elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity
7266ec7cb4
debian-cis/bin/hardening
History
Jan Schmidle 8f855ac159
fix: kernel module detection (#129) 
* fix: add filter to hfs

* fix is_kernel_option_enabled check

as the module in question could have dependencies which have been blacklisted as well we need to make sure that the comparison only checks for the module in question - the last line in the output.

Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
2021-10-20 14:51:29 +02:00
..
.gitignore Initial Commit Basic folders 2016-04-01 07:50:08 +02:00
1.1.1.1_disable_freevxfs.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
1.1.1.2_disable_jffs2.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
1.1.1.3_disable_hfs.sh fix: kernel module detection (#129) 2021-10-20 14:51:29 +02:00
1.1.1.4_disable_hfsplus.sh fix: kernel module detection (#129) 2021-10-20 14:51:29 +02:00
1.1.1.5_disable_squashfs.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
1.1.1.6_disable_udf.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
1.1.1.7_restrict_fat.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
1.1.2_tmp_partition.sh IMP(shellcheck): quote variables (SC2086) 2020-12-04 15:04:22 +01:00
1.1.3_tmp_nodev.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
1.1.4_tmp_nosuid.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
1.1.5_tmp_noexec.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
1.1.6_var_partition.sh Update documentation 2020-12-22 17:01:41 +01:00
1.1.7_var_tmp_partition.sh IMP(shellcheck): quote variables (SC2086) 2020-12-04 15:04:22 +01:00
1.1.8_var_tmp_nodev.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
1.1.9_var_tmp_nosuid.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
1.1.10_var_tmp_noexec.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
1.1.11_var_log_partition.sh Update documentation 2020-12-22 17:01:41 +01:00
1.1.12_var_log_audit_partition.sh Update documentation 2020-12-22 17:01:41 +01:00
1.1.13_home_partition.sh Update documentation 2020-12-22 17:01:41 +01:00
1.1.14_home_nodev.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
1.1.15_run_shm_nodev.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.1.16_run_shm_nosuid.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.1.17_run_shm_noexec.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.1.18_removable_device_nodev.sh Update documentation 2020-12-22 17:01:41 +01:00
1.1.19_removable_device_nosuid.sh Update documentation 2020-12-22 17:01:41 +01:00
1.1.20_removable_device_noexec.sh Update documentation 2020-12-22 17:01:41 +01:00
1.1.21_sticky_bit_world_writable_folder.sh fix EXCEPTIONS management (#104) 2021-06-02 13:47:19 +02:00
1.1.22_disable_automounting.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
1.1.23_disable_usb_storage.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
1.3.1_install_sudo.sh ADD(1.3.x): add new scripts for debian10 2020-12-21 15:52:47 +01:00
1.3.2_pty_sudo.sh ADD(1.3.x): add new scripts for debian10 2020-12-21 15:52:47 +01:00
1.3.3_logfile_sudo.sh ADD(1.3.x): add new scripts for debian10 2020-12-21 15:52:47 +01:00
1.4.1_install_tripwire.sh Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
1.4.2_tripwire_cron.sh Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
1.5.1_bootloader_ownership.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.5.2_bootloader_password.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.5.3_root_password.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.6.1_enable_nx_support.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.6.2_enable_randomized_vm_placement.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.6.3_disable_prelink.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.6.4_restrict_core_dumps.sh fix incorrect path from ls (#45) 2021-02-17 12:00:13 +01:00
1.7.1.1_install_apparmor.sh ADD(1.7.x): add apparmor checks 2020-12-23 10:46:51 +01:00
1.7.1.2_enable_apparmor.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.7.1.3_enforce_or_complain_apparmor.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
1.7.1.4_enforcing_apparmor.sh FIX(1.7.1.4): don't abort script in case of unconfined processes (#130) 2021-10-20 13:14:36 +02:00
1.8.1.1_remove_os_info_motd.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.8.1.2_remove_os_info_issue.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.8.1.3_remove_os_info_issue_net.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.8.1.4_motd_perms.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.8.1.5_etc_issue_perms.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.8.1.6_etc_issue_net_perms.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.8.2_graphical_warning_banners.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
1.9_install_updates.sh Renum 1.x files to comply with debian10 CIS 2020-12-21 16:09:27 +01:00
2.1.1_disable_xinetd.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.1.2_disable_bsd_inetd.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.1.1_use_time_sync.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.1.2_configure_systemd-timesyncd.sh FIX(2.2.1.2): custom func not working for systemd (#90) 2021-04-27 13:49:05 +02:00
2.2.1.3_configure_chrony.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
2.2.1.4_configure_ntp.sh FIX(2.2.1.4): Validate debian default ntp config (#118) 2021-10-15 16:19:51 +02:00
2.2.2_disable_xwindow_system.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.3_disable_avahi_server.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.4_disable_print_server.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.5_disable_dhcp.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.6_disable_ldap.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.7_disable_nfs_rpc.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.8_disable_dns_server.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.9_disable_ftp.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.10_disable_http_server.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.11_disable_imap_pop.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.12_disable_samba.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
2.2.13_disable_http_proxy.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.14_disable_snmp_server.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.2.15_mta_localhost.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
2.2.16_disable_rsync.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
2.2.17_disable_nis.sh IMP: mark some checks as useless 2021-01-25 13:02:52 +01:00
2.3.1_disable_nis.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.3.2_disable_rsh_client.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.3.3_disable_talk_client.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.3.4_disable_telnet_client.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
2.3.5_disable_ldap_client.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
3.1.1_disable_ipv6.sh Add is_ipv6_disabled (#57) 2021-02-17 11:45:20 +01:00
3.1.2_disable_wireless.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.2.1_disable_send_packet_redirects.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.2.2_disable_ip_forwarding.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.3.1_disable_source_routed_packets.sh Add is_ipv6_disabled (#57) 2021-02-17 11:45:20 +01:00
3.3.2_disable_icmp_redirect.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.3.3_disable_secure_icmp_redirect.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.3.4_log_martian_packets.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.3.5_ignore_broadcast_requests.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.3.6_enable_bad_error_message_protection.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.3.7_enable_source_route_validation.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.3.8_enable_tcp_syn_cookies.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
3.3.9_disable_ipv6_router_advertisement.sh Add is_ipv6_disabled (#57) 2021-02-17 11:45:20 +01:00
3.4.1_disable_dccp.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
3.4.2_disable_sctp.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
3.4.3_disable_rds.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
3.4.4_disable_tipc.sh IMP: add multiple Improvements 2021-02-04 16:21:49 +01:00
3.5.1.1_enable_firewall.sh Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
3.5.4.1.1_net_fw_default_policy_drop.sh Renum 2.x and 3.x files to comply with debian10 CIS 2020-12-22 08:52:43 +01:00
4.1.1.1_install_auditd.sh ADD(4.1.1.1): add auditd install 2020-12-24 16:20:02 +01:00
4.1.1.2_enable_auditd.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.1.3_audit_bootloader.sh FIX(4.1.1.4): bad pattern (#67) 2021-03-25 13:50:08 +01:00
4.1.1.4_audit_backlog_limit.sh FIX(4.1.1.4): bad pattern (#67) 2021-03-25 13:50:08 +01:00
4.1.2.1_audit_log_storage.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.2.2_halt_when_audit_log_full.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.2.3_keep_all_audit_logs.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.3_record_date_time_edit.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.4_record_user_group_edit.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.5_record_network_edit.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.6_record_mac_edit.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.7_record_login_logout.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.8_record_session_init.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.9_record_dac_edit.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.10_record_failed_access_file.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.11_record_privileged_commands.sh FIX(4.1.11): add SUDO to find suid files 2021-04-13 11:00:29 +02:00
4.1.12_record_successful_mount.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.13_record_file_deletions.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.14_record_sudoers_edit.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.15_record_sudo_usage.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.16_record_kernel_modules.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.1.17_freeze_auditd_conf.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.2.1.1_install_syslog-ng.sh Update documentation 2020-12-22 17:01:41 +01:00
4.2.1.2_enable_syslog-ng.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
4.2.1.3_configure_syslog-ng.sh Update documentation 2020-12-22 17:01:41 +01:00
4.2.1.4_syslog_ng_logfiles_perm.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
4.2.1.5_syslog-ng_remote_host.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
4.2.1.6_remote_syslog-ng_acl.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
4.2.2.1_journald_logs.sh IMP(4.2.2.x): improve dealing with default conf 2021-01-25 13:02:52 +01:00
4.2.2.2_journald_compress.sh IMP(4.2.2.x): improve dealing with default conf 2021-01-25 13:02:52 +01:00
4.2.2.3_journald_write_persistent.sh IMP(4.2.2.x): improve dealing with default conf 2021-01-25 13:02:52 +01:00
4.2.3_logs_permissions.sh Renum 4.x files to comply with debian10 CIS 2020-12-22 10:51:39 +01:00
4.3_configure_logrotate.sh Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
4.4_logrotate_permissions.sh ADD(4.4): add logrotate permissions checking 2020-12-24 10:31:47 +01:00
5.1.1_enable_cron.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
5.1.2_crontab_perm_ownership.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
5.1.3_cron_hourly_perm_ownership.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
5.1.4_cron_daily_perm_ownership.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
5.1.5_cron_weekly_perm_ownership.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
5.1.6_cron_monthly_perm_ownership.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
5.1.7_cron_d_perm_ownership.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
5.1.8_cron_users.sh add log details to be more comprehensive (#49) 2021-02-17 12:04:11 +01:00
5.2.1_sshd_conf_perm_ownership.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
5.2.2_ssh_host_private_keys_perm_ownership.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
5.2.3_ssh_host_public_keys_perm_ownership.sh IMP: add utils to check perm in authorized perm 2020-12-21 10:39:44 +01:00
5.2.4_sshd_protocol.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.5_sshd_loglevel.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.6_disable_x11_forwarding.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.7_sshd_maxauthtries.sh Accept lower values (#95) 2021-04-27 16:04:13 +02:00
5.2.8_enable_sshd_ignorerhosts.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.9_disable_sshd_hostbasedauthentication.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.10_disable_root_login.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.11_disable_sshd_permitemptypasswords.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.12_disable_sshd_setenv.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.13_sshd_ciphers.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.14_ssh_cry_mac.sh Update mac and kex to match debian10 CIS (#60) 2021-02-17 11:31:22 +01:00
5.2.15_ssh_cry_kex.sh Update mac and kex to match debian10 CIS (#60) 2021-02-17 11:31:22 +01:00
5.2.16_sshd_idle_timeout.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.17_sshd_login_grace_time.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.18_sshd_limit_access.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.19_ssh_banner.sh Fix ovh/debian-cis:#25 (#28) 2021-01-21 16:01:34 +01:00
5.2.20_enable_ssh_pam.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.21_disable_ssh_allow_tcp_forwarding.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.22_configure_ssh_max_startups.sh Ignore case for sshd conf 2021-04-02 09:25:41 +02:00
5.2.23_limit_ssh_max_sessions.sh Accept lower values (#95) 2021-04-27 16:04:13 +02:00
5.3.1_enable_pwquality.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
5.3.2_enable_lockout_failed_password.sh Use pam_faillock instead of pam_tally for bullseye (#56) 2021-02-17 11:36:58 +01:00
5.3.3_limit_password_reuse.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
5.3.4_acc_pam_sha512.sh Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
5.4.1.1_set_password_exp_days.sh IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
5.4.1.2_set_password_min_days_change.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
5.4.1.3_set_password_exp_warning_days.sh IMP(shellcheck): quote variables 2020-12-10 09:50:33 +01:00
5.4.1.4_lock_inactive_user_account.sh Update documentation 2020-12-22 17:01:41 +01:00
5.4.1.5_last_password_change_past.sh Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
5.4.2_disable_system_accounts.sh IMP(shellcheck): replace ls parsing by stat 2020-12-14 16:14:37 +01:00
5.4.3_default_root_group.sh IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
5.4.4_default_umask.sh IMP(shellcheck): replace ls parsing by stat 2020-12-14 16:14:37 +01:00
5.4.5_default_timeout.sh Fix 5.4.5 pattern search (#108) 2021-08-09 10:49:56 +02:00
5.5_secure_tty.sh IMP(shfmt): add shell formatter 2020-12-04 14:08:01 +01:00
5.6_restrict_su.sh IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
6.1.2_etc_passwd_permissions.sh ADD(6.1.3, 6.1.6-9): add new checks 2020-12-21 10:02:52 +01:00
6.1.3_etc_gshadow-_permissions.sh ADD(6.1.3, 6.1.6-9): add new checks 2020-12-21 10:02:52 +01:00
6.1.4_etc_shadow_permissions.sh ADD(6.1.3, 6.1.6-9): add new checks 2020-12-21 10:02:52 +01:00
6.1.5_etc_group_permissions.sh ADD(6.1.3, 6.1.6-9): add new checks 2020-12-21 10:02:52 +01:00
6.1.6_etc_passwd-_permissions.sh ADD(6.1.3, 6.1.6-9): add new checks 2020-12-21 10:02:52 +01:00
6.1.7_etc_shadow-_permissions.sh ADD(6.1.3, 6.1.6-9): add new checks 2020-12-21 10:02:52 +01:00
6.1.8_etc_group-_permissions.sh Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
6.1.9_etc_gshadow_permissions.sh Add commentaries, renum scripts 2020-12-22 15:58:10 +01:00
6.1.10_find_world_writable_file.sh fix EXCEPTIONS management (#104) 2021-06-02 13:47:19 +02:00
6.1.11_find_unowned_files.sh fix EXCEPTIONS management (#104) 2021-06-02 13:47:19 +02:00
6.1.12_find_ungrouped_files.sh fix EXCEPTIONS management (#104) 2021-06-02 13:47:19 +02:00
6.1.13_find_suid_files.sh fix EXCEPTIONS management (#104) 2021-06-02 13:47:19 +02:00
6.1.14_find_sgid_files.sh fix EXCEPTIONS management (#104) 2021-06-02 13:47:19 +02:00
6.2.1_remove_empty_password_field.sh IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
6.2.2_remove_legacy_passwd_entries.sh Update documentation 2020-12-22 17:01:41 +01:00
6.2.3_users_valid_homedir.sh Renum 6.x files to comply with debian10 CIS 2020-12-22 11:43:53 +01:00
6.2.4_remove_legacy_shadow_entries.sh Update documentation 2020-12-22 17:01:41 +01:00
6.2.5_remove_legacy_group_entries.sh Update documentation 2020-12-22 17:01:41 +01:00
6.2.6_find_0_uid_non_root_account.sh Renum 6.x files to comply with debian10 CIS 2020-12-22 11:43:53 +01:00
6.2.7_sanitize_root_path.sh Renum 6.x files to comply with debian10 CIS 2020-12-22 11:43:53 +01:00
6.2.8_check_user_dir_perm.sh Update documentation 2020-12-22 17:01:41 +01:00
6.2.9_users_valid_homedir.sh IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
6.2.10_check_user_dot_file_perm.sh IMP(shellcheck): replace ls parsing by stat 2020-12-14 16:14:37 +01:00
6.2.11_find_user_forward_files.sh IMP(shellcheck): replace deprecated egrep (SC2196) 2020-12-10 08:20:26 +01:00
6.2.12_find_user_netrc_files.sh IMP(shellcheck): replace deprecated egrep (SC2196) 2020-12-10 08:20:26 +01:00
6.2.13_set_perm_on_user_netrc.sh IMP(6.2.13): fix race condition 2020-12-14 15:11:33 +01:00
6.2.14_find_user_rhosts_files.sh IMP(shellcheck): replace deprecated egrep (SC2196) 2020-12-10 08:20:26 +01:00
6.2.15_find_passwd_group_inconsistencies.sh Update changelog 2020-12-14 16:56:09 +01:00
6.2.16_check_duplicate_uid.sh IMP(shellcheck): quote variables (SC2086) 2020-12-04 15:04:22 +01:00
6.2.17_check_duplicate_gid.sh IMP(shellcheck): quote variables (SC2086) 2020-12-04 15:04:22 +01:00
6.2.18_check_duplicate_username.sh IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
6.2.19_check_duplicate_groupname.sh IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
6.2.20_shadow_group_empty.sh IMP(shellcheck): quote variables (SC2086) 2020-12-07 17:11:32 +01:00
99.1.1.1_disable_cramfs.sh Update documentation 2020-12-22 17:01:41 +01:00
99.1.1.23_disable_usb_devices.sh Add missing HARDENING_LEVEL (#44) 2021-02-17 11:51:51 +01:00
99.1.3_acc_sudoers_no_all.sh Add missing HARDENING_LEVEL (#44) 2021-02-17 11:51:51 +01:00
99.2.2_disable_telnet_server.sh Renum 99.x files to comply with debian10 CIS 2020-12-22 16:36:35 +01:00
99.3.3.1_install_tcp_wrapper.sh Renum 99.x files to comply with debian10 CIS 2020-12-22 16:36:35 +01:00
99.3.3.2_hosts_allow.sh Renum 99.x files to comply with debian10 CIS 2020-12-22 16:36:35 +01:00
99.3.3.3_hosts_deny.sh Renum 99.x files to comply with debian10 CIS 2020-12-22 16:36:35 +01:00
99.3.3.4_hosts_allow_permissions.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
99.3.3.5_hosts_deny_permissions.sh Check that package are installed before launching check (#69) 2021-03-25 14:01:57 +01:00
99.4.0_enable_auditd_kernel.sh Renum 99.x files to comply with debian10 CIS 2020-12-22 16:36:35 +01:00
99.5.2.1_ssh_auth_pubk_only.sh Fix ovh/debian-cis:#25 (#28) 2021-01-21 16:01:34 +01:00
99.5.2.2_ssh_cry_rekey.sh Add dealing with debian 11 2021-02-08 13:54:24 +01:00
99.5.2.3_ssh_disable_features.sh Add missing HARDENING_LEVEL (#44) 2021-02-17 11:51:51 +01:00
99.5.2.4_ssh_keys_from.sh Add missing HARDENING_LEVEL (#44) 2021-02-17 11:51:51 +01:00
99.5.2.5_ssh_strict_modes.sh Add missing HARDENING_LEVEL (#44) 2021-02-17 11:51:51 +01:00
99.5.2.6_ssh_sys_accept_env.sh Fix ovh/debian-cis:#25 (#28) 2021-01-21 16:01:34 +01:00
99.5.2.7_ssh_sys_no_legacy.sh Add missing HARDENING_LEVEL (#44) 2021-02-17 11:51:51 +01:00
99.5.2.8_ssh_sys_sandbox.sh Fix ovh/debian-cis:#25 (#28) 2021-01-21 16:01:34 +01:00
99.5.4.5.1_acc_logindefs_sha512.sh 99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112) 2021-08-10 10:30:35 +02:00
99.5.4.5.2_acc_shadow_sha512.sh 99.5.4.5.2: fix bug where sha512 option rounds provoke KO (#112) 2021-08-10 10:30:35 +02:00
99.99_check_distribution.sh Add dealing with debian 11 2021-02-08 13:54:24 +01:00