schurzi
d06e065952
Use current source for CINC packages
2024-08-21 09:37:12 +02:00
dev-sec CI
0adb7a2c57
update inspec.yml and changelog
2023-11-19 15:51:11 +00:00
schurzi
1b2026ff42
Merge pull request #184 from dev-sec/inspec6
...
ensure compatibility with new inspec version
2023-11-19 16:50:04 +01:00
Martin Schurz
19825b5565
fix formating
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-19 16:49:11 +01:00
Martin Schurz
ba94b91d38
add all inputs
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-19 01:12:44 +01:00
Martin Schurz
d079b4a57f
use only metadata
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-19 01:08:45 +01:00
Martin Schurz
b850f351b6
ensure compatibility with new inspec version
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-18 21:35:28 +01:00
Martin Schurz
11471d5507
ensure compatibility with new inspec version
...
Signed-off-by: Martin Schurz <Martin.Schurz@telekom.de>
2023-11-18 21:27:23 +01:00
dev-sec CI
fe9081f632
update inspec.yml and changelog
2023-05-02 12:53:14 +00:00
schurzi
9d57fead33
Merge pull request #183 from dev-sec/codespell
...
add spellchecking with codespell
2023-05-02 14:51:35 +02:00
Martin Schurz
6cfbd386f0
fix spelling errors
...
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2023-04-30 19:11:41 +02:00
Martin Schurz
fe8a9eff9f
add codespell action
...
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2023-04-30 19:01:33 +02:00
dev-sec CI
ce0e4c6a31
update inspec.yml and changelog
2023-03-31 08:43:53 +00:00
schurzi
7b4d99ac85
Merge pull request #182 from dev-sec/renovate/configure
...
Configure Renovate
2023-03-31 10:42:08 +02:00
Martin Schurz
23c1c028a3
configure renovate
...
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2023-03-31 10:41:46 +02:00
renovate[bot]
641ad36898
Add renovate.json
2023-03-29 21:44:26 +00:00
dev-sec CI
d962a5de64
update inspec.yml and changelog
2022-12-12 08:42:57 +00:00
schurzi
823e2b9dce
Merge pull request #180 from dev-sec/fix_sysctl_ipv6
...
fix wrong sysctl
2022-12-12 09:41:06 +01:00
Sebastian Gumprich
7a6e7162fe
fix wrong sysctl
...
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2022-12-12 09:13:26 +01:00
dev-sec CI
fcd64d719c
update inspec.yml and changelog
2022-11-30 15:18:51 +00:00
schurzi
7075e76ed9
Merge pull request #179 from dev-sec/extend_sysctls
...
extend sysctls for ipv6
2022-11-30 16:17:04 +01:00
Sebastian Gumprich
c15739b961
extend sysctls for ipv6
...
see https://docs.vmware.com/en/vRealize-Operations/8.6/com.vmware.vcom.core.doc/GUID-16BDA67D-914A-484C-97CA-8624F4881605.html and https://docs.vmware.com/en/vRealize-Operations/8.6/com.vmware.vcom.core.doc/GUID-37B91C4A-5E1E-4F8E-BC59-B3552BA7CDFA.html
also see https://github.com/dev-sec/ansible-collection-hardening/pull/607/
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2022-11-30 15:21:55 +01:00
dev-sec CI
666e709253
update inspec.yml and changelog
2022-10-28 05:18:33 +00:00
Sebastian Gumprich
ecf5ab6563
Merge pull request #178 from dev-sec/central_workflow
...
use centralised issue templates and workflows
2022-10-28 07:16:53 +02:00
Martin Schurz
4b7d398376
use centralised issue templates and workflows
...
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2022-10-26 20:18:18 +02:00
dev-sec CI
faa71996fb
update inspec.yml and changelog
2022-09-29 07:24:47 +00:00
Sebastian Gumprich
48f72d8c10
Update release.yml
2022-09-29 09:23:02 +02:00
Sebastian Gumprich
7d75f2a0c1
Update release.yml
2022-09-29 09:21:18 +02:00
schurzi
7ce5a1d218
Merge pull request #177 from dev-sec/rndmh3ro-patch-1
...
remove entropy-test
2022-09-24 15:46:05 +02:00
Sebastian Gumprich
a04baec3b3
remove entropy-test
...
see https://github.com/dev-sec/linux-baseline/issues/176
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
2022-09-23 13:10:32 +02:00
schurzi
436bf2f4ae
Merge pull request #175 from dev-sec/ubuntu22
...
only disable SquashFS if it's not needed
2022-08-06 15:55:57 +02:00
Martin Schurz
92cedeb529
only disable SquashFS if it's not needed
...
Ubuntu Snaps need SquashFS so we cannot disable it easily. Instead we
check for running Snap Service.
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2022-08-06 15:08:28 +02:00
schurzi
81ce2ab60c
Merge pull request #172 from dev-sec/protected_fifos
...
fix handling of sysctl fs.protected_fifos and fs.protected_regular
2022-07-11 12:17:52 +02:00
Martin Schurz
5247b07871
fix handling of sysctl fs.protected_fifos and fs.protected_regular
...
our solution with cmp for fs.protected_fifos did not work. Checking for
all possible values combined with an `or` seems more reasonable here.
Also both sysctl parameters are not available in RHEL7. The chosen
solution seems to be the least complex, that also works on all systems.
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2022-07-11 12:05:53 +02:00
dev-sec CI
34b215b87c
update inspec.yml and changelog
2022-03-18 19:46:30 +00:00
schurzi
07929ea2d1
Merge pull request #169 from dev-sec/newlint
...
Change linting to Cookstyle
2022-03-18 20:44:54 +01:00
Martin Schurz
e646854c33
apply cookstyle fixes
...
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2022-03-18 20:41:09 +01:00
Martin Schurz
b06edb2adc
use cookstyle for linting
...
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
2022-03-18 20:39:51 +01:00
dev-sec CI
f0084b869f
update inspec.yml and changelog
2022-02-14 10:02:12 +00:00
Michée lengronne
f1bff02e51
Merge pull request #168 from magmax/master
...
Improve SUID find
2022-02-14 11:00:03 +01:00
Miguel Angel Garcia
10657ca958
Improve SUID find
...
Signed-off-by: Miguel Angel Garcia <miguelangel.garcia@gmail.com>
2022-02-12 17:38:33 +01:00
dev-sec CI
99a7016135
update inspec.yml and changelog
2022-01-12 17:22:46 +00:00
Michée lengronne
8e3a25a606
Merge pull request #167 from dev-sec/micheelengronne-patch-1
...
missing inputs changed
2022-01-12 18:20:45 +01:00
Michée lengronne
e679f92128
missing inputs changed
...
Leftover inputs changed.
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
2022-01-12 18:16:37 +01:00
dev-sec CI
4b079b3489
update inspec.yml and changelog
2022-01-12 16:19:03 +00:00
Michée lengronne
b5284b923e
use input instead of attribute ( #166 )
...
* use input instead of attribute
In the last versions of Inspec and cinc-auditor, attribute is deprecated and input should be used.
https://docs.chef.io/workstation/cookstyle/inspec_deprecations_attributehelper/
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
* Update sysctl_spec.rb
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
* Update inspec.yml
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
* Update Rakefile
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
2022-01-12 17:17:16 +01:00
dev-sec CI
fd9581afec
update inspec.yml and changelog
2021-11-23 11:07:35 +00:00
Claudius Heine
1840dbb624
feat: add rules to check noexec, nosuid and nodev mount options ( #164 )
...
Setting the `noexec`, `nosuid` and `nodev` mount options for mount
points where those features are not required, limits possible attack
vectors.
Closes : #163
Signed-off-by: Claudius Heine <ch@denx.de>
2021-11-23 12:04:53 +01:00
dev-sec CI
e503f97a9d
update inspec.yml and changelog
2021-10-19 13:13:33 +00:00
Claudius Heine
00d24baa66
added sysctl-34 for checking link protection settings ( #160 )
...
Common and long-standing exploits regard unprotected links, fifos and
regular files, which are created or controlled by an attacker to gain
access to other files or control over other programs.
Signed-off-by: Claudius Heine <ch@denx.de>
2021-10-19 15:11:46 +02:00