mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-23 14:35:26 +01:00
PCI-DSS compliant Debian 10/11/12 hardening
df6d513929
Release Alpha 0.1 * commit '091eec57ee7f706c2dd16150c75b4d93a183b724': (64 commits) All configuration defaults to disabled README updated 99.1_timeout_tty.sh 99.2_disable_usb_devices.sh Fixed disabled features, headers and preparing main script Added argument parsing and test checks 13.16_check_duplicate_username.sh 13.17_check_duplicate_groupname.sh 13.18_find_user_netrc_files.sh 13.19_find_user_forward_files.sh 13.20_shadow_group_empty.sh 13.14_check_duplicate_uid.sh 13.15_check_duplicate_gid.sh^C 13.12_users_valid_homedir.sh 13.11_find_passwd_group_inconsistencies.sh 13.13_check_user_homedir_ownership.sh 13.10_find_user_rhosts_files.sh 13.8_check_user_dot_file_perm.sh 13.9_set_perm_on_user_netrc.sh 13.7_check_user_dir_perm.sh 13.1_remove_empty_password_field.sh 13.2_remove_legacy_passwd_entries.sh 13.3_remove_legacy_shadow_entries.sh 13.4_remove_legacy_group_entries.sh 13.5_find_0_uid_non_root_account.sh 13.6_sanitize_root_path.sh 13.1_remove_empry_password_field.sh 12.11_find_sgid_files.sh 12.10_find_suid_files.sh 12.1_etc_passwd_permissions.sh 12.2_etc_shadow_permissions.sh 12.3_etc_group_permissions.sh 12.4_etc_passwd_ownership.sh 12.5_etc_shadow_ownership.sh 12.6_etc_group_ownership.sh 12.7_find_world_writable_file.sh 12.8_find_unowned_files.sh 12.9_find_ungrouped_files.sh 10.5_lock_inactive_user_account.sh 11.1_warning_banners.sh 11.2_remove_os_info_warning_banners.sh 11.3_graphical_warning_banners.sh 10.1.1_set_password_exp_days.sh 10.1.2_set_password_min_days_change.sh 10.1.3_set_password_exp_warning_days.sh 10.2_disable_system_accounts.sh 10.3_default_root_group.sh 10.4_default_umask.sh 9.4_secure_tty.sh 9.5_restrict_su.sh 9.2.1_enable_cracklib.sh 9.2.2_enable_lockout_failed_password.sh 9.2.3_limit_password_reuse.sh 9.3.10_disable_sshd_setenv.sh 9.3.11_sshd_ciphers.sh 9.3.12_sshd_idle_timeout.sh 9.3.13_sshd_limit_access.sh 9.3.14_ssh_banner.sh 9.3.2_sshd_loglevel.sh 9.3.1_sshd_protocol.sh 9.3.3_sshd_conf_perm_ownership.sh 9.3.4_disable_x11_forwarding.sh 9.3.5_sshd_maxauthtries.sh 9.3.6_enable_sshd_ignorerhosts.sh 9.3.7_disable_sshd_hostbasedauthentication.sh 9.3.8_disable_root_login.sh 9.3.9_disable_sshd_permitemptypasswords.sh 9.1.3_cron_hourly_perm_ownership.sh 9.1.4_cron_daily_perm_ownership.sh 9.1.5_cron_weekly_perm_ownership.sh 9.1.6_cron_monthly_perm_ownership.sh 9.1.7_cron_d_perm_ownership.sh 9.1.8_cron_users.sh 9.1.1_enable_cron.sh 9.1.2_crontab_perm_ownership.sh 8.4_configure_logrotate.sh ... |
||
---|---|---|
bin | ||
etc | ||
lib | ||
src | ||
tmp/backups | ||
.gitignore | ||
README |
# CIS Debian 7 Hardening git repository # Authors : Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com> # This is the code base which will be used to fill CIS hardening requirements # Hardening scripts : # bin/hardening : Every script has a .cfg associated, status must be defined here # Main script : # bin/hardening.sh : Will execute hardening according to configuration # Configuration # etc/hardening.cfg : Global variables defined such as backup directory, or log level # etc/conf.d : Folder with all .cfg associated to hardenign scripts