linux-baseline/inspec.yml

34 lines
1.3 KiB
YAML
Raw Normal View History

2020-05-19 10:07:07 +00:00
---
2016-12-21 10:40:56 +00:00
name: linux-baseline
title: DevSec Linux Security Baseline
2017-04-28 20:21:14 +00:00
maintainer: DevSec Hardening Framework Team
copyright: DevSec Hardening Framework Team
copyright_email: hello@dev-sec.io
license: Apache-2.0
summary: Test suite for best practice Linux OS hardening
inspec_version: '>= 4.6.3'
2023-03-31 08:43:53 +00:00
version: 2.9.0
2016-02-16 11:39:15 +00:00
supports:
2020-06-30 13:11:39 +00:00
- os-family: linux
inputs:
- name: login_defs_umask
description: Default umask to set in login.defs
- name: login_defs_passmaxdays
description: Default password maxdays to set in login.defs
- name: login_defs_passmindays
description: Default password mindays to set in login.defs
- name: login_defs_passwarnage
description: Default password warnage (days) to set in login.defs
- name: blacklist
description: blacklist of suid/sgid program on system
- name: mount_exec_blocklist
description: List of mountpoints where 'noexec' mount option should be set
- name: mount_suid_blocklist
description: List of mountpoints where \'nosuid\' mount option should be set
- name: mount_dev_blocklist
description: List of mountpoints where \'nodev\' mount option should be set
- name: sysctl_forwarding
description: Is network forwarding needed?
- name: kernel_modules_disabled
description: Should loading of kernel modules be disabled?