh-checker from 0.7.0 to 0.8.0 (#210) dependabot[bot] 2023-11-10 15:05:25 +01:00
2188577fc9 feat: advertise Debian 12 compatibility in readme thibault.dewailly 2023-10-02 13:34:04 +00:00
0f59f73297 bump to 4.1.2 v4.1-2 thibault.dewailly 2023-10-02 13:17:00 +00:00
f888ce0d39 fix: root_dir is still /opt/cis-hardening for the moment (#208) GoldenKiwi 2023-10-02 14:50:52 +02:00
f6aa306127 bump to 4.1.1 v4.1-1 thibault.dewailly 2023-09-29 14:38:26 +00:00
ceea343ad9 fix: debian12 functional test pass is now mandatory (#207) GoldenKiwi 2023-09-29 16:34:25 +02:00
2e53dfb573 feat: Officialize Debian 12 support (#206) GoldenKiwi 2023-09-29 16:20:34 +02:00
08aff5d3fc Update the README to reflect on changes made in PR#204 (#205) P-EB 2023-09-29 09:21:40 +02:00
32886d3a3d Replace CIS_ROOT_DIR by a more flexible system (#204) P-EB 2023-09-25 14:24:01 +02:00
5370ec2ef6 feat: add nftables to firewall software allow list (#203) GoldenKiwi 2023-09-07 14:36:08 +02:00
9d3fb18e6b build(deps): bump actions/checkout from 3 to 4 (#202) dependabot[bot] 2023-09-05 17:07:12 +02:00
6e79fcd00a fix: correct debian version check on 5.2.15 configuration generation (#199) GoldenKiwi 2023-09-01 08:34:28 +02:00
27edec6d5f fix: chore, debug logs print correctly now (#197) GoldenKiwi 2023-08-31 14:40:27 +02:00
f2cc14c383 fix: chore debian manual update (#198) GoldenKiwi 2023-08-31 14:34:59 +02:00
46377fc255 build(deps): bump dev-drprasad/delete-tag-and-release (#184) dependabot[bot] 2023-08-30 10:32:29 +02:00
a468b29036 fix: added systemd-timesyncd to use_time_sync script (#189) (#190) Joseph 2023-08-30 16:28:03 +08:00
db9ff8a7fd Update warn messages on 2.2.15_mta_localhost.sh (#193) JugeHuge 2023-08-30 11:23:27 +03:00
6135c3d0e5 fix: enhance test 99.1.3 speed for large /etc/sudoers.d folders (#188) Stéphane Lesimple 2023-07-18 17:28:35 +02:00
a6ad528087 feat: Add experimental debian12 functionnal tests (#187) Tarik Megzari 2023-07-10 10:52:17 +02:00
bc98bedf73 bump to 4.0-1 v4.0-1 thibault.dewailly 2023-07-10 07:21:13 +00:00
873ef8827d fix: 99.1.3_acc_sudoers_no_all: fix a race condition (#186) Stéphane Lesimple 2023-07-03 17:05:45 +02:00
bd27cd0dae fix: change auditd file rule remediation (#179) GoldenKiwi 2023-05-05 12:32:22 +02:00
f28ffc244c fix: correct debian package compression override (#181) GoldenKiwi 2023-05-02 18:06:59 +02:00
19ce790a27 fix: ensure mountpoints are properly detected (#177) GoldenKiwi 2023-05-02 18:01:53 +02:00
47cf86237b fix: correct search in 5.4.5_default_timeout in apply mode (#178) GoldenKiwi 2023-05-02 17:57:35 +02:00
ccd9c1a7aa fix: force xz compression during .deb build (#180) GoldenKiwi 2023-05-02 15:24:32 +02:00
04457e7df2 feat: official Debian 11 compatibility (#176) GoldenKiwi 2023-05-02 14:16:19 +02:00
05521d5961 Bump luizm/action-sh-checker from 0.5.0 to 0.7.0 (#171) dependabot[bot] 2023-04-26 10:20:11 +02:00
06525f06f9 bump to 3.8-1 v3.8-1 thibault.dewailly 2023-03-23 10:03:37 +00:00
d5c1c63971 Bump luizm/action-sh-checker from 0.4.0 to 0.5.0 (#161) dependabot[bot] 2023-03-23 10:56:12 +01:00
7d93ddeb86 Bump metcalfc/changelog-generator from 3.0.0 to 4.1.0 (#169) dependabot[bot] 2023-03-23 10:50:46 +01:00
a35ecab377 Bump dev-drprasad/delete-tag-and-release from 0.2.0 to 0.2.1 (#170) dependabot[bot] 2023-03-23 10:47:09 +01:00
dc952b90df fix: timeout of 99.1.3 (#168) Stéphane Lesimple 2022-12-22 09:47:35 +01:00
82a217032d fix(6.2.9): Start from UID 1000 for home ownership check (#164) Tarik Megzari 2022-09-30 10:28:48 +02:00
e478a89bad bump to 3.7-1 (#160) v3.7-1 ymartin-ovh 2022-07-04 15:37:08 +02:00
371c23cd52 feat: add FIND_IGNORE_NOSUCHFILE_ERR flag (#159) ymartin-ovh 2022-07-04 14:29:25 +02:00
ea8334d516 bump to 3.6-1 (#157) v3.6-1 Tarik Megzari 2022-06-27 12:13:01 +02:00
987bb9c975 Bump luizm/action-sh-checker from 0.3.0 to 0.4.0 (#154) dependabot[bot] 2022-06-26 16:58:46 +02:00
3031bb55d1 Bump actions-ecosystem/action-get-latest-tag from 1.5.0 to 1.6.0 (#153) dependabot[bot] 2022-06-24 17:55:26 +02:00
66ccc6316a feat: Filter the filesystem to check when the list is built. (#156) ymartin-ovh 2022-06-24 17:45:47 +02:00
7a3145d7f1 bump to 3.5-1 (#152) v3.5-1 Tarik Megzari 2022-03-23 18:40:25 +01:00
5c072668d5 fix: add 10s wait timeout on iptables command (#151) GoldenKiwi 2022-03-23 16:56:38 +01:00
d1bd1eb2e7 bump to 3.4-1 (#150) v3.4-1 GoldenKiwi 2022-03-18 16:49:25 +01:00
ad5c71c3ce fix: allow passwd-, group- and shadow- debian default permissions (#149) GoldenKiwi 2022-03-18 16:41:49 +01:00
33964c0a3d Bump EndBug/add-and-commit from 8.0.2 to 9 (#148) dependabot[bot] 2022-03-14 15:36:48 +01:00
8320d0eecc CI: Fix release action (#147) v3.3-1 Tarik Megzari 2022-03-03 12:02:12 +01:00
a0d33ab158 Update changelog for release 3.3-1 (#146) Tarik Megzari 2022-03-03 10:26:42 +01:00