2020-05-19 10:07:07 +00:00
|
|
|
---
|
2016-12-21 10:40:56 +00:00
|
|
|
name: linux-baseline
|
|
|
|
|
title: DevSec Linux Security Baseline
|
2017-04-28 20:21:14 +00:00
|
|
|
maintainer: DevSec Hardening Framework Team
|
|
|
|
|
copyright: DevSec Hardening Framework Team
|
|
|
|
|
copyright_email: hello@dev-sec.io
|
2017-06-25 16:08:49 +00:00
|
|
|
license: Apache-2.0
|
2017-12-15 23:20:12 +00:00
|
|
|
summary: Test suite for best practice Linux OS hardening
|
2022-01-12 16:17:16 +00:00
|
|
|
inspec_version: '>= 4.6.3'
|
2023-03-31 08:43:53 +00:00
|
|
|
version: 2.9.0
|
2016-02-16 11:39:15 +00:00
|
|
|
supports:
|
2020-06-30 13:11:39 +00:00
|
|
|
- os-family: linux
|
2023-11-19 00:07:22 +00:00
|
|
|
inputs:
|
|
|
|
|
- name: login_defs_umask
|
|
|
|
|
description: Default umask to set in login.defs
|
|
|
|
|
- name: login_defs_passmaxdays
|
|
|
|
|
description: Default password maxdays to set in login.defs
|
|
|
|
|
- name: login_defs_passmindays
|
|
|
|
|
description: Default password mindays to set in login.defs
|
|
|
|
|
- name: login_defs_passwarnage
|
|
|
|
|
description: Default password warnage (days) to set in login.defs
|
|
|
|
|
- name: blacklist
|
|
|
|
|
description: blacklist of suid/sgid program on system
|
|
|
|
|
- name: mount_exec_blocklist
|
|
|
|
|
description: List of mountpoints where 'noexec' mount option should be set
|
|
|
|
|
- name: mount_suid_blocklist
|
2023-11-19 15:49:11 +00:00
|
|
|
description: List of mountpoints where 'nosuid' mount option should be set
|
2023-11-19 00:07:22 +00:00
|
|
|
- name: mount_dev_blocklist
|
2023-11-19 15:49:11 +00:00
|
|
|
description: List of mountpoints where 'nodev' mount option should be set
|
2023-11-19 00:12:44 +00:00
|
|
|
- name: sysctl_forwarding
|
|
|
|
|
description: Is network forwarding needed?
|
|
|
|
|
- name: kernel_modules_disabled
|
|
|
|
|
description: Should loading of kernel modules be disabled?
|
