Stephen Hoekstra
46acd83cf0
Update Fedora controls
2017-11-20 09:31:07 +01:00
Artem Sidorenko
3c427b8bc0
Merge pull request #82 from strangeman/redhat-tunes
...
Tune some parameters for RedHat system
2017-11-07 16:11:55 +01:00
Anton Markelov
a5fb285c48
Use more strict defaults for redhat
2017-11-07 17:58:32 +10:00
Artem Sidorenko
f31904ff02
Merge pull request #81 from rndmh3ro/logcheck
...
add logdir-check
2017-10-31 13:55:19 +01:00
Sebastian Gumprich
9c138b8c54
add logdir-check
2017-10-24 10:12:07 +02:00
Patrick Münch
c72d8adad0
Merge pull request #76 from HenryTheHamster/master
...
Check for Amazon Linux when determining audit package.
2017-08-10 09:22:55 +02:00
Patrick Münch
8b33eab5c3
Merge pull request #73 from bitvijays/cis_prelink_disable
...
CIS 1.5.4 Ensure prelink is disabled
2017-07-14 13:27:42 +02:00
Patrick Münch
60ae1a5723
Merge pull request #77 from mcgege/search-opt
...
Optimize file search routines
2017-07-14 08:56:01 +02:00
andy shaw
4f518580a7
Use od name over family.
...
Signed-off-by: andy shaw <shawry@shawry.com>
2017-07-14 09:54:00 +10:00
Michael Geiger
c5dc86b78a
Optimize file search routines
...
- Remove redundant search for .rhosts files from os-01 (see os-09)
- Direct lookup of /etc/hosts.equiv instead of recursive search (os-01)
- Limit find to 3 sublevels in os-09
Signed-off-by: Michael Geiger <info@mgeiger.de>
2017-07-13 20:23:20 +02:00
andy shaw
0a753a2dd7
Update package_spec.rb
2017-07-12 16:42:04 +10:00
andy shaw
83b49d0e82
Update package_spec.rb
2017-07-12 16:39:08 +10:00
andy shaw
15315c5dd4
Update package_spec.rb
2017-07-12 16:17:03 +10:00
Patrick Münch
f8ac0dd4a5
Merge pull request #74 from lnxchk/patch-1
...
Update package_spec.rb
2017-07-07 07:16:29 +02:00
Patrick Münch
38573dda17
Merge pull request #71 from bitvijays/cis_disable_unused_filesystem
...
1.1.1 CIS Disable unused filesystem
2017-07-07 07:12:17 +02:00
Mandi Walls
2369b63ede
Update package_spec.rb
...
Fix the spelling of "password"
2017-07-06 14:10:19 +01:00
Artem Sidorenko
bf4b10776a
Merge pull request #72 from bitvijays/log_martian_default
...
Added net.ipv4.conf.default.log_martians for Martian Packets in sysctl_spec.rb
2017-07-04 13:28:46 +02:00
bitvijays
56784530de
Added net.ipv4.conf.default.log_martians for Martian Packets in Sysctl-17
...
Signed-off-by: bitvijays <bitvijays@gmail.com>
2017-07-04 14:03:56 +05:30
bitvijays
98bf7b9f49
CIS 1.1.1 Disable unused filesystems
...
Removed extra line
Signed-off-by: bitvijays <bitvijays@gmail.com>
2017-07-04 02:12:43 +05:30
bitvijays
3303c00721
CIS 1.5.4 Ensure prelink is disabled
...
Signed-off-by: bitvijays <bitvijays@gmail.com>
2017-07-04 02:04:40 +05:30
Christoph Hartmann
e192b1e766
Merge pull request #70 from mcgege/os-02
...
os-02: Fix for SUSE environments
2017-06-27 04:51:21 -07:00
Michael Geiger
c310414967
os-02: Fix for SUSE environments
...
Signed-off-by: Michael Geiger <michael.geiger@telekom.de>
2017-06-27 09:51:39 +02:00
Artem Sidorenko
b13f83bf76
Merge pull request #69 from mcgege/package-08-suse
...
On SUSE environments 'auditd' is part of package 'audit'
2017-06-26 12:15:25 +02:00
Michael Geiger
c439a23d3b
On SUSE environments 'auditd' is part of package 'audit'
2017-06-26 11:59:23 +02:00
Patrick Münch
21b6d82a2f
Merge pull request #68 from dev-sec/chris-rock/spdx
...
use recommended spdx license identifier
2017-06-26 07:46:23 +02:00
Christoph Hartmann
5b52c3b5ae
use recommended spdx license identifier
...
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-06-25 18:08:49 +02:00
Patrick Münch
e9d0e48d98
Merge pull request #66 from artem-forks/ruby-2.4
...
CI: update to ruby 2.4.1 and rubocop 0.49.1
2017-06-02 11:04:20 +02:00
Artem Sidorenko
16d47e8dc5
CI: update to ruby 2.4.1 and rubocop 0.49.1
...
Chef 13 is also using ruby 2.4.1 in the omnibus packages
Signed-off-by: Artem Sidorenko <artem@posteo.de>
2017-06-01 23:43:45 +02:00
Patrick Münch
105ec0fc99
Merge pull request #63 from artem-forks/num_logs
...
num_logs has different values on different distros
2017-05-31 11:56:23 +02:00
Christoph Hartmann
3a83bad322
Merge pull request #64 from dev-sec/ap/assignment_re-update
...
Use assignment_regex, only_if and bump profile version
2017-05-30 08:11:32 -04:00
Alex Pop
4f5fc943dd
Use only_if to avoid upload warning
2017-05-30 11:37:27 +01:00
Alex Pop
085b42857e
Use assignment_regex and bump profile version
2017-05-30 11:27:37 +01:00
Artem Sidorenko
4d63500d9a
num_logs has different values on different distros
...
on debian 7 its 4, on everything else its 5
Lets remove this as it looks related only to logrotation
2017-05-27 21:53:57 +02:00
Patrick Münch
6563cb32dc
Merge pull request #62 from artem-sidorenko/kernel-modules
...
Allow verification if kernel modules loading is disabled
2017-05-26 20:58:43 +02:00
Artem Sidorenko
deb96a624e
Allow verification if kernel modules loading is disabled
...
Signed-off-by: Artem Sidorenko <artem@posteo.de>
2017-05-22 19:53:35 +02:00
Patrick Münch
a493413969
Merge pull request #61 from artem-sidorenko/audit-fixes
...
Fix: more generic auditd settings
2017-05-15 10:33:19 +02:00
Artem Sidorenko
97c7be99d2
Fix: more generic auditd settings
...
in order to match the defaults of all mainstream distros
Some of settings are removed, as the defaults of distros are different,
based on the intention of author [1] they are also not really important here
[1]: https://github.com/dev-sec/linux-baseline/pull/44#commitcomment-21381289
Signed-off-by: Artem Sidorenko <artem@posteo.de>
2017-05-10 23:53:43 +02:00
Christoph Hartmann
6648a15447
2.1.0
...
Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
2017-05-08 15:15:47 +02:00
Artem Sidorenko
6eeb5ec082
Merge pull request #58 from dev-sec/chris-rock/metadata
...
update metadata
2017-04-28 23:43:10 +02:00
Christoph Hartmann
390b256a2b
update metadata
2017-04-28 22:21:14 +02:00
Christoph Hartmann
10af912275
Merge pull request #57 from atomic111/master
...
update gemfile
2017-04-04 10:28:47 +02:00
Patrick Münch
e2b85f26a9
update gemfile
...
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
2017-04-04 10:19:53 +02:00
Christoph Hartmann
07d60033b7
Merge pull request #56 from atomic111/master
...
restrict ruby testing to version 2.3.3
2017-04-04 10:07:02 +02:00
Patrick Münch
320d60ac1a
restrict ruby testing to version 2.3.3
...
Signed-off-by: Patrick Münch <patrick.muench1111@gmail.com>
2017-04-04 10:02:06 +02:00
Patrick Münch
12b317ee26
Merge pull request #52 from artem-sidorenko/kernel-dump
...
Properly verify the kernel dump setting
2017-03-16 08:19:12 +01:00
Artem Sidorenko
e3df2dbb13
Verify the dump path only if dumpable is set to suidsafe
...
See this discussion 790371c5fd (commitcomment-21277650)
2017-03-13 19:56:44 +01:00
Artem Sidorenko
8f763e51b4
Properly verify the kernel dump setting
...
0 and 2 are the allowed options
2017-03-12 17:48:32 +01:00
Christoph Hartmann
58810fec3c
Merge pull request #51 from iamthemuffinman/master
...
auditd package is called audit in the rhel family
2017-02-16 17:59:06 +01:00
iamthemuffinman
50f719d9f6
Use one block
2017-02-16 11:27:32 -05:00
iamthemuffinman
31ca8e8f98
auditd package is called audit in the rhel family
2017-02-15 17:16:40 -05:00