Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2025-03-14 21:57:01 +00:00
Code Issues Projects Releases Packages Wiki Activity
381 commits 17 branches 31 tags 478 KiB
Commit graph

381 commits

This branch
This branch
All branches
Author SHA1 Message Date
Artem Sidorenko
170bb04478
Merge pull request #96 from rndmh3ro/patch-1 
Do not disable vfat by default
 2018-07-16 10:05:13 +02:00
Sebastian Gumprich
cc989d80a7 Do not disable vfat by default 
On UEFI-systems the boot-partition is FAT by default (see [here](https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/System_partition)).

If we disable vfat, these systems become unbootable. This has already bitten some users using ansible-os-hardening (https://github.com/dev-sec/ansible-os-hardening/issues/162, https://github.com/dev-sec/ansible-os-hardening/issues/145).

Therefore I propose we do not check for a disabled vfat filesystem, if efi is used on these systems
 2018-07-10 12:56:32 +02:00
Matt Kulka
2768ba0af5 fix virtualization usage in older inspec versions (#95) 
This profile throws an exception when using InSpec < 2.0.30 on non-virtualized systems because this fix (https://github.com/inspec/inspec/pull/2603) was not included in prior versions. This pull simply catches the exception where virtualization.* is called in pure Ruby.
 2018-06-05 05:23:42 -07:00
Christoph Hartmann
1742c2268e 2.2.1 
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
 2018-05-14 13:55:31 +02:00
Artem Sidorenko
5a1a112fc5
Merge pull request #91 from artem-forks/containers 
Skip auditd and sysctl tests for containers
 2018-03-02 19:02:45 +01:00
Artem Sidorenko
a7d9a43084 Upgrade inspec to avoid check issue 
See https://github.com/chef/inspec/pull/2603
 2018-03-02 18:56:21 +01:00
Artem Sidorenko
0c2bb8da7d Skip auditd and sysctl tests for containers 
See https://github.com/dev-sec/chef-os-hardening/pull/199 for reference

Signed-off-by: Artem Sidorenko <artem@posteo.de>
 2018-02-28 15:56:50 +01:00
Patrick Münch
2758ef0d7a
Merge pull request #90 from marcelhuth/master 
Fixes #89 false positive /etc/shadow on Fedora
 2017-12-28 00:46:27 +01:00
Marcel
47f158d739 Fixes #89 false positive /etc/shadow on Fedora 
Signed-off-by: Marcel <marcel.huth111@gmail.com>
 2017-12-27 21:05:44 +01:00
Artem Sidorenko
2b3f30329e
Merge pull request #88 from jerryaldrichiii/correct-yml-typos 
Fix typos in `inspec.yml`
 2017-12-16 11:59:08 +01:00
Jerry Aldrich
678fd0047a Fix typos in inspec.yml 
This changes:
  - `Test-suite` to `Test suite`
  - `best-preactice` to `best practice`

Signed-off-by: Jerry Aldrich <jerryaldrichiii@gmail.com>
 2017-12-15 17:20:12 -06:00
Christoph Hartmann
4a62b90cbe 2.2.0 
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
 2017-12-01 18:39:32 +01:00
Christoph Hartmann
16bfdf4c63 2.2.0 
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
 2017-12-01 17:47:12 +01:00
Patrick Münch
146285585f
Merge pull request #87 from dev-sec/chris-rock/fix-86 
deferring the execution of permissions to profile execution
 2017-11-23 23:02:02 +01:00
Artem Sidorenko
df64f6c92c
Merge pull request #84 from shoekstra/fix_fedora_controls 
Update Fedora controls
 2017-11-20 12:29:44 +01:00
Stephen Hoekstra
46acd83cf0 Update Fedora controls 2017-11-20 09:31:07 +01:00
Christoph Hartmann
3d77a3a8d7 Fixes #86 by deferring the execution of permissions to profile execution instead of profile initialisation 
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
 2017-11-19 11:48:07 +01:00
Patrick Münch
83d031e08b
Merge pull request #85 from tomhaynes/redhat_cis_updates 
CIS 4.1.1.3
 2017-11-18 12:23:49 +01:00
Tom Haynes
c68102a5a5
CIS 4.1.1.3 2017-11-13 16:27:42 +00:00
Stephen Hoekstra
1bfc31a885 Fix log dir group for Ubuntu 14.04+ (#83) 2017-11-10 11:18:52 +01:00
Artem Sidorenko
3c427b8bc0
Merge pull request #82 from strangeman/redhat-tunes 
Tune some parameters for RedHat system
 2017-11-07 16:11:55 +01:00
Anton Markelov
a5fb285c48 Use more strict defaults for redhat 2017-11-07 17:58:32 +10:00
Artem Sidorenko
f31904ff02
Merge pull request #81 from rndmh3ro/logcheck 
add logdir-check
 2017-10-31 13:55:19 +01:00
Sebastian Gumprich
9c138b8c54 add logdir-check 2017-10-24 10:12:07 +02:00
Patrick Münch
c72d8adad0 Merge pull request #76 from HenryTheHamster/master 
Check for Amazon Linux when determining audit package.
 2017-08-10 09:22:55 +02:00
Patrick Münch
8b33eab5c3 Merge pull request #73 from bitvijays/cis_prelink_disable 
CIS 1.5.4 Ensure prelink is disabled
 2017-07-14 13:27:42 +02:00
Patrick Münch
60ae1a5723 Merge pull request #77 from mcgege/search-opt 
Optimize file search routines
 2017-07-14 08:56:01 +02:00
andy shaw
4f518580a7 Use od name over family. 
Signed-off-by: andy shaw <shawry@shawry.com>
 2017-07-14 09:54:00 +10:00
Michael Geiger
c5dc86b78a Optimize file search routines 
- Remove redundant search for .rhosts files from os-01 (see os-09)
- Direct lookup of /etc/hosts.equiv instead of recursive search (os-01)
- Limit find to 3 sublevels in os-09

Signed-off-by: Michael Geiger <info@mgeiger.de>
 2017-07-13 20:23:20 +02:00
andy shaw
0a753a2dd7 Update package_spec.rb 2017-07-12 16:42:04 +10:00
andy shaw
83b49d0e82 Update package_spec.rb 2017-07-12 16:39:08 +10:00
andy shaw
15315c5dd4 Update package_spec.rb 2017-07-12 16:17:03 +10:00
Patrick Münch
f8ac0dd4a5 Merge pull request #74 from lnxchk/patch-1 
Update package_spec.rb
 2017-07-07 07:16:29 +02:00
Patrick Münch
38573dda17 Merge pull request #71 from bitvijays/cis_disable_unused_filesystem 
1.1.1 CIS Disable unused filesystem
 2017-07-07 07:12:17 +02:00
Mandi Walls
2369b63ede Update package_spec.rb 
Fix the spelling of "password"
 2017-07-06 14:10:19 +01:00
Artem Sidorenko
bf4b10776a Merge pull request #72 from bitvijays/log_martian_default 
Added net.ipv4.conf.default.log_martians for Martian Packets in sysctl_spec.rb
 2017-07-04 13:28:46 +02:00
bitvijays
56784530de Added net.ipv4.conf.default.log_martians for Martian Packets in Sysctl-17 
Signed-off-by: bitvijays <bitvijays@gmail.com>
 2017-07-04 14:03:56 +05:30
bitvijays
98bf7b9f49 CIS 1.1.1 Disable unused filesystems 
Removed extra line

Signed-off-by: bitvijays <bitvijays@gmail.com>
 2017-07-04 02:12:43 +05:30
bitvijays
3303c00721 CIS 1.5.4 Ensure prelink is disabled 
Signed-off-by: bitvijays <bitvijays@gmail.com>
 2017-07-04 02:04:40 +05:30
Christoph Hartmann
e192b1e766 Merge pull request #70 from mcgege/os-02 
os-02: Fix for SUSE environments
 2017-06-27 04:51:21 -07:00
Michael Geiger
c310414967 os-02: Fix for SUSE environments 
Signed-off-by: Michael Geiger <michael.geiger@telekom.de>
 2017-06-27 09:51:39 +02:00
Artem Sidorenko
b13f83bf76 Merge pull request #69 from mcgege/package-08-suse 
On SUSE environments 'auditd' is part of package 'audit'
 2017-06-26 12:15:25 +02:00
Michael Geiger
c439a23d3b On SUSE environments 'auditd' is part of package 'audit' 2017-06-26 11:59:23 +02:00
Patrick Münch
21b6d82a2f Merge pull request #68 from dev-sec/chris-rock/spdx 
use recommended spdx license identifier
 2017-06-26 07:46:23 +02:00
Christoph Hartmann
5b52c3b5ae use recommended spdx license identifier 
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
 2017-06-25 18:08:49 +02:00
Patrick Münch
e9d0e48d98 Merge pull request #66 from artem-forks/ruby-2.4 
CI: update to ruby 2.4.1 and rubocop 0.49.1
 2017-06-02 11:04:20 +02:00
Artem Sidorenko
16d47e8dc5 CI: update to ruby 2.4.1 and rubocop 0.49.1 
Chef 13 is also using ruby 2.4.1 in the omnibus packages

Signed-off-by: Artem Sidorenko <artem@posteo.de>
 2017-06-01 23:43:45 +02:00
Patrick Münch
105ec0fc99 Merge pull request #63 from artem-forks/num_logs 
num_logs has different values on different distros
 2017-05-31 11:56:23 +02:00
Christoph Hartmann
3a83bad322 Merge pull request #64 from dev-sec/ap/assignment_re-update 
Use assignment_regex, only_if and bump profile version
 2017-05-30 08:11:32 -04:00
Alex Pop
4f5fc943dd Use only_if to avoid upload warning 2017-05-30 11:37:27 +01:00