debian-cis

elie/debian-cis

Fork 0

mirror of https://github.com/ovh/debian-cis.git synced 2025-08-31 11:54:07 +02:00

Commit Graph

Select branches

Hide Pull Requests

damcava35/deb12_scripts_10

damcava35/deb12_scripts_11

damcava35/deb12_scripts_12

damcava35/deb12_scripts_13

damcava35/deb12_scripts_2

damcava35/deb12_scripts_3

damcava35/fix_hardening_level

damcava35/fix_quickstart

damcava35/fix_shellcheck_precommit

damcava35/fix_systemctl

damcava35/new_scripts

damcava35/update_lib

dev/thibault.dewailly/deb12

dev/thibault.dewailly/set_hardening_level

dev/thibault.dewailly/syslogng_remotecheck

master

#1

#10

#100

#101

#102

#103

#104

#108

#11

#111

#112

#115

#118

#119

#12

#120

#121

#122

#123

#125

#127

#128

#129

#130

#131

#132

#133

#134

#135

#137

#139

#140

#141

#142

#143

#144

#145

#146

#147

#148

#149

#150

#151

#152

#153

#154

#156

#157

#159

#16

#160

#161

#164

#166

#168

#169

#170

#171

#172

#173

#174

#176

#177

#178

#179

#18

#180

#181

#184

#185

#186

#187

#188

#19

#190

#193

#194

#197

#198

#199

#2

#20

#202

#203

#204

#205

#206

#207

#208

#21

#210

#213

#214

#215

#216

#22

#221

#222

#223

#225

#226

#228

#229

#23

#232

#234

#236

#237

#238

#24

#242

#243

#250

#256

#257

#260

#261

#262

#263

#264

#265

#266

#267

#268

#271

#272

#273

#274

#276

#277

#278

#279

#28

#280

#281

#282

#284

#285

#286

#287

#288

#289

#29

#290

#291

#292

#293

#294

#294

#295

#295

#30

#31

#32

#35

#36

#37

#39

#4

#40

#41

#44

#45

#47

#49

#5

#54

#56

#57

#58

#59

#6

#6

#60

#66

#67

#69

#7

#72

#73

#75

#79

#80

#81

#82

#86

#88

#9

#90

#91

#94

#95

#96

#98

#99

latest

v1.1-1

v1.2-1

v1.3

v1.3-2

v1.3-3

v1.3-4

v2.0-4

v2.0-5

v2.0-6

v2.1-1

v2.1-2

v2.1-3

v2.1-4

v2.1-5

v2.1-6

v3.0

v3.0-1

v3.1-0

v3.1-1

v3.1-2

v3.1-3

v3.1-4

v3.1-5

v3.1-6

v3.2-0

v3.2-1

v3.2-2

v3.3-1

v3.4-1

v3.5-1

v3.6-1

v3.7-1

v3.8-1

v4.0-1

v4.1-1

v4.1-2

v4.1-3

v4.1-4

v4.1-5

dc952b90df fix: timeout of 99.1.3 (#168) Stéphane Lesimple 2022-12-22 09:47:35 +01:00
82a217032d fix(6.2.9): Start from UID 1000 for home ownership check (#164) Tarik Megzari 2022-09-30 10:28:48 +02:00
e478a89bad bump to 3.7-1 (#160) v3.7-1 ymartin-ovh 2022-07-04 15:37:08 +02:00
371c23cd52 feat: add FIND_IGNORE_NOSUCHFILE_ERR flag (#159) ymartin-ovh 2022-07-04 14:29:25 +02:00
ea8334d516 bump to 3.6-1 (#157) v3.6-1 Tarik Megzari 2022-06-27 12:13:01 +02:00
987bb9c975 Bump luizm/action-sh-checker from 0.3.0 to 0.4.0 (#154) dependabot[bot] 2022-06-26 16:58:46 +02:00
3031bb55d1 Bump actions-ecosystem/action-get-latest-tag from 1.5.0 to 1.6.0 (#153) dependabot[bot] 2022-06-24 17:55:26 +02:00
66ccc6316a feat: Filter the filesystem to check when the list is built. (#156) ymartin-ovh 2022-06-24 17:45:47 +02:00
7a3145d7f1 bump to 3.5-1 (#152) v3.5-1 Tarik Megzari 2022-03-23 18:40:25 +01:00
5c072668d5 fix: add 10s wait timeout on iptables command (#151) GoldenKiwi 2022-03-23 16:56:38 +01:00
d1bd1eb2e7 bump to 3.4-1 (#150) v3.4-1 GoldenKiwi 2022-03-18 16:49:25 +01:00
ad5c71c3ce fix: allow passwd-, group- and shadow- debian default permissions (#149) GoldenKiwi 2022-03-18 16:41:49 +01:00
33964c0a3d Bump EndBug/add-and-commit from 8.0.2 to 9 (#148) dependabot[bot] 2022-03-14 15:36:48 +01:00
8320d0eecc CI: Fix release action (#147) v3.3-1 Tarik Megzari 2022-03-03 12:02:12 +01:00
a0d33ab158 Update changelog for release 3.3-1 (#146) Tarik Megzari 2022-03-03 10:26:42 +01:00
a6a22084e1 missing shadowtools backup files is ok (#132) Jan Schmidle 2022-03-02 18:05:37 +01:00
b962155a3c fix: Avoid find failures on too many files (#144) Tarik Megzari 2022-03-02 17:49:28 +01:00
20bf51f65b Bump actions/checkout from 2 to 3 (#145) dependabot[bot] 2022-03-02 00:14:50 +01:00
adfe28470a Bump metcalfc/changelog-generator from 1.0.0 to 3.0.0 (#133) dependabot[bot] 2022-03-01 23:48:57 +01:00
c94ee10afe Bump EndBug/add-and-commit from 7 to 8.0.2 (#142) dependabot[bot] 2022-03-01 20:39:39 +01:00
453a72b8c8 Bump actions-ecosystem/action-get-latest-tag from 1.4.1 to 1.5.0 (#143) dependabot[bot] 2022-03-01 20:28:33 +01:00
bb03764918 fix: Catch unexpected failures (#140) Tarik Megzari 2022-01-31 15:38:38 +01:00
17d272420a feat: Dissociate iptables pkg name from command (#137) Tarik Megzari 2021-12-27 15:40:55 +01:00
f1c1517bd2 Update changelog for release 3.2-2 (#135) v3.2-2 Tarik Megzari 2021-12-13 16:06:57 +01:00
1341622335 Fix empty fstab test (#134) tdenof 2021-12-08 08:42:22 +01:00
c8fcfed248 Update changelog for release 3.2-1 v3.2-1 thibault.dewailly 2021-12-01 11:04:56 +00:00
97914976c8 Skip NTP and Chrony config check if they are not installed (#120) v3.2-0 Sebastien BLAISOT 2021-12-01 10:49:08 +01:00
66c8ccf495 Fix 3.4.2 audit rule (#123) Sebastien BLAISOT 2021-12-01 10:23:11 +01:00
b53bf1795c Fix grub detection (#119) Sebastien BLAISOT 2021-12-01 08:58:32 +01:00
1a874b2b35 Allow grub.cfg permission to be 600 (#121) Sebastien BLAISOT 2021-11-30 18:47:19 +01:00
7266ec7cb4 Honor --set-log-level parameter (#127) Sebastien BLAISOT 2021-11-30 18:42:33 +01:00
8f855ac159 fix: kernel module detection (#129) Jan Schmidle 2021-10-20 14:51:29 +02:00
ad192c9457 Add silent mode and json summary (#128) Sebastien BLAISOT 2021-10-20 13:22:59 +02:00
3d2d97a727 FIX(1.7.1.4): don't abort script in case of unconfined processes (#130) Sebastien BLAISOT 2021-10-20 13:14:36 +02:00
6e2fb1570c FIX(2.2.1.4): Validate debian default ntp config (#118) Sebastien BLAISOT 2021-10-15 16:19:51 +02:00
faf5b155e5 Bump metcalfc/changelog-generator from v0.4.4 to v1.0.0 (#81) dependabot[bot] 2021-08-10 13:57:13 +02:00
43887d4165 Bump luizm/action-sh-checker from 0.1.13 to 0.3.0 (#111) dependabot[bot] 2021-08-10 13:47:31 +02:00
499ebf2f9b Bump dev-drprasad/delete-tag-and-release from v0.1.3 to v0.2.0 (#72) dependabot[bot] 2021-08-10 10:39:53 +02:00
afed5a9dce 99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112) Thibault Ayanides 2021-08-10 10:30:35 +02:00
01c3d1b98c Bump luizm/action-sh-checker from v0.1.12 to v0.1.13 (#73) dependabot[bot] 2021-08-10 09:43:59 +02:00
25e899168f Bump actions-ecosystem/action-get-latest-tag from 1 to 1.4.1 (#101) dependabot[bot] 2021-08-10 09:36:28 +02:00
9a2e3a0e0d Fix 5.4.5 pattern search (#108) Thibault Ayanides 2021-08-09 10:49:56 +02:00
334d743125 fix EXCEPTIONS management (#104) v3.1-6 Thibault Ayanides 2021-06-02 13:47:19 +02:00
4ed8adf790 Update changelog (#103) v3.1-5 Thibault Ayanides 2021-05-28 15:06:48 +02:00
f4328deeb2 Fix unbound variable (#102) Thibault Ayanides 2021-05-28 15:00:58 +02:00
29505255ff Update changelog (#99) v3.1-4 Thibault Ayanides 2021-05-07 09:16:15 +02:00
9e6c9a0d8a Accept lower values (#95) Thibault Ayanides 2021-04-27 16:04:13 +02:00
1cade2e375 FIX(2.2.1.2): custom func not working for systemd (#90) Thibault Ayanides 2021-04-27 13:49:05 +02:00
fc8a2b2561 FIX: add commands to sudoers (#91) Thibault Ayanides 2021-04-27 13:31:59 +02:00
cadc25c28c Dir exceptions (#96) Thibault Ayanides 2021-04-26 17:05:22 +02:00
8c6c9a7571 IMP(tests): checks that stderr is empty Thibault Ayanides 2021-04-26 09:26:40 +02:00
dd41988933 Update changelog v3.1-3 Thibault Ayanides 2021-04-12 12:18:13 +02:00
f6c6e6a0a8 FIX(4.1.11): add SUDO to find suid files Thibault Ayanides 2021-04-12 11:58:24 +02:00
d26ad48416 Update changelog v3.1-2 Thibault Ayanides 2021-04-02 09:17:40 +02:00
d110a2aa19 Ignore case for sshd conf Thibault Ayanides 2021-04-02 08:56:37 +02:00
cbd81b8ab2 Update changelog (#82) v3.1-1 Thibault Ayanides 2021-03-26 12:16:50 +01:00
1c51e4cec4 Check that package are installed before launching check (#69) Thibault Ayanides 2021-03-25 14:01:57 +01:00
f8ac58700d FIX(4.1.1.4): bad pattern (#67) Thibault Ayanides 2021-03-25 13:50:08 +01:00
1c1393c7e3 Fix div function to manage 0 on numerator (#79) Thibault Ayanides 2021-03-23 08:36:36 +01:00
c50f200c5c FIX(5.4.5.2): explicit sha512 Thibault Ayanides 2021-03-15 10:05:49 +01:00
c0ecc9cd6f README: fix spelling and spacing in first line Simão Gomes Viana 2021-03-18 23:04:07 +01:00
fb5be208ef Update changelog v3.1-0 Thibault Ayanides 2021-02-08 14:50:20 +01:00
b44fb47c3a add log details to be more comprehensive (#49) jeremydenoun 2021-02-17 12:04:11 +01:00
84ac4db90f fix incorrect path from ls (#45) jeremydenoun 2021-02-17 12:00:13 +01:00
40fb536d4e Add missing HARDENING_LEVEL (#44) Thibault Ayanides 2021-02-17 11:51:51 +01:00
d1b371f410 Add is_ipv6_disabled (#57) Thibault Ayanides 2021-02-17 11:45:20 +01:00
6ab1cab3ce IMP(5.1.8): allow more restrictive permissions (#59) Thibault Ayanides 2021-02-17 11:40:31 +01:00
1a7dd5893a Use pam_faillock instead of pam_tally for bullseye (#56) Thibault Ayanides 2021-02-17 11:36:58 +01:00
fa111bc0d0 Update mac and kex to match debian10 CIS (#60) Thibault Ayanides 2021-02-17 11:31:22 +01:00
460843ffb3 Fix #51 (#58) Thibault Ayanides 2021-02-17 11:19:38 +01:00
896d277d95 fix #46 bug (#47) jeremydenoun 2021-02-11 14:00:18 +01:00
6ae05f3fa2 Add dealing with debian 11 Thibault Ayanides 2021-02-08 13:54:24 +01:00
449c695415 IMP: improve partition detection in container Thibault Ayanides 2021-01-25 14:44:31 +01:00
2d6550fb13 Bump dev-drprasad/delete-tag-and-release from v0.1.2 to v0.1.3 (#41) dependabot[bot] 2021-02-04 16:23:41 +01:00
0b6ea0d97e IMP: add multiple Improvements jeremydenoun 2021-02-04 16:21:49 +01:00
ec9e2addc2 Bump luizm/action-sh-checker from v0.1.10 to v0.1.12 dependabot[bot] 2021-01-29 07:06:03 +00:00
ed1baa724e IMP: mark some checks as useless Thibault Ayanides 2021-01-21 11:21:18 +01:00
bd4ddfc398 ADD(3.4.x): add checks and tests Thibault Ayanides 2021-01-21 11:09:25 +01:00
5a72d986ea IMP(3.1-3.x): add comprehensive tests Thibault Ayanides 2021-01-21 11:02:08 +01:00
c51513e083 IMP(1.8.1.4-6): add comprehensive tests Thibault Ayanides 2021-01-21 10:59:26 +01:00
6127f2fe67 IMP(4.2.2.x): improve dealing with default conf Thibault Ayanides 2021-01-20 09:21:08 +01:00
6efefa07ac Update shellcheck workflow Thibault Serti 2021-01-22 14:45:01 +01:00
dce926a536 Add default variable to avoid unbound variable jeremydenoun 2021-01-22 10:02:44 +01:00
0edb837f80 Remove bc dependency jeremydenoun 2021-01-22 09:31:53 +01:00
1c2e171655 Fix ovh/debian-cis:#25 (#28) jeremydenoun 2021-01-21 16:01:34 +01:00
4a652a94c6 Bump EndBug/add-and-commit from v6 to v7 dependabot[bot] 2021-01-18 14:48:30 +00:00
89780550e6 Fix badges on README v3.0-1 Thibault Ayanides 2021-01-18 14:26:34 +01:00
047421f2d8 Regenerate man pages (Github action) Thibault Ayanides 2021-01-18 13:13:04 +00:00
124aeea5cc Fix debian package build via github actions Thibault Ayanides 2021-01-18 14:03:24 +01:00
8de9817035 Update LICENSE Thibault Ayanides 2021-01-18 11:58:38 +01:00
3217429679 Regenerate man pages (Github action) Thibault Ayanides 2021-01-18 09:11:47 +00:00
af38e4f404 Update changelog Thibault Ayanides 2021-01-18 09:04:47 +01:00
efb14ea0a9 Add compile manual github action Thibault Ayanides 2021-01-15 16:31:16 +01:00
8029da6157 Add manual Thibault Ayanides 2021-01-15 15:53:06 +01:00
4281ed330a Update compat in debian package Thibault Ayanides 2021-01-15 15:02:36 +01:00
aa90093f24 Add dependabot action Thibault Ayanides 2021-01-15 14:28:08 +01:00
0ab210183b Beautify README.md Thibault Ayanides 2021-01-15 11:51:53 +01:00
8f5e3c2ef8 Bump shellcheck action version Thibault Ayanides 2021-01-15 15:56:35 +01:00
f454b18991 Change artefact name when releasing Thibault Ayanides 2021-01-15 09:13:12 +01:00
33b0dae4c3 Check if changelog was modfified before release Thibault Ayanides 2021-01-15 08:19:37 +01:00