mirror of
https://github.com/ovh/debian-cis.git
synced 2025-08-31 03:44:08 +02:00
94f110d9b3
* fix: ipv6 may be enabled on a single interface * feat: add new checks for debian12 systemd_timesyncd_is_enabled_and_running.sh -> 2.3.2.2 rpcbind_is_disabled.sh -> 2.1.12 ftp_client_not_installed.sh -> 2.2.6 chrony_with_chrony_user.sh -> 2.3.3.2 ipv6_is_enabled.sh -> 3.1.1 --------- Co-authored-by: damien cavagnini <damien.cavagnini@corp.ovh.com> Co-authored-by: GoldenKiwi <thibault.dewailly@corp.ovh.com>
33 lines
1.3 KiB
Plaintext
33 lines
1.3 KiB
Plaintext
Cmnd_Alias SCL_CMD = /bin/grep ,\
|
|
/bin/zgrep,\
|
|
/bin/cat,\
|
|
/usr/bin/stat,\
|
|
/usr/bin/getent,\
|
|
/usr/bin/[,\
|
|
/usr/bin/test,\
|
|
/bin/ls,\
|
|
/usr/bin/find,\
|
|
! /usr/bin/find *-exec*, \
|
|
! /usr/bin/find *-delete*,\
|
|
/usr/bin/apt-get update -y,\
|
|
/usr/bin/apt-get upgrade -s,\
|
|
/usr/bin/cut,\
|
|
/sbin/iptables -nL,\
|
|
/sbin/iptables -nL *,\
|
|
/sbin/sysctl net.*,\
|
|
/sbin/sysctl fs.*,\
|
|
/sbin/sysctl kernel.*,\
|
|
/sbin/sysctl -a,\
|
|
/bin/dmesg "",\
|
|
/bin/netstat,\
|
|
/usr/sbin/lsmod,\
|
|
/sbin/lsmod,\
|
|
/sbin/modprobe,\
|
|
/usr/sbin/modprobe -n -v*,\
|
|
/usr/sbin/apparmor_status,\
|
|
/usr/bin/ss *,\
|
|
/bin/ss *,\
|
|
/usr/bin/pgrep *
|
|
|
|
cisharden ALL = (root) NOPASSWD: SCL_CMD
|