debian-cis

Sebastien BLAISOT 3d2d97a727 FIX(1.7.1.4): don't abort script in case of unconfined processes (#130 )	2021-10-20 13:14:36 +02:00
..
.gitignore	Initial Commit Basic folders	2016-04-01 07:50:08 +02:00
1.1.1.1_disable_freevxfs.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
1.1.1.2_disable_jffs2.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
1.1.1.3_disable_hfs.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
1.1.1.4_disable_hfsplus.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
1.1.1.5_disable_squashfs.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
1.1.1.6_disable_udf.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
1.1.1.7_restrict_fat.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
1.1.2_tmp_partition.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-04 15:04:22 +01:00
1.1.3_tmp_nodev.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
1.1.4_tmp_nosuid.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
1.1.5_tmp_noexec.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
1.1.6_var_partition.sh	Update documentation	2020-12-22 17:01:41 +01:00
1.1.7_var_tmp_partition.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-04 15:04:22 +01:00
1.1.8_var_tmp_nodev.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
1.1.9_var_tmp_nosuid.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
1.1.10_var_tmp_noexec.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
1.1.11_var_log_partition.sh	Update documentation	2020-12-22 17:01:41 +01:00
1.1.12_var_log_audit_partition.sh	Update documentation	2020-12-22 17:01:41 +01:00
1.1.13_home_partition.sh	Update documentation	2020-12-22 17:01:41 +01:00
1.1.14_home_nodev.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
1.1.15_run_shm_nodev.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.1.16_run_shm_nosuid.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.1.17_run_shm_noexec.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.1.18_removable_device_nodev.sh	Update documentation	2020-12-22 17:01:41 +01:00
1.1.19_removable_device_nosuid.sh	Update documentation	2020-12-22 17:01:41 +01:00
1.1.20_removable_device_noexec.sh	Update documentation	2020-12-22 17:01:41 +01:00
1.1.21_sticky_bit_world_writable_folder.sh	fix EXCEPTIONS management (#104 )	2021-06-02 13:47:19 +02:00
1.1.22_disable_automounting.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
1.1.23_disable_usb_storage.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
1.3.1_install_sudo.sh	ADD(1.3.x): add new scripts for debian10	2020-12-21 15:52:47 +01:00
1.3.2_pty_sudo.sh	ADD(1.3.x): add new scripts for debian10	2020-12-21 15:52:47 +01:00
1.3.3_logfile_sudo.sh	ADD(1.3.x): add new scripts for debian10	2020-12-21 15:52:47 +01:00
1.4.1_install_tripwire.sh	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
1.4.2_tripwire_cron.sh	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
1.5.1_bootloader_ownership.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.5.2_bootloader_password.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.5.3_root_password.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.6.1_enable_nx_support.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.6.2_enable_randomized_vm_placement.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.6.3_disable_prelink.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.6.4_restrict_core_dumps.sh	fix incorrect path from ls (#45 )	2021-02-17 12:00:13 +01:00
1.7.1.1_install_apparmor.sh	ADD(1.7.x): add apparmor checks	2020-12-23 10:46:51 +01:00
1.7.1.2_enable_apparmor.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.7.1.3_enforce_or_complain_apparmor.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
1.7.1.4_enforcing_apparmor.sh	FIX(1.7.1.4): don't abort script in case of unconfined processes (#130 )	2021-10-20 13:14:36 +02:00
1.8.1.1_remove_os_info_motd.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.8.1.2_remove_os_info_issue.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.8.1.3_remove_os_info_issue_net.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.8.1.4_motd_perms.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.8.1.5_etc_issue_perms.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.8.1.6_etc_issue_net_perms.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.8.2_graphical_warning_banners.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
1.9_install_updates.sh	Renum 1.x files to comply with debian10 CIS	2020-12-21 16:09:27 +01:00
2.1.1_disable_xinetd.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.1.2_disable_bsd_inetd.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.1.1_use_time_sync.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.1.2_configure_systemd-timesyncd.sh	FIX(2.2.1.2): custom func not working for systemd (#90 )	2021-04-27 13:49:05 +02:00
2.2.1.3_configure_chrony.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
2.2.1.4_configure_ntp.sh	FIX(2.2.1.4): Validate debian default ntp config (#118 )	2021-10-15 16:19:51 +02:00
2.2.2_disable_xwindow_system.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.3_disable_avahi_server.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.4_disable_print_server.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.5_disable_dhcp.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.6_disable_ldap.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.7_disable_nfs_rpc.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.8_disable_dns_server.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.9_disable_ftp.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.10_disable_http_server.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.11_disable_imap_pop.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.12_disable_samba.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
2.2.13_disable_http_proxy.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.14_disable_snmp_server.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.2.15_mta_localhost.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
2.2.16_disable_rsync.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
2.2.17_disable_nis.sh	IMP: mark some checks as useless	2021-01-25 13:02:52 +01:00
2.3.1_disable_nis.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.3.2_disable_rsh_client.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.3.3_disable_talk_client.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.3.4_disable_telnet_client.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
2.3.5_disable_ldap_client.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
3.1.1_disable_ipv6.sh	Add is_ipv6_disabled (#57 )	2021-02-17 11:45:20 +01:00
3.1.2_disable_wireless.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.2.1_disable_send_packet_redirects.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.2.2_disable_ip_forwarding.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.3.1_disable_source_routed_packets.sh	Add is_ipv6_disabled (#57 )	2021-02-17 11:45:20 +01:00
3.3.2_disable_icmp_redirect.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.3.3_disable_secure_icmp_redirect.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.3.4_log_martian_packets.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.3.5_ignore_broadcast_requests.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.3.6_enable_bad_error_message_protection.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.3.7_enable_source_route_validation.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.3.8_enable_tcp_syn_cookies.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
3.3.9_disable_ipv6_router_advertisement.sh	Add is_ipv6_disabled (#57 )	2021-02-17 11:45:20 +01:00
3.4.1_disable_dccp.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
3.4.2_disable_sctp.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
3.4.3_disable_rds.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
3.4.4_disable_tipc.sh	IMP: add multiple Improvements	2021-02-04 16:21:49 +01:00
3.5.1.1_enable_firewall.sh	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
3.5.4.1.1_net_fw_default_policy_drop.sh	Renum 2.x and 3.x files to comply with debian10 CIS	2020-12-22 08:52:43 +01:00
4.1.1.1_install_auditd.sh	ADD(4.1.1.1): add auditd install	2020-12-24 16:20:02 +01:00
4.1.1.2_enable_auditd.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.1.3_audit_bootloader.sh	FIX(4.1.1.4): bad pattern (#67 )	2021-03-25 13:50:08 +01:00
4.1.1.4_audit_backlog_limit.sh	FIX(4.1.1.4): bad pattern (#67 )	2021-03-25 13:50:08 +01:00
4.1.2.1_audit_log_storage.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.2.2_halt_when_audit_log_full.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.2.3_keep_all_audit_logs.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.3_record_date_time_edit.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.4_record_user_group_edit.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.5_record_network_edit.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.6_record_mac_edit.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.7_record_login_logout.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.8_record_session_init.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.9_record_dac_edit.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.10_record_failed_access_file.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.11_record_privileged_commands.sh	FIX(4.1.11): add SUDO to find suid files	2021-04-13 11:00:29 +02:00
4.1.12_record_successful_mount.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.13_record_file_deletions.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.14_record_sudoers_edit.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.15_record_sudo_usage.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.16_record_kernel_modules.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.1.17_freeze_auditd_conf.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.2.1.1_install_syslog-ng.sh	Update documentation	2020-12-22 17:01:41 +01:00
4.2.1.2_enable_syslog-ng.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
4.2.1.3_configure_syslog-ng.sh	Update documentation	2020-12-22 17:01:41 +01:00
4.2.1.4_syslog_ng_logfiles_perm.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
4.2.1.5_syslog-ng_remote_host.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
4.2.1.6_remote_syslog-ng_acl.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
4.2.2.1_journald_logs.sh	IMP(4.2.2.x): improve dealing with default conf	2021-01-25 13:02:52 +01:00
4.2.2.2_journald_compress.sh	IMP(4.2.2.x): improve dealing with default conf	2021-01-25 13:02:52 +01:00
4.2.2.3_journald_write_persistent.sh	IMP(4.2.2.x): improve dealing with default conf	2021-01-25 13:02:52 +01:00
4.2.3_logs_permissions.sh	Renum 4.x files to comply with debian10 CIS	2020-12-22 10:51:39 +01:00
4.3_configure_logrotate.sh	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
4.4_logrotate_permissions.sh	ADD(4.4): add logrotate permissions checking	2020-12-24 10:31:47 +01:00
5.1.1_enable_cron.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
5.1.2_crontab_perm_ownership.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
5.1.3_cron_hourly_perm_ownership.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
5.1.4_cron_daily_perm_ownership.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
5.1.5_cron_weekly_perm_ownership.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
5.1.6_cron_monthly_perm_ownership.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
5.1.7_cron_d_perm_ownership.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
5.1.8_cron_users.sh	add log details to be more comprehensive (#49 )	2021-02-17 12:04:11 +01:00
5.2.1_sshd_conf_perm_ownership.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
5.2.2_ssh_host_private_keys_perm_ownership.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
5.2.3_ssh_host_public_keys_perm_ownership.sh	IMP: add utils to check perm in authorized perm	2020-12-21 10:39:44 +01:00
5.2.4_sshd_protocol.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.5_sshd_loglevel.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.6_disable_x11_forwarding.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.7_sshd_maxauthtries.sh	Accept lower values (#95 )	2021-04-27 16:04:13 +02:00
5.2.8_enable_sshd_ignorerhosts.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.9_disable_sshd_hostbasedauthentication.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.10_disable_root_login.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.11_disable_sshd_permitemptypasswords.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.12_disable_sshd_setenv.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.13_sshd_ciphers.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.14_ssh_cry_mac.sh	Update mac and kex to match debian10 CIS (#60 )	2021-02-17 11:31:22 +01:00
5.2.15_ssh_cry_kex.sh	Update mac and kex to match debian10 CIS (#60 )	2021-02-17 11:31:22 +01:00
5.2.16_sshd_idle_timeout.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.17_sshd_login_grace_time.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.18_sshd_limit_access.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.19_ssh_banner.sh	Fix ovh/debian-cis:#25 (#28 )	2021-01-21 16:01:34 +01:00
5.2.20_enable_ssh_pam.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.21_disable_ssh_allow_tcp_forwarding.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.22_configure_ssh_max_startups.sh	Ignore case for sshd conf	2021-04-02 09:25:41 +02:00
5.2.23_limit_ssh_max_sessions.sh	Accept lower values (#95 )	2021-04-27 16:04:13 +02:00
5.3.1_enable_pwquality.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
5.3.2_enable_lockout_failed_password.sh	Use pam_faillock instead of pam_tally for bullseye (#56 )	2021-02-17 11:36:58 +01:00
5.3.3_limit_password_reuse.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
5.3.4_acc_pam_sha512.sh	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
5.4.1.1_set_password_exp_days.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-07 17:11:32 +01:00
5.4.1.2_set_password_min_days_change.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
5.4.1.3_set_password_exp_warning_days.sh	IMP(shellcheck): quote variables	2020-12-10 09:50:33 +01:00
5.4.1.4_lock_inactive_user_account.sh	Update documentation	2020-12-22 17:01:41 +01:00
5.4.1.5_last_password_change_past.sh	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
5.4.2_disable_system_accounts.sh	IMP(shellcheck): replace ls parsing by stat	2020-12-14 16:14:37 +01:00
5.4.3_default_root_group.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-07 17:11:32 +01:00
5.4.4_default_umask.sh	IMP(shellcheck): replace ls parsing by stat	2020-12-14 16:14:37 +01:00
5.4.5_default_timeout.sh	Fix 5.4.5 pattern search (#108 )	2021-08-09 10:49:56 +02:00
5.5_secure_tty.sh	IMP(shfmt): add shell formatter	2020-12-04 14:08:01 +01:00
5.6_restrict_su.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-07 17:11:32 +01:00
6.1.2_etc_passwd_permissions.sh	ADD(6.1.3, 6.1.6-9): add new checks	2020-12-21 10:02:52 +01:00
6.1.3_etc_gshadow-_permissions.sh	ADD(6.1.3, 6.1.6-9): add new checks	2020-12-21 10:02:52 +01:00
6.1.4_etc_shadow_permissions.sh	ADD(6.1.3, 6.1.6-9): add new checks	2020-12-21 10:02:52 +01:00
6.1.5_etc_group_permissions.sh	ADD(6.1.3, 6.1.6-9): add new checks	2020-12-21 10:02:52 +01:00
6.1.6_etc_passwd-_permissions.sh	ADD(6.1.3, 6.1.6-9): add new checks	2020-12-21 10:02:52 +01:00
6.1.7_etc_shadow-_permissions.sh	ADD(6.1.3, 6.1.6-9): add new checks	2020-12-21 10:02:52 +01:00
6.1.8_etc_group-_permissions.sh	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
6.1.9_etc_gshadow_permissions.sh	Add commentaries, renum scripts	2020-12-22 15:58:10 +01:00
6.1.10_find_world_writable_file.sh	fix EXCEPTIONS management (#104 )	2021-06-02 13:47:19 +02:00
6.1.11_find_unowned_files.sh	fix EXCEPTIONS management (#104 )	2021-06-02 13:47:19 +02:00
6.1.12_find_ungrouped_files.sh	fix EXCEPTIONS management (#104 )	2021-06-02 13:47:19 +02:00
6.1.13_find_suid_files.sh	fix EXCEPTIONS management (#104 )	2021-06-02 13:47:19 +02:00
6.1.14_find_sgid_files.sh	fix EXCEPTIONS management (#104 )	2021-06-02 13:47:19 +02:00
6.2.1_remove_empty_password_field.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-07 17:11:32 +01:00
6.2.2_remove_legacy_passwd_entries.sh	Update documentation	2020-12-22 17:01:41 +01:00
6.2.3_users_valid_homedir.sh	Renum 6.x files to comply with debian10 CIS	2020-12-22 11:43:53 +01:00
6.2.4_remove_legacy_shadow_entries.sh	Update documentation	2020-12-22 17:01:41 +01:00
6.2.5_remove_legacy_group_entries.sh	Update documentation	2020-12-22 17:01:41 +01:00
6.2.6_find_0_uid_non_root_account.sh	Renum 6.x files to comply with debian10 CIS	2020-12-22 11:43:53 +01:00
6.2.7_sanitize_root_path.sh	Renum 6.x files to comply with debian10 CIS	2020-12-22 11:43:53 +01:00
6.2.8_check_user_dir_perm.sh	Update documentation	2020-12-22 17:01:41 +01:00
6.2.9_users_valid_homedir.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-07 17:11:32 +01:00
6.2.10_check_user_dot_file_perm.sh	IMP(shellcheck): replace ls parsing by stat	2020-12-14 16:14:37 +01:00
6.2.11_find_user_forward_files.sh	IMP(shellcheck): replace deprecated egrep (SC2196)	2020-12-10 08:20:26 +01:00
6.2.12_find_user_netrc_files.sh	IMP(shellcheck): replace deprecated egrep (SC2196)	2020-12-10 08:20:26 +01:00
6.2.13_set_perm_on_user_netrc.sh	IMP(6.2.13): fix race condition	2020-12-14 15:11:33 +01:00
6.2.14_find_user_rhosts_files.sh	IMP(shellcheck): replace deprecated egrep (SC2196)	2020-12-10 08:20:26 +01:00
6.2.15_find_passwd_group_inconsistencies.sh	Update changelog	2020-12-14 16:56:09 +01:00
6.2.16_check_duplicate_uid.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-04 15:04:22 +01:00
6.2.17_check_duplicate_gid.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-04 15:04:22 +01:00
6.2.18_check_duplicate_username.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-07 17:11:32 +01:00
6.2.19_check_duplicate_groupname.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-07 17:11:32 +01:00
6.2.20_shadow_group_empty.sh	IMP(shellcheck): quote variables (SC2086)	2020-12-07 17:11:32 +01:00
99.1.1.1_disable_cramfs.sh	Update documentation	2020-12-22 17:01:41 +01:00
99.1.1.23_disable_usb_devices.sh	Add missing HARDENING_LEVEL (#44 )	2021-02-17 11:51:51 +01:00
99.1.3_acc_sudoers_no_all.sh	Add missing HARDENING_LEVEL (#44 )	2021-02-17 11:51:51 +01:00
99.2.2_disable_telnet_server.sh	Renum 99.x files to comply with debian10 CIS	2020-12-22 16:36:35 +01:00
99.3.3.1_install_tcp_wrapper.sh	Renum 99.x files to comply with debian10 CIS	2020-12-22 16:36:35 +01:00
99.3.3.2_hosts_allow.sh	Renum 99.x files to comply with debian10 CIS	2020-12-22 16:36:35 +01:00
99.3.3.3_hosts_deny.sh	Renum 99.x files to comply with debian10 CIS	2020-12-22 16:36:35 +01:00
99.3.3.4_hosts_allow_permissions.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
99.3.3.5_hosts_deny_permissions.sh	Check that package are installed before launching check (#69 )	2021-03-25 14:01:57 +01:00
99.4.0_enable_auditd_kernel.sh	Renum 99.x files to comply with debian10 CIS	2020-12-22 16:36:35 +01:00
99.5.2.1_ssh_auth_pubk_only.sh	Fix ovh/debian-cis:#25 (#28 )	2021-01-21 16:01:34 +01:00
99.5.2.2_ssh_cry_rekey.sh	Add dealing with debian 11	2021-02-08 13:54:24 +01:00
99.5.2.3_ssh_disable_features.sh	Add missing HARDENING_LEVEL (#44 )	2021-02-17 11:51:51 +01:00
99.5.2.4_ssh_keys_from.sh	Add missing HARDENING_LEVEL (#44 )	2021-02-17 11:51:51 +01:00
99.5.2.5_ssh_strict_modes.sh	Add missing HARDENING_LEVEL (#44 )	2021-02-17 11:51:51 +01:00
99.5.2.6_ssh_sys_accept_env.sh	Fix ovh/debian-cis:#25 (#28 )	2021-01-21 16:01:34 +01:00
99.5.2.7_ssh_sys_no_legacy.sh	Add missing HARDENING_LEVEL (#44 )	2021-02-17 11:51:51 +01:00
99.5.2.8_ssh_sys_sandbox.sh	Fix ovh/debian-cis:#25 (#28 )	2021-01-21 16:01:34 +01:00
99.5.4.5.1_acc_logindefs_sha512.sh	99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112 )	2021-08-10 10:30:35 +02:00
99.5.4.5.2_acc_shadow_sha512.sh	99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112 )	2021-08-10 10:30:35 +02:00
99.99_check_distribution.sh	Add dealing with debian 11	2021-02-08 13:54:24 +01:00

.gitignore

Initial Commit Basic folders

2016-04-01 07:50:08 +02:00

1.1.1.1_disable_freevxfs.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

1.1.1.2_disable_jffs2.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

1.1.1.3_disable_hfs.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

1.1.1.4_disable_hfsplus.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

1.1.1.5_disable_squashfs.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

1.1.1.6_disable_udf.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

1.1.1.7_restrict_fat.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

1.1.2_tmp_partition.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-04 15:04:22 +01:00

1.1.3_tmp_nodev.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

1.1.4_tmp_nosuid.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

1.1.5_tmp_noexec.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

1.1.6_var_partition.sh

Update documentation

2020-12-22 17:01:41 +01:00

1.1.7_var_tmp_partition.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-04 15:04:22 +01:00

1.1.8_var_tmp_nodev.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

1.1.9_var_tmp_nosuid.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

1.1.10_var_tmp_noexec.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

1.1.11_var_log_partition.sh

Update documentation

2020-12-22 17:01:41 +01:00

1.1.12_var_log_audit_partition.sh

Update documentation

2020-12-22 17:01:41 +01:00

1.1.13_home_partition.sh

Update documentation

2020-12-22 17:01:41 +01:00

1.1.14_home_nodev.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

1.1.15_run_shm_nodev.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.1.16_run_shm_nosuid.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.1.17_run_shm_noexec.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.1.18_removable_device_nodev.sh

Update documentation

2020-12-22 17:01:41 +01:00

1.1.19_removable_device_nosuid.sh

Update documentation

2020-12-22 17:01:41 +01:00

1.1.20_removable_device_noexec.sh

Update documentation

2020-12-22 17:01:41 +01:00

1.1.21_sticky_bit_world_writable_folder.sh

fix EXCEPTIONS management (#104 )

2021-06-02 13:47:19 +02:00

1.1.22_disable_automounting.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

1.1.23_disable_usb_storage.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

1.3.1_install_sudo.sh

ADD(1.3.x): add new scripts for debian10

2020-12-21 15:52:47 +01:00

1.3.2_pty_sudo.sh

ADD(1.3.x): add new scripts for debian10

2020-12-21 15:52:47 +01:00

1.3.3_logfile_sudo.sh

ADD(1.3.x): add new scripts for debian10

2020-12-21 15:52:47 +01:00

1.4.1_install_tripwire.sh

Add commentaries, renum scripts

2020-12-22 15:58:10 +01:00

1.4.2_tripwire_cron.sh

Add commentaries, renum scripts

2020-12-22 15:58:10 +01:00

1.5.1_bootloader_ownership.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.5.2_bootloader_password.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.5.3_root_password.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.6.1_enable_nx_support.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.6.2_enable_randomized_vm_placement.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.6.3_disable_prelink.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.6.4_restrict_core_dumps.sh

fix incorrect path from ls (#45 )

2021-02-17 12:00:13 +01:00

1.7.1.1_install_apparmor.sh

ADD(1.7.x): add apparmor checks

2020-12-23 10:46:51 +01:00

1.7.1.2_enable_apparmor.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.7.1.3_enforce_or_complain_apparmor.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

1.7.1.4_enforcing_apparmor.sh

FIX(1.7.1.4): don't abort script in case of unconfined processes (#130 )

2021-10-20 13:14:36 +02:00

1.8.1.1_remove_os_info_motd.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.8.1.2_remove_os_info_issue.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.8.1.3_remove_os_info_issue_net.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.8.1.4_motd_perms.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.8.1.5_etc_issue_perms.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.8.1.6_etc_issue_net_perms.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.8.2_graphical_warning_banners.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

1.9_install_updates.sh

Renum 1.x files to comply with debian10 CIS

2020-12-21 16:09:27 +01:00

2.1.1_disable_xinetd.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.1.2_disable_bsd_inetd.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.1.1_use_time_sync.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.1.2_configure_systemd-timesyncd.sh

FIX(2.2.1.2): custom func not working for systemd (#90 )

2021-04-27 13:49:05 +02:00

2.2.1.3_configure_chrony.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

2.2.1.4_configure_ntp.sh

FIX(2.2.1.4): Validate debian default ntp config (#118 )

2021-10-15 16:19:51 +02:00

2.2.2_disable_xwindow_system.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.3_disable_avahi_server.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.4_disable_print_server.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.5_disable_dhcp.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.6_disable_ldap.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.7_disable_nfs_rpc.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.8_disable_dns_server.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.9_disable_ftp.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.10_disable_http_server.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.11_disable_imap_pop.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.12_disable_samba.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

2.2.13_disable_http_proxy.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.14_disable_snmp_server.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.2.15_mta_localhost.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

2.2.16_disable_rsync.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

2.2.17_disable_nis.sh

IMP: mark some checks as useless

2021-01-25 13:02:52 +01:00

2.3.1_disable_nis.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.3.2_disable_rsh_client.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.3.3_disable_talk_client.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.3.4_disable_telnet_client.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

2.3.5_disable_ldap_client.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

3.1.1_disable_ipv6.sh

Add is_ipv6_disabled (#57 )

2021-02-17 11:45:20 +01:00

3.1.2_disable_wireless.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.2.1_disable_send_packet_redirects.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.2.2_disable_ip_forwarding.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.3.1_disable_source_routed_packets.sh

Add is_ipv6_disabled (#57 )

2021-02-17 11:45:20 +01:00

3.3.2_disable_icmp_redirect.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.3.3_disable_secure_icmp_redirect.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.3.4_log_martian_packets.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.3.5_ignore_broadcast_requests.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.3.6_enable_bad_error_message_protection.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.3.7_enable_source_route_validation.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.3.8_enable_tcp_syn_cookies.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

3.3.9_disable_ipv6_router_advertisement.sh

Add is_ipv6_disabled (#57 )

2021-02-17 11:45:20 +01:00

3.4.1_disable_dccp.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

3.4.2_disable_sctp.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

3.4.3_disable_rds.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

3.4.4_disable_tipc.sh

IMP: add multiple Improvements

2021-02-04 16:21:49 +01:00

3.5.1.1_enable_firewall.sh

Add commentaries, renum scripts

2020-12-22 15:58:10 +01:00

3.5.4.1.1_net_fw_default_policy_drop.sh

Renum 2.x and 3.x files to comply with debian10 CIS

2020-12-22 08:52:43 +01:00

4.1.1.1_install_auditd.sh

ADD(4.1.1.1): add auditd install

2020-12-24 16:20:02 +01:00

4.1.1.2_enable_auditd.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.1.3_audit_bootloader.sh

FIX(4.1.1.4): bad pattern (#67 )

2021-03-25 13:50:08 +01:00

4.1.1.4_audit_backlog_limit.sh

FIX(4.1.1.4): bad pattern (#67 )

2021-03-25 13:50:08 +01:00

4.1.2.1_audit_log_storage.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.2.2_halt_when_audit_log_full.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.2.3_keep_all_audit_logs.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.3_record_date_time_edit.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.4_record_user_group_edit.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.5_record_network_edit.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.6_record_mac_edit.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.7_record_login_logout.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.8_record_session_init.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.9_record_dac_edit.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.10_record_failed_access_file.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.11_record_privileged_commands.sh

FIX(4.1.11): add SUDO to find suid files

2021-04-13 11:00:29 +02:00

4.1.12_record_successful_mount.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.13_record_file_deletions.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.14_record_sudoers_edit.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.15_record_sudo_usage.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.16_record_kernel_modules.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.1.17_freeze_auditd_conf.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.2.1.1_install_syslog-ng.sh

Update documentation

2020-12-22 17:01:41 +01:00

4.2.1.2_enable_syslog-ng.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

4.2.1.3_configure_syslog-ng.sh

Update documentation

2020-12-22 17:01:41 +01:00

4.2.1.4_syslog_ng_logfiles_perm.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

4.2.1.5_syslog-ng_remote_host.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

4.2.1.6_remote_syslog-ng_acl.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

4.2.2.1_journald_logs.sh

IMP(4.2.2.x): improve dealing with default conf

2021-01-25 13:02:52 +01:00

4.2.2.2_journald_compress.sh

IMP(4.2.2.x): improve dealing with default conf

2021-01-25 13:02:52 +01:00

4.2.2.3_journald_write_persistent.sh

IMP(4.2.2.x): improve dealing with default conf

2021-01-25 13:02:52 +01:00

4.2.3_logs_permissions.sh

Renum 4.x files to comply with debian10 CIS

2020-12-22 10:51:39 +01:00

4.3_configure_logrotate.sh

Add commentaries, renum scripts

2020-12-22 15:58:10 +01:00

4.4_logrotate_permissions.sh

ADD(4.4): add logrotate permissions checking

2020-12-24 10:31:47 +01:00

5.1.1_enable_cron.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

5.1.2_crontab_perm_ownership.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

5.1.3_cron_hourly_perm_ownership.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

5.1.4_cron_daily_perm_ownership.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

5.1.5_cron_weekly_perm_ownership.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

5.1.6_cron_monthly_perm_ownership.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

5.1.7_cron_d_perm_ownership.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

5.1.8_cron_users.sh

add log details to be more comprehensive (#49 )

2021-02-17 12:04:11 +01:00

5.2.1_sshd_conf_perm_ownership.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

5.2.2_ssh_host_private_keys_perm_ownership.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

5.2.3_ssh_host_public_keys_perm_ownership.sh

IMP: add utils to check perm in authorized perm

2020-12-21 10:39:44 +01:00

5.2.4_sshd_protocol.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.5_sshd_loglevel.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.6_disable_x11_forwarding.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.7_sshd_maxauthtries.sh

Accept lower values (#95 )

2021-04-27 16:04:13 +02:00

5.2.8_enable_sshd_ignorerhosts.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.9_disable_sshd_hostbasedauthentication.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.10_disable_root_login.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.11_disable_sshd_permitemptypasswords.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.12_disable_sshd_setenv.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.13_sshd_ciphers.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.14_ssh_cry_mac.sh

Update mac and kex to match debian10 CIS (#60 )

2021-02-17 11:31:22 +01:00

5.2.15_ssh_cry_kex.sh

Update mac and kex to match debian10 CIS (#60 )

2021-02-17 11:31:22 +01:00

5.2.16_sshd_idle_timeout.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.17_sshd_login_grace_time.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.18_sshd_limit_access.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.19_ssh_banner.sh

Fix ovh/debian-cis:#25 (#28 )

2021-01-21 16:01:34 +01:00

5.2.20_enable_ssh_pam.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.21_disable_ssh_allow_tcp_forwarding.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.22_configure_ssh_max_startups.sh

Ignore case for sshd conf

2021-04-02 09:25:41 +02:00

5.2.23_limit_ssh_max_sessions.sh

Accept lower values (#95 )

2021-04-27 16:04:13 +02:00

5.3.1_enable_pwquality.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

5.3.2_enable_lockout_failed_password.sh

Use pam_faillock instead of pam_tally for bullseye (#56 )

2021-02-17 11:36:58 +01:00

5.3.3_limit_password_reuse.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

5.3.4_acc_pam_sha512.sh

Add commentaries, renum scripts

2020-12-22 15:58:10 +01:00

5.4.1.1_set_password_exp_days.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-07 17:11:32 +01:00

5.4.1.2_set_password_min_days_change.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

5.4.1.3_set_password_exp_warning_days.sh

IMP(shellcheck): quote variables

2020-12-10 09:50:33 +01:00

5.4.1.4_lock_inactive_user_account.sh

Update documentation

2020-12-22 17:01:41 +01:00

5.4.1.5_last_password_change_past.sh

Add commentaries, renum scripts

2020-12-22 15:58:10 +01:00

5.4.2_disable_system_accounts.sh

IMP(shellcheck): replace ls parsing by stat

2020-12-14 16:14:37 +01:00

5.4.3_default_root_group.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-07 17:11:32 +01:00

5.4.4_default_umask.sh

IMP(shellcheck): replace ls parsing by stat

2020-12-14 16:14:37 +01:00

5.4.5_default_timeout.sh

Fix 5.4.5 pattern search (#108 )

2021-08-09 10:49:56 +02:00

5.5_secure_tty.sh

IMP(shfmt): add shell formatter

2020-12-04 14:08:01 +01:00

5.6_restrict_su.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-07 17:11:32 +01:00

6.1.2_etc_passwd_permissions.sh

ADD(6.1.3, 6.1.6-9): add new checks

2020-12-21 10:02:52 +01:00

6.1.3_etc_gshadow-_permissions.sh

ADD(6.1.3, 6.1.6-9): add new checks

2020-12-21 10:02:52 +01:00

6.1.4_etc_shadow_permissions.sh

ADD(6.1.3, 6.1.6-9): add new checks

2020-12-21 10:02:52 +01:00

6.1.5_etc_group_permissions.sh

ADD(6.1.3, 6.1.6-9): add new checks

2020-12-21 10:02:52 +01:00

6.1.6_etc_passwd-_permissions.sh

ADD(6.1.3, 6.1.6-9): add new checks

2020-12-21 10:02:52 +01:00

6.1.7_etc_shadow-_permissions.sh

ADD(6.1.3, 6.1.6-9): add new checks

2020-12-21 10:02:52 +01:00

6.1.8_etc_group-_permissions.sh

Add commentaries, renum scripts

2020-12-22 15:58:10 +01:00

6.1.9_etc_gshadow_permissions.sh

Add commentaries, renum scripts

2020-12-22 15:58:10 +01:00

6.1.10_find_world_writable_file.sh

fix EXCEPTIONS management (#104 )

2021-06-02 13:47:19 +02:00

6.1.11_find_unowned_files.sh

fix EXCEPTIONS management (#104 )

2021-06-02 13:47:19 +02:00

6.1.12_find_ungrouped_files.sh

fix EXCEPTIONS management (#104 )

2021-06-02 13:47:19 +02:00

6.1.13_find_suid_files.sh

fix EXCEPTIONS management (#104 )

2021-06-02 13:47:19 +02:00

6.1.14_find_sgid_files.sh

fix EXCEPTIONS management (#104 )

2021-06-02 13:47:19 +02:00

6.2.1_remove_empty_password_field.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-07 17:11:32 +01:00

6.2.2_remove_legacy_passwd_entries.sh

Update documentation

2020-12-22 17:01:41 +01:00

6.2.3_users_valid_homedir.sh

Renum 6.x files to comply with debian10 CIS

2020-12-22 11:43:53 +01:00

6.2.4_remove_legacy_shadow_entries.sh

Update documentation

2020-12-22 17:01:41 +01:00

6.2.5_remove_legacy_group_entries.sh

Update documentation

2020-12-22 17:01:41 +01:00

6.2.6_find_0_uid_non_root_account.sh

Renum 6.x files to comply with debian10 CIS

2020-12-22 11:43:53 +01:00

6.2.7_sanitize_root_path.sh

Renum 6.x files to comply with debian10 CIS

2020-12-22 11:43:53 +01:00

6.2.8_check_user_dir_perm.sh

Update documentation

2020-12-22 17:01:41 +01:00

6.2.9_users_valid_homedir.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-07 17:11:32 +01:00

6.2.10_check_user_dot_file_perm.sh

IMP(shellcheck): replace ls parsing by stat

2020-12-14 16:14:37 +01:00

6.2.11_find_user_forward_files.sh

IMP(shellcheck): replace deprecated egrep (SC2196)

2020-12-10 08:20:26 +01:00

6.2.12_find_user_netrc_files.sh

IMP(shellcheck): replace deprecated egrep (SC2196)

2020-12-10 08:20:26 +01:00

6.2.13_set_perm_on_user_netrc.sh

IMP(6.2.13): fix race condition

2020-12-14 15:11:33 +01:00

6.2.14_find_user_rhosts_files.sh

IMP(shellcheck): replace deprecated egrep (SC2196)

2020-12-10 08:20:26 +01:00

6.2.15_find_passwd_group_inconsistencies.sh

Update changelog

2020-12-14 16:56:09 +01:00

6.2.16_check_duplicate_uid.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-04 15:04:22 +01:00

6.2.17_check_duplicate_gid.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-04 15:04:22 +01:00

6.2.18_check_duplicate_username.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-07 17:11:32 +01:00

6.2.19_check_duplicate_groupname.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-07 17:11:32 +01:00

6.2.20_shadow_group_empty.sh

IMP(shellcheck): quote variables (SC2086)

2020-12-07 17:11:32 +01:00

99.1.1.1_disable_cramfs.sh

Update documentation

2020-12-22 17:01:41 +01:00

99.1.1.23_disable_usb_devices.sh

Add missing HARDENING_LEVEL (#44 )

2021-02-17 11:51:51 +01:00

99.1.3_acc_sudoers_no_all.sh

Add missing HARDENING_LEVEL (#44 )

2021-02-17 11:51:51 +01:00

99.2.2_disable_telnet_server.sh

Renum 99.x files to comply with debian10 CIS

2020-12-22 16:36:35 +01:00

99.3.3.1_install_tcp_wrapper.sh

Renum 99.x files to comply with debian10 CIS

2020-12-22 16:36:35 +01:00

99.3.3.2_hosts_allow.sh

Renum 99.x files to comply with debian10 CIS

2020-12-22 16:36:35 +01:00

99.3.3.3_hosts_deny.sh

Renum 99.x files to comply with debian10 CIS

2020-12-22 16:36:35 +01:00

99.3.3.4_hosts_allow_permissions.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

99.3.3.5_hosts_deny_permissions.sh

Check that package are installed before launching check (#69 )

2021-03-25 14:01:57 +01:00

99.4.0_enable_auditd_kernel.sh

Renum 99.x files to comply with debian10 CIS

2020-12-22 16:36:35 +01:00

99.5.2.1_ssh_auth_pubk_only.sh

Fix ovh/debian-cis:#25 (#28 )

2021-01-21 16:01:34 +01:00

99.5.2.2_ssh_cry_rekey.sh

Add dealing with debian 11

2021-02-08 13:54:24 +01:00

99.5.2.3_ssh_disable_features.sh

Add missing HARDENING_LEVEL (#44 )

2021-02-17 11:51:51 +01:00

99.5.2.4_ssh_keys_from.sh

Add missing HARDENING_LEVEL (#44 )

2021-02-17 11:51:51 +01:00

99.5.2.5_ssh_strict_modes.sh

Add missing HARDENING_LEVEL (#44 )

2021-02-17 11:51:51 +01:00

99.5.2.6_ssh_sys_accept_env.sh

Fix ovh/debian-cis:#25 (#28 )

2021-01-21 16:01:34 +01:00

99.5.2.7_ssh_sys_no_legacy.sh

Add missing HARDENING_LEVEL (#44 )

2021-02-17 11:51:51 +01:00

99.5.2.8_ssh_sys_sandbox.sh

Fix ovh/debian-cis:#25 (#28 )

2021-01-21 16:01:34 +01:00

99.5.4.5.1_acc_logindefs_sha512.sh

99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112 )

2021-08-10 10:30:35 +02:00

99.5.4.5.2_acc_shadow_sha512.sh

99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112 )

2021-08-10 10:30:35 +02:00

99.99_check_distribution.sh

Add dealing with debian 11

2021-02-08 13:54:24 +01:00