mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-22 21:47:02 +01:00
PCI-DSS compliant Debian 10/11/12 hardening
| bin | ||
| debian | ||
| etc | ||
| lib | ||
| src | ||
| tmp/backups | ||
| .gitignore | ||
| LICENSE | ||
| README | ||
# CIS Debian 7 Hardening git repository # Authors : Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com> # This is the code base which will be used to fill CIS hardening requirements # Hardening scripts : # bin/hardening : Every script has a .cfg associated, status must be defined here # Configuration # etc/hardening.cfg : Global variables defined such as backup directory, or log level # etc/conf.d : Folder with all .cfg associated to hardening scripts # Status parameter will define on each script if it has to be disabled (do nothing), audit (RO), enabled (RW) # Enabled will perform audit and most of the time correct your system accordingly. # There is exceptions as it is difficult to know how you want to correct that. # Main script : # bin/hardening.sh : Will execute hardening according to configuration # Options are : # --apply : Will apply hardening when scripts have status enabled (RW), and audit points where status is audit (RO) # --audit : Will audit hardening when scripts have status enabled or audit (RO) # --audit-all : Apply audit (RO) on all scripts # --audit-all-enable-passed : Apply audit (RO) on all scripts, and *modify* configuration files to enable scripts that passed. In other words, this is an easy way to enable scripts for which you're already compliant. However, please always review each activated script afterwards, this option should only be regarded as a way to kickstart a configuration from scratch faster than otherwise. Don't run this if you have already customized the scripts enable/disable configurations, obviously.