debian-cis
PCI-DSS compliant Debian 10/11/12 hardening
OTHER License
Bot releases are visible (Hide)
Published by github-actions[bot] over 2 years ago
- feat: Filter the filesystem to check when the list is built. (#156)
Published by github-actions[bot] over 2 years ago
- fix: add 10s wait timeout on iptables command (#151)
Published by github-actions[bot] over 2 years ago
- fix: allow passwd-, group- and shadow- debian default permissions (#149)
Published by github-actions[bot] over 2 years ago
- fix: missing shadowtools backup files is ok (#132)
- feat: Dissociate iptables pkg name from command (#137)
- fix: Catch unexpected failures (#140)
- fix: Avoid find failures on too many files (#144)
Published by tdenof almost 3 years ago
- Fix 5.4.5 pattern search
- Bump actions-ecosystem/action-get-latest-tag from 1 to 1.4.1
- Bump luizm/action-sh-checker from v0.1.12 to v0.1.13
- 99.5.4.5.2: fix bug where sha512 option rounds provoke KO
- Bump dev-drprasad/delete-tag-and-release from v0.1.3 to v0.2.0
- Bump luizm/action-sh-checker from 0.1.13 to 0.3.0
- Bump metcalfc/changelog-generator from v0.4.4 to v1.0.0
- FIX(2.2.1.4): Validate debian default ntp config
- FIX(1.7.1.4): don't abort script in case of unconfined processes
- Add silent mode and json summary
- fix: kernel module detection
- Honor --set-log-level parameter
- Allow grub.cfg permission to be 600
- Fix grub detection
- Fix 3.4.2 audit rule
- Skip NTP and Chrony config check if they are not installed
- Fix empty fstab test
- Update changelog for release 3.2-2
Published by github-actions[bot] over 3 years ago
- Improve EXCEPTIONS management (1.1.21,6.1.10)
- Fix bug linked with regex quoting (6.1.10-11-12-13-14)
Published by github-actions[bot] over 3 years ago
- Fix unbound EXCEPTIONS variable in some cases
Published by github-actions[bot] over 3 years ago
- Add test to check stderr is empty
- Fix 2.2.1.2 audit and apply
- Accept lower values as valid 5.2.7 and 5.2.23
- Add dir exceptions in 1.1.21 and 6.1.10
Published by github-actions[bot] over 3 years ago
- Fix 4.1.11 permissions
Published by github-actions[bot] over 3 years ago
- Fix case for sshd pattern searching
Published by github-actions[bot] over 3 years ago
- Various mispeling fixes
- Fix div function that causes a display bug when runnin test with --only
- Fix 4.1.1.4 bad pattern bug
- Fix 5.4.2.2
- Various verification that package is installed or file exist before running check (openssh, apparmor, crontab)
Published by github-actions[bot] over 3 years ago
- Add missing HARDENING_LEVEL var for some checks
- Add dealing with debian 11
- Add warning for unsupported distributions and debian version
- Remove bc dependency
- Add 1.8.1-4 comprehensive tests
- Add 3.1-3.x comprehensive tests
- Add missing 3.4.x checks and tests (exotic protocol)
- Add environment detection (container)
- Improve kernel module detection
- Improve partition detection
- Add cli option to override loglevel
- Improve 5.1.8 to allow more restrictive permissions
- Upgrade mac and key to be debian10 CIS compliant
- Fix path in 1.6.4
Published by github-actions[bot] almost 4 years ago
- Add workflows for github action
- Update man page and README.md
Published by thibaultserti almost 4 years ago
- Migration to debian10 numbering
- Add utils to compare file permissions to a list of authorized permissions
- Update skel, update documentation
- Add 1.1.1.7 check and test (disable FAT)
- Add 1.1.23 check and test (disable usb storage)
- Add 1.7.x checks and tests (apparmor)
- Add 2.2.1.2 check and test (systemd-timesyncd)
- Add 4.1.1.1,4 check (auditd)
- Add 4.2.1.6 check (syslog-ng)
- Add 4.2.2.x checks and tests (journald)
- Add 4.4 checks and tests (logrotate permission)
- Add 5.2.20-23 checks and tests (sshd)
- Add 6.1.3-9 checks (/etc/passwd-, /etc/shadow-, ...)