Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2024-11-23 11:43:02 +00:00
Code Issues Projects Releases Packages Wiki Activity
202 commits 17 branches 31 tags 478 KiB
Commit graph

202 commits

This branch
This branch
All branches
Author SHA1 Message Date
Patrick Meier
e9fd0799d5 added complete inspec tests 
Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
 2015-11-26 10:13:00 +01:00
Patrick Meier
3e3635b071 added control for trusted hosts login and Dot in PATH variable 
Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
 2015-11-12 21:22:10 +01:00
Patrick Meier
ad9f9b9a37 added inspec support and removed serverspec tests 
Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
 2015-11-12 20:17:51 +01:00
Christoph Hartmann
5b2147244b simplify tests 2015-10-15 15:41:39 +02:00
Christoph Hartmann
ba0d33e343 Merge pull request #33 from rndmh3ro/improve_tests 
Improve Ansible tests
 2015-09-22 19:49:42 +02:00
Christoph Hartmann
d5ff22561e Merge pull request #34 from rndmh3ro/rm_whitespace 
Remove whitespace
 2015-09-22 19:43:04 +02:00
Sebastian Gumprich
5114ede430 Remove whitespace 2015-09-22 19:15:06 +02:00
Sebastian Gumprich
f0026619b9 Improve Ansible tests 
This change adds more tests to check for different variable uses.
 2015-09-22 19:04:45 +02:00
Christoph Hartmann
8da35fb42c Merge pull request #31 from rndmh3ro/patch-1 
Fix typos
 2015-06-23 07:52:33 -07:00
Sebastian Gumprich
830748e23a Fix typos 2015-06-23 14:28:02 +00:00
Dominik Richter
fab50a1229 Merge pull request #30 from hardening-io/chris-rock-patch-1 
update urls
 2015-06-11 12:49:37 +02:00
Christoph Hartmann
83b870d03c update urls 2015-06-02 00:26:53 +02:00
Christoph Hartmann
549150fad3 Merge pull request #29 from hardening-io/ipv6acceptra 
bugfix: add missing: ipv6 accept_ra = 0
 2015-05-30 06:15:47 -07:00
Dominik Richter
e829dfb662 bugfix: add missing: ipv6 accept_ra = 0 
This was uncovered by @igoraj at https://github.com/hardening-io/puppet-os-hardening/issues/56 .
 2015-05-28 02:03:12 +02:00
Christoph Hartmann
d53f3e27a5 Merge pull request #28 from rndmh3ro/ansible_support 
Ansible support
 2015-05-19 13:15:20 -07:00
Sebastian Gumprich
2f3b67d07e Ansible support 2015-05-19 21:08:05 +00:00
Dominik Richter
a517ad6040 Merge pull request #26 from atomic111/master 
add json format option
 2015-01-14 13:50:02 +01:00
Patrick Meier
9852f1078c add json format option 
Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
 2015-01-14 13:37:40 +01:00
Dominik Richter
1a1b8f5da5 Merge pull request #25 from TelekomLabs/update-common 
Update common
 2014-12-12 19:07:46 +01:00
Dominik Richter
5da19aa6ee updating common files 
updating files: [".rubocop.yml"]
 2014-12-12 01:57:20 +01:00
Dominik Richter
4187449039 updating common files 
updating files: [".rubocop.yml"]
 2014-12-12 01:25:27 +01:00
Patrick Meier
f0014053ce Merge pull request #24 from TelekomLabs/schroot 
feature: add schroot to suid/sgid whitelist
 2014-12-02 18:24:35 +01:00
Dominik Richter
a9c6ef152c feature: add schroot to suid/sgid whitelist 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-12-01 13:42:51 +01:00
Patrick Meier
8b6a416684 Merge pull request #23 from TelekomLabs/update-common 
thank you
 2014-10-28 09:30:06 +01:00
Dominik Richter
347e022aa0 updating common files 
updating files: [".rubocop.yml"]
 2014-10-28 00:04:52 +01:00
Dominik Richter
1f60a3ca9e updating common files 
updating files: [".rubocop.yml"]
 2014-10-27 23:30:25 +01:00
Dominik Richter
9da1d9fdfe updating common files 
updating files: ["lockdown/serverspec/spec_helper.rb", "default/serverspec/spec_helper.rb", ".rubocop.yml"]
 2014-10-27 18:41:56 +01:00
Christoph Hartmann
8b140c47c5 Merge pull request #22 from TelekomLabs/update-common 
updating common files
 2014-10-20 10:54:41 +02:00
Dominik Richter
56d8d06603 updating common files 
updating files: ["Gemfile"]
 2014-10-20 10:58:08 +02:00
Dominik Richter
0fe462c08b updating common files 
updating files: ["lockdown/serverspec/spec_helper.rb", "default/serverspec/spec_helper.rb"]
 2014-10-20 10:14:47 +02:00
Dominik Richter
2e4f659523 update syntax for command.stdout check 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-10-20 10:14:42 +02:00
Dominik Richter
db185e55a2 remove backend checks from each test (move to common) 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-10-20 10:03:08 +02:00
Dominik Richter
84b56e4822 updating common files 
updating files: ["lockdown/serverspec/spec_helper.rb", "default/serverspec/spec_helper.rb"]
 2014-10-20 10:01:50 +02:00
Dominik Richter
2019279a6f add highline 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-10-20 09:56:30 +02:00
Dominik Richter
59ed9633c9 updating common files 2014-10-16 02:46:52 +02:00
Dominik Richter
f8ae22d115 updating common files 2014-10-16 02:14:10 +02:00
Dominik Richter
f81fd221a4 Merge pull request #21 from atomic111/master 
changed GIS to DTAG SEC
 2014-09-14 19:22:54 +02:00
Patrick Meier
63d6ce6069 changed GIS to DTAG SEC 
Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
 2014-09-11 22:10:12 +02:00
Dominik Richter
8b5dffd2b1 Merge pull request #20 from TelekomLabs/lint 
bugfix: lint error
 2014-08-15 19:00:25 +02:00
Christoph Hartmann
ba563593c1 bugfix: lint error 2014-08-15 18:57:18 +02:00
Dominik Richter
40d41efa9f 1.0.0 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-08-13 11:11:08 +02:00
Patrick Meier
d2f57f2ecf Merge pull request #19 from TelekomLabs/lockdown-mode 
Lockdown mode
 2014-07-23 20:48:54 +02:00
Dominik Richter
de8b8f15fb default profile checks SUID/SGID blacklist 
Instead of going for the whitelist and expecting all other SUID/SGID bits to be removed, go for the blacklist in the default profile. This behavior is preferred, since we don't want to enable a search through all nodes on a system for any SUID/SGID bits by default. This search is desired and reasonable in all cases, but many new users will be turned away if we activate it by default. It causes issues with any regularly mounted network filesystems (which take very long) or very large (amount of entries on the filesystem) storage nodes.

We will add this point to the documentation, as it's the user's task to mount these components with a nosuid configuration.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-07-23 15:59:08 +02:00
Dominik Richter
69546f61ff add all current requirements from default -> lockdown 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-07-23 15:50:17 +02:00
Dominik Richter
9436c28ca4 rename modules_disabled -> lockdown 
I.e. create tests for a special hardening profile whose configuration is to lock down all settings. This will include scanning for all unkown SUID-bits as well as kernel configuration with module lockdown.

Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-07-23 15:46:04 +02:00
Dominik Richter
9f03078ee1 fixed puppet license-headers 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-07-23 15:20:08 +02:00
Dominik Richter
8ba4f64725 add missing license headers 
Signed-off-by: Dominik Richter <dominik.richter@gmail.com>
 2014-07-23 00:10:30 +02:00
Dominik Richter
f2f8d295e4 Merge pull request #18 from atomic111/master 
split sysctl_spec.rb, added suid whitliste and uid unique search
 2014-07-22 17:44:05 +02:00
Patrick Meier
0138222d43 FIX linting 
Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
 2014-07-22 17:36:02 +02:00
Patrick Meier
5d91f454b0 added test to check unique UID's 
Signed-off-by: Patrick Meier <patrick.meier111@googlemail.com>
 2014-07-22 16:54:02 +02:00