Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2024-11-26 13:00:21 +00:00
Code Issues Projects Releases Packages Wiki Activity
330 commits 17 branches 31 tags 478 KiB
Commit graph

31 commits

Author SHA1 Message Date
Claudius Heine
00d24baa66
added sysctl-34 for checking link protection settings (#160) 
Common and long-standing exploits regard unprotected links, fifos and
regular files, which are created or controlled by an attacker to gain
access to other files or control over other programs.

Signed-off-by: Claudius Heine <ch@denx.de>
 2021-10-19 15:11:46 +02:00
Martin Schurz
c017b3ae5b remove sysctl-18 - ipv6 no longer needs to be disabled 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-05-05 23:39:44 +02:00
Farid Joubbi
39591a223e Disable source routing for IPv6. See c3b5a3afd01eb06d184e9cac6c1df6b85a36e13b 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-24 07:33:19 +01:00
schurzi
4dddfaa89a
update code to conform to new linting rules (#145) 
* update code to conform to new linting rules

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* disable unneeded linting rule

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-01-29 11:27:31 +01:00
Michael Geiger
8f028d0386 Setting net.ipv4.conf.all.arp_ignore = 2 is used as a secure default in 
many places now and should be a valid option

Signed-off-by: Michael Geiger <info@mgeiger.de>
 2020-12-26 11:37:06 +01:00
Ben Dean
295683c617
skip the sysctl-19 control when sysctl_forwarding is true 
fixes #124

Signed-off-by: Ben Dean <ben.dean@ontariosystems.com>
 2019-12-02 18:41:31 -05:00
Christoph Hartmann
fe0ac1c450
Merge pull request #119 from jjasghar/jjasghar/deprication 
Fixing some deprecation notices
 2019-09-19 09:54:08 +02:00
Sam Marshall
f7ce8028ee Allow core dumps to be piped into a program with an absolute path. 
Signed-off-by: Sam Marshall <sam@foundu.com.au>
 2019-07-18 09:43:53 +10:00
JJ Asghar
99c2ddd408 Fixing some deprecation notices 
`default` is being replaced by `value`

Signed-off-by: JJ Asghar <awesome@ibm.com>
Signed-off-by: JJ Asghar <jjasghar@gmail.com>
 2019-07-16 18:09:13 -05:00
Matt Kulka
2768ba0af5 fix virtualization usage in older inspec versions (#95) 
This profile throws an exception when using InSpec < 2.0.30 on non-virtualized systems because this fix (https://github.com/inspec/inspec/pull/2603) was not included in prior versions. This pull simply catches the exception where virtualization.* is called in pure Ruby.
 2018-06-05 05:23:42 -07:00
Artem Sidorenko
0c2bb8da7d Skip auditd and sysctl tests for containers 
See https://github.com/dev-sec/chef-os-hardening/pull/199 for reference

Signed-off-by: Artem Sidorenko <artem@posteo.de>
 2018-02-28 15:56:50 +01:00
bitvijays
56784530de Added net.ipv4.conf.default.log_martians for Martian Packets in Sysctl-17 
Signed-off-by: bitvijays <bitvijays@gmail.com>
 2017-07-04 14:03:56 +05:30
Alex Pop
085b42857e Use assignment_regex and bump profile version 2017-05-30 11:27:37 +01:00
Artem Sidorenko
deb96a624e Allow verification if kernel modules loading is disabled 
Signed-off-by: Artem Sidorenko <artem@posteo.de>
 2017-05-22 19:53:35 +02:00
Artem Sidorenko
e3df2dbb13 Verify the dump path only if dumpable is set to suidsafe 
See this discussion 790371c5fd (commitcomment-21277650)
 2017-03-13 19:56:44 +01:00
Artem Sidorenko
8f763e51b4 Properly verify the kernel dump setting 
0 and 2 are the allowed options
 2017-03-12 17:48:32 +01:00
Patrick Münch
50e28b58ea Merge pull request #44 from juju4/master 
essay: differentiate redhat/debian, add extra conditions
 2017-02-08 21:07:28 +01:00
techraf
7972eca00c Check 'net.ipv4.conf.default.send_redirects' instead of 'net.ipv4.conf.all.send_redirects' twice 2017-01-13 08:48:27 +09:00
juju4
c27fc05aee fix rubocop Conventions 2016-12-22 04:50:09 -05:00
juju4
50abb79577 fix rubocop Conventions 2016-12-22 04:45:40 -05:00
juju4
1726723827 fix rubocop Conventions 2016-12-22 04:39:14 -05:00
juju4
f207161143 fix rubocop Conventions 2016-12-22 04:34:49 -05:00
juju4
e62cb3f0ef fix rubocop Conventions 2016-12-22 04:27:09 -05:00
juju4
4b029d7e99 fix rubocop Conventions 2016-12-22 04:23:07 -05:00
juju4
b2cd7ee312 fix rubocop Conventions 2016-12-22 04:17:32 -05:00
juju4
e297ff2b1e fix rubocop Warning and most Conventions 2016-12-22 04:09:07 -05:00
juju4
cdcc9f7721 use attributes, include PR feedback 2016-12-21 13:53:32 -05:00
juju4
790371c5fd differentiate redhat/debian test, add extra conditions like entropy or ENV dependent test 2016-09-18 16:38:55 -04:00
Christoph Hartmann
bb7c532f0f bug fix cpu flags and change default for net.ipv4.conf.all.log_martians 2016-04-29 15:16:57 +02:00
Christoph Hartmann
8ff2ada319 improve style 2016-04-29 13:02:19 +02:00
Christoph Hartmann
dd9706cb45 migrate to inspec profile 2016-04-29 13:02:05 +02:00
Renamed from default/inspec/sysctl_spec.rb (Browse further)