Commit Graph

  • db4dc4d598 FIX(8.2.5): grep: x is a directory Charles Herlin 2019-02-28 16:41:41 +01:00
  • a9af957f7a Debian release 1.2-2 kevin.tanguy 2019-02-28 13:03:09 +01:00
  • 0a6f8bdba6 FEAT(2.6.x): retrieve actual partition in case if bind mount Charles Herlin 2019-02-28 10:14:00 +01:00
  • d05ffaf9d5 CHORE: replace == with = that is bash syntax Charles Herlin 2019-02-26 15:23:23 +01:00
  • 41ccd5655a CHORE(test 8.2.5): removed useless cleanup line Charles Herlin 2019-02-26 15:19:05 +01:00
  • e46a85dc6c FIX(9.3.2): dismiss test for initial after e7d9977 Charles Herlin 2019-02-26 15:16:06 +01:00
  • 1caf0f489a FIX(12.1x): fix tests exception for mail after da6acb0b Charles Herlin 2019-02-26 15:08:21 +01:00
  • de7dfe5956 CHORE(2.1x): use "readlink -e" instead of custom func Charles Herlin 2019-02-26 15:06:51 +01:00
  • 8031c388c6 IMP(9.3.2): Comply with Debian9 guide: verbose ssh loglevel Charles Herlin 2019-02-25 15:16:02 +01:00
  • 7b8e359590 IMP(13.13): improve exception detection Charles Herlin 2019-02-25 10:33:15 +01:00
  • f7f2f614aa IMP(9.3.2): Add custom configuration management Charles Herlin 2019-02-22 15:40:01 +01:00
  • 605a768fe1 IMP(13.13): Add exceptions for home directories not owned by owner Charles Herlin 2019-02-22 15:22:58 +01:00
  • 80a1146af7 IMP(8.2.5): find multiline pattern in files (syslog) Charles Herlin 2019-02-22 12:39:41 +01:00
  • 7408216957 IMP(2.1x): Retrieve actual partition when symlink Charles Herlin 2019-02-22 12:22:14 +01:00
  • 217895dfe6 FIX(tests): change sed to audit in test skeleton after 81f9348 Charles Herlin 2019-02-21 18:07:21 +01:00
  • bc5809f92e FIX CONFIG_AUDIT test kevin.tanguy 2019-02-21 11:15:48 +01:00
  • 22d223fece changelog: Update to 1.2-2 Charles Herlin 2019-02-19 15:40:27 +01:00
  • ac76942ca7 CHORE(tests): cleanup test files Charles Herlin 2019-02-18 18:08:19 +01:00
  • cf42666833 FIX(tests): change sed in conf file disabled->audit following d6172ad Charles Herlin 2019-02-15 17:42:17 +01:00
  • 6cbe8f572f CHORE(tests): Cleanup test files Charles Herlin 2019-02-18 18:10:22 +01:00
  • 982301d395 FIX(tests): improve test cases and cleanup Charles Herlin 2019-02-18 17:25:04 +01:00
  • d18f5edfba FIX(99.2): add missing $SUDO_CMD Charles Herlin 2019-02-15 16:56:54 +01:00
  • 6ede832685 FIX(sudoers): add missing test Charles Herlin 2019-02-15 16:45:03 +01:00
  • 0c17da012f FIX(test): catch return values when retval differs to avoid runtime error Charles Herlin 2019-02-15 16:27:54 +01:00
  • 6afed4eedb Add test stub for all audit checks, to tests root/sudo consistency Charles Herlin 2019-02-14 18:10:46 +01:00
  • bad32f8078 Rename dismiss_test to skip_tests since test won't even run in this case Charles Herlin 2019-02-14 17:52:45 +01:00
  • 47a818b832 dismiss_count will still report failed root/sudo consistency failure Charles Herlin 2019-02-14 17:44:13 +01:00
  • fc88194eca properly purge remaining config files on purge kevin.tanguy 2019-02-14 14:22:55 +01:00
  • 2b2a91a564 Change default status to audit for file with custom create_config Charles Herlin 2019-02-14 14:33:21 +01:00
  • 5c313c8f31 Change default status disabled -> audit when no conf file Charles Herlin 2019-02-06 15:26:41 +01:00
  • 11305a0980 FIX package name in example-cron.d-entry Charles Herlin 2019-02-14 12:21:17 +01:00
  • 1586dae0c5 Improve user management in test cases Charles Herlin 2019-02-14 11:15:51 +01:00
  • 1281860401 IMP: enhance scripts that check duplicate UID Charles Herlin 2019-02-13 16:07:06 +01:00
  • 09ae131de9 FIX: usage if no RUN_MODE, fix only that used to run too many checks Charles Herlin 2019-02-13 17:11:28 +01:00
  • 1dd630e65b changelog: Update to 1.2-1 (go cds go) kevin.tanguy 2019-02-12 11:41:05 +01:00
  • 810fee4c8f Migrate generic checks from secaudit to cis-hardening Charles Herlin 2017-12-20 15:14:30 +01:00
  • ba93159a00 Add crontab Charles Herlin 2019-02-08 10:35:35 +01:00
  • d014405e1f FIX: add becho to send batch output to syslog too Charles Herlin 2019-02-06 17:25:16 +01:00
  • 6cea326921 Update debian 7/8/9 in help files and remove in generic scripts Charles Herlin 2019-02-06 15:19:14 +01:00
  • 58cb064919 IMP: sort find result by name and version to ease reading Charles Herlin 2019-02-01 09:42:12 +01:00
  • 3ff3bb209f FIX: remove "exernal-sources" option when running shellcheck Charles Herlin 2019-01-30 16:00:45 +01:00
  • 507eadc3cb Add shellcheck recommendation Charles Herlin 2019-01-30 12:38:39 +01:00
  • aa3983c6d0 FIX: add way of completely skipping test that bugged with jessie Charles Herlin 2019-01-30 11:06:49 +01:00
  • 2dd753e5e7 Fix typo in test skeleton and add shellcheck comment Charles Herlin 2019-01-25 14:16:47 +01:00
  • bf3bfc2a91 FIX: bug crashing for undeclared variable when consitency checks failed Charles Herlin 2019-01-25 10:33:38 +01:00
  • a1a4295dcf IMP: tests readability and runtime error handling Charles Herlin 2019-01-24 15:53:09 +01:00
  • e8ae07c2e8 IMP: new tag in file to tell that the script should pass shellcheck Charles Herlin 2019-01-24 11:11:08 +01:00
  • 13c88c7da2 FIX: tests return value that was always 255 Charles Herlin 2019-01-23 12:54:33 +01:00
  • 9ba0361be0 FIX: quotes in find command, misinterpreted shellcheck advice Charles Herlin 2019-01-23 16:55:48 +01:00
  • 71b70a2b8c FEAT: Add sudo_wrapper to catch unauthorized sudo commands Charles Herlin 2018-03-16 12:06:56 +01:00
  • 176fb96fa4 FEAT: automate shellcheck test with docker Charles Herlin 2019-01-17 12:39:15 +01:00
  • c51a8ee9b8 FIX: sed that was too greedy Charles Herlin 2019-01-02 13:02:02 +01:00
  • e72c7aae15 Add missing /usr/bin/su Charles Herlin 2019-01-03 11:21:51 +01:00
  • 8e6618eedf FIX: add /usr/bin/* path for suid/guid allowed binaries Charles Herlin 2019-01-02 17:03:29 +01:00
  • 67df4da781 Adding batch mode to output just one line of text (no colors) in order to be parsed by computer tools Charles Herlin 2017-10-31 17:44:15 +01:00
  • 8a7f9ddad5 Change from CIS reco and only warn (no crit) if logfile does not exist Charles Herlin 2018-03-22 18:17:17 +01:00
  • 863adc9c84 IMP(test): Add feature to run functional tests in docker instance Charles Herlin 2018-12-24 14:12:59 +01:00
  • 4fc79c133f Improve --only option to perform only specified test and no other lookalike test number Charles Herlin 2018-03-15 12:03:10 +01:00
  • 7077554bca Redirect stderr to avoid printing "no such file" error Charles Herlin 2018-03-19 18:06:47 +01:00
  • 76abf8da36 resolve #SOC-30 Also check /etc/security/limits.d/ for core dump limit Charles Herlin 2018-02-12 15:37:12 +01:00
  • 51f589923d Fix SOC-28, add test if file exist, if not issue error Charles Herlin 2018-02-09 13:49:38 +01:00
  • b1f85d3f99 Add sudo management in main and utils Charles Herlin 2017-11-09 15:45:42 +01:00
  • a3937b3183 changelog: Update to 1.1-1 v1.1-1 Julien Delayen 2018-02-02 09:40:58 +01:00
  • 423e454b62 debian: Remove useless {shlibs:Depends} Julien Delayen 2017-12-14 14:24:21 +01:00
  • b5939dffbe debian: Fix lintian warning Julien Delayen 2017-12-14 14:17:27 +01:00
  • 1a9c92b345 debian: Remove auto-generated files from conffiles Julien Delayen 2017-12-14 14:10:45 +01:00
  • 6977eb5064 Merge pull request #31 in IAAS/cis-hardening from dev/cherlin/update-cis-scripts to master Thibault Dewailly 2017-12-05 11:38:15 +01:00
  • 12fe049eba Merge pull request #28 in IAAS/cis-hardening from dev/cherlin/cis-root-dir-in-env to master Thibault Dewailly 2017-12-05 11:32:45 +01:00
  • 02f0e30df1 Expand tabs to 4 spaces and trim trailing spaces Charles Herlin 2017-11-17 15:13:27 +01:00
  • ae6fbf2d86 Update ciphers list in 9.3.11 with latest chacha20 and gcm ciphers Charles Herlin 2017-11-10 14:48:51 +01:00
  • d2a8b2cb28 Remove unnecessary CIS_ROOT_DIR empty assignation Charles Herlin 2017-10-25 17:44:56 +02:00
  • 5b2404dab8 Applying batch edit to all hardening/*.sh scripts for new CIS_ROOT_DIR management Charles Herlin 2017-10-25 14:50:39 +02:00
  • 119d532a7f Changing CIS_ROOT_DIR management in env in bin/hardening.sh Charles Herlin 2017-10-25 14:48:54 +02:00
  • 161ffa56a7 Change src/skel to allow setting CIS_ROOT_DIR in env and not just sourcing /etc/default/cis-hardening. Making the whole lib more versatile. Charles Herlin 2017-10-23 14:50:11 +02:00
  • 3b7a2b8216 Merge pull request #12 from speed47/dev/enhancements Thibault Dewailly 2017-09-28 13:22:59 +02:00
  • 40e57a5cb2 Merge pull request #27 in IAAS/cis-hardening from dev/thibault.dewailly/fixwildcards to master Kevin Tanguy 2017-06-15 10:43:31 +02:00
  • 481485a0d7 No more wildcards in file list to be more resilient thibault.dewailly 2017-06-13 15:36:06 +02:00
  • fae0c5a64b Merge pull request #26 in IAAS/cis-hardening from dev/kevin.tanguy/packagebump to master Thibault Dewailly 2017-06-08 09:41:43 +02:00
  • 72999b8b5d Debian package revision bump 1.0-11 kevin.tanguy 2017-06-05 16:36:25 +02:00
  • 676b17c54f add hardening templating and several enhancements Stéphane Lesimple 2017-05-18 18:40:09 +02:00
  • 2ef500298b Merge pull request #11 from speed47/dev/fix_does_pattern_exist_in_file Thibault Dewailly 2017-05-19 18:30:21 +02:00
  • a1f970e737 Merge pull request #10 from speed47/dev/beautifyprint Thibault Dewailly 2017-05-19 17:20:47 +02:00
  • 3e0187094a handle ENOENT properly in does_pattern_exist_in_file\(\) Stéphane Lesimple 2017-05-18 18:31:24 +02:00
  • cca0310d64 set a fixed-size prefix for logger Stéphane Lesimple 2017-05-18 18:27:02 +02:00
  • 233d1245fc Merge pull request #9 from Joorem/10.1.3-fix-option-name Thibault Dewailly 2017-05-04 09:28:42 +02:00
  • 46dbe8a6bc [10.1.3] set the good value for $OPTIONS Jérôme Le Gal 2017-05-03 23:08:48 +02:00
  • a46490b2d8 Merge pull request #25 in IAAS/cis-hardening from dev/thibault.dewailly/fixShadowParsing to master Kevin Tanguy 2017-03-14 16:19:33 +01:00
  • 3e1df0cdf9 [Debian 8] Fixed comments for debian 8 compliance thibault.dewailly 2017-03-10 17:46:39 +01:00
  • 0c053eef56 [10.2] Fixed result parsing in case of spaces in passwd list thibault.dewailly 2017-03-10 17:26:55 +01:00
  • eb7bf7fece Merge branch 'master' of github.com:ovh/debian-cis thibault.dewailly 2016-07-04 11:45:41 +02:00
  • e93b9f89f4 Merge pull request #7 from MatthieuDestrez/fixPermitEmptyPassword Thibault Dewailly 2016-07-04 11:44:40 +02:00
  • f5cb5ddf97 fixed option name in 9.3.9_disable_sshd_permitemptypasswords.sh, was PermitRootLogin instead of PermitEmptyPassword Matthieu Destrez 2016-06-29 15:12:21 +02:00
  • 45f529a392 Merge pull request #24 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master Thibault Dewailly 2016-05-18 09:44:02 +02:00
  • 4705846c60 Debian package revision bump 1.0-10 Kevin Tanguy 2016-05-18 09:06:14 +02:00
  • 3209a4c302 Merge pull request #5 from jeremydenoun/fix-echo Thibault Dewailly 2016-05-17 13:28:37 +02:00
  • 53626bd926 Remove test on _logger() function jeremydenoun 2016-05-14 20:39:32 +02:00
  • 7578c2bbfb Merge pull request #23 in IAAS/cis-hardening from dev/kevin.tanguy/wheezy to master Thibault Dewailly 2016-05-03 13:24:15 +02:00
  • 74711a2d37 Debian package revision bump 1.0-9 Kevin Tanguy 2016-05-03 12:34:12 +02:00
  • 544c2a4aea Merge pull request #22 in IAAS/cis-hardening from dev/thibault.dewailly/fix to master Kevin Tanguy 2016-05-03 11:27:39 +02:00
  • e902c9b4c8 Fixed replace in file function with proper substitution thibault.dewailly 2016-05-03 11:25:37 +02:00