Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2024-11-26 13:00:21 +00:00
Code Issues Projects Releases Packages Wiki Activity
346 commits 17 branches 31 tags 478 KiB
Commit graph

346 commits

This branch
This branch
All branches
Author SHA1 Message Date
Martin Schurz
5247b07871 fix handling of sysctl fs.protected_fifos and fs.protected_regular 
our solution with cmp for fs.protected_fifos did not work. Checking for
all possible values combined with an `or` seems more reasonable here.

Also both sysctl parameters are not available in RHEL7. The chosen
solution seems to be the least complex, that also works on all systems.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2022-07-11 12:05:53 +02:00
dev-sec CI
34b215b87c update inspec.yml and changelog 2022-03-18 19:46:30 +00:00
schurzi
07929ea2d1
Merge pull request #169 from dev-sec/newlint 
Change linting to Cookstyle
 2022-03-18 20:44:54 +01:00
Martin Schurz
e646854c33 apply cookstyle fixes 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2022-03-18 20:41:09 +01:00
Martin Schurz
b06edb2adc use cookstyle for linting 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2022-03-18 20:39:51 +01:00
dev-sec CI
f0084b869f update inspec.yml and changelog 2022-02-14 10:02:12 +00:00
Michée lengronne
f1bff02e51
Merge pull request #168 from magmax/master 
Improve SUID find
 2022-02-14 11:00:03 +01:00
Miguel Angel Garcia
10657ca958 Improve SUID find 
Signed-off-by: Miguel Angel Garcia <miguelangel.garcia@gmail.com>
 2022-02-12 17:38:33 +01:00
dev-sec CI
99a7016135 update inspec.yml and changelog 2022-01-12 17:22:46 +00:00
Michée lengronne
8e3a25a606
Merge pull request #167 from dev-sec/micheelengronne-patch-1 
missing inputs changed
 2022-01-12 18:20:45 +01:00
Michée lengronne
e679f92128 missing inputs changed 
Leftover inputs changed.

Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
 2022-01-12 18:16:37 +01:00
dev-sec CI
4b079b3489 update inspec.yml and changelog 2022-01-12 16:19:03 +00:00
Michée lengronne
b5284b923e
use input instead of attribute (#166) 
* use input instead of attribute

In the last versions of Inspec and cinc-auditor, attribute is deprecated and input should be used.

https://docs.chef.io/workstation/cookstyle/inspec_deprecations_attributehelper/
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>

* Update sysctl_spec.rb

Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>

* Update inspec.yml

Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>

* Update Rakefile

Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
 2022-01-12 17:17:16 +01:00
dev-sec CI
fd9581afec update inspec.yml and changelog 2021-11-23 11:07:35 +00:00
Claudius Heine
1840dbb624
feat: add rules to check noexec, nosuid and nodev mount options (#164) 
Setting the `noexec`, `nosuid` and `nodev` mount options for mount
points where those features are not required, limits possible attack
vectors.

Closes: #163

Signed-off-by: Claudius Heine <ch@denx.de>
 2021-11-23 12:04:53 +01:00
dev-sec CI
e503f97a9d update inspec.yml and changelog 2021-10-19 13:13:33 +00:00
Claudius Heine
00d24baa66
added sysctl-34 for checking link protection settings (#160) 
Common and long-standing exploits regard unprotected links, fifos and
regular files, which are created or controlled by an attacker to gain
access to other files or control over other programs.

Signed-off-by: Claudius Heine <ch@denx.de>
 2021-10-19 15:11:46 +02:00
dev-sec CI
2735730e7f update inspec.yml and changelog 2021-05-06 15:02:19 +00:00
schurzi
74262fe33a
Merge pull request #155 from dev-sec/ipv6 
remove sysctl-18 - ipv6 no longer needs to be disabled
 2021-05-06 16:13:35 +02:00
Martin Schurz
c017b3ae5b remove sysctl-18 - ipv6 no longer needs to be disabled 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-05-05 23:39:44 +02:00
dev-sec CI
f8a5837b94 update inspec.yml and changelog 2021-04-29 10:34:13 +00:00
Sebastian Gumprich
d5022560cc
Merge pull request #154 from dev-sec/remove_control_07 
remove control package-07
 2021-04-29 12:32:19 +02:00
Sebastian Gumprich
24a0c85b05 remove control package-07 
As per https://github.com/dev-sec/linux-baseline/issues/149

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-04-29 07:42:31 +02:00
dev-sec CI
07aa6dbb03 update inspec.yml and changelog 2021-04-24 14:14:08 +00:00
schurzi
48e616579a
Merge pull request #153 from dev-sec/fix_rakefile 
fix rubocop error for Rakefile
 2021-04-24 16:12:17 +02:00
Martin Schurz
2322cead32 fix rubocop error for Rakefile 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-04-24 16:11:14 +02:00
dev-sec CI
91a0aa943a update inspec.yml and changelog 2021-03-24 06:57:25 +00:00
Sebastian Gumprich
7e2ddf6a79
Merge pull request #152 from joubbi/source_routing 
Disable source routing for IPv6.
 2021-03-24 07:55:04 +01:00
Farid Joubbi
39591a223e Disable source routing for IPv6. See c3b5a3afd01eb06d184e9cac6c1df6b85a36e13b 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-24 07:33:19 +01:00
dev-sec CI
5487f624ec update inspec.yml and changelog 2021-03-22 22:23:48 +00:00
schurzi
c24d5ec64e
Merge pull request #151 from dev-sec/ci_fix 
add dependency to chef-config for CI
 2021-03-22 23:20:57 +01:00
Martin Schurz
b4f6b912a9 add dependency to chef-config for CI 
the gem chef-config is contained in both repos rubygems.org and cinc-project. This seems to confuse bundler when installing gems.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-22 23:19:18 +01:00
dev-sec CI
8da3825e07 update inspec.yml and changelog 2021-02-22 09:26:09 +00:00
Sebastian Gumprich
11e04dd00c
Merge pull request #150 from dev-sec/cron 
add cron permissions hardening
 2021-02-22 10:07:18 +01:00
Sebastian Gumprich
559b16752f Add empty line after guard clause 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-02-22 09:53:12 +01:00
Sebastian Gumprich
06acbe35b8 add cron permissions hardening 2021-02-22 09:47:05 +01:00
dev-sec CI
df6b9523cd update inspec.yml and changelog 2021-02-02 14:58:58 +00:00
schurzi
638dee60b9
Merge pull request #148 from dev-sec/changelog_gen_v1 
use version tag for changelog action
 2021-02-02 14:42:19 +01:00
Martin Schurz
15c18981dc use version tag for changelog action 
Referencing actions by the short SHA will be deprecated soon

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-02 10:09:00 +01:00
dev-sec CI
e12e4d56ec update inspec.yml and changelog 2021-01-29 14:44:46 +00:00
schurzi
f7d1560333
Merge pull request #147 from dev-sec/super_fix 
fix super call
 2021-01-29 15:42:05 +01:00
Martin Schurz
8e505f9b99 fix super call 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-01-29 15:37:05 +01:00
dev-sec CI
be16dbaa77 update inspec.yml and changelog 2021-01-29 10:29:57 +00:00
schurzi
4dddfaa89a
update code to conform to new linting rules (#145) 
* update code to conform to new linting rules

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* disable unneeded linting rule

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-01-29 11:27:31 +01:00
dev-sec CI
80e931fabb update inspec.yml and changelog 2021-01-26 10:46:01 +00:00
schurzi
91f288678c
Merge pull request #144 from dev-sec/github_action 
add github action for tests, replace travis
 2021-01-26 11:43:23 +01:00
Sebastian Gumprich
ce7cf2a184 add scheduled run 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-01-26 09:13:05 +01:00
Sebastian Gumprich
c697beb94a rm travis 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-01-25 21:18:59 +01:00
Sebastian Gumprich
936fcf2bec rename cop 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-01-25 21:16:15 +01:00
Sebastian Gumprich
103e71d2f0 add github action for testing 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-01-25 21:14:09 +01:00