Mirrors/linux-baseline
2
0
Fork 0
mirror of https://github.com/dev-sec/linux-baseline synced 2024-11-22 19:23:02 +00:00
Code Issues Projects Releases Packages Wiki Activity
379 commits 17 branches 31 tags 478 KiB
Commit graph

379 commits

This branch
This branch
All branches
Author SHA1 Message Date
dev-sec CI
2735730e7f update inspec.yml and changelog 2021-05-06 15:02:19 +00:00
schurzi
74262fe33a
Merge pull request #155 from dev-sec/ipv6 
remove sysctl-18 - ipv6 no longer needs to be disabled
 2021-05-06 16:13:35 +02:00
Martin Schurz
c017b3ae5b remove sysctl-18 - ipv6 no longer needs to be disabled 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-05-05 23:39:44 +02:00
dev-sec CI
f8a5837b94 update inspec.yml and changelog 2021-04-29 10:34:13 +00:00
Sebastian Gumprich
d5022560cc
Merge pull request #154 from dev-sec/remove_control_07 
remove control package-07
 2021-04-29 12:32:19 +02:00
Sebastian Gumprich
24a0c85b05 remove control package-07 
As per https://github.com/dev-sec/linux-baseline/issues/149

Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-04-29 07:42:31 +02:00
dev-sec CI
07aa6dbb03 update inspec.yml and changelog 2021-04-24 14:14:08 +00:00
schurzi
48e616579a
Merge pull request #153 from dev-sec/fix_rakefile 
fix rubocop error for Rakefile
 2021-04-24 16:12:17 +02:00
Martin Schurz
2322cead32 fix rubocop error for Rakefile 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-04-24 16:11:14 +02:00
dev-sec CI
91a0aa943a update inspec.yml and changelog 2021-03-24 06:57:25 +00:00
Sebastian Gumprich
7e2ddf6a79
Merge pull request #152 from joubbi/source_routing 
Disable source routing for IPv6.
 2021-03-24 07:55:04 +01:00
Farid Joubbi
39591a223e Disable source routing for IPv6. See c3b5a3afd01eb06d184e9cac6c1df6b85a36e13b 
Signed-off-by: Farid Joubbi <farid@joubbi.se>
 2021-03-24 07:33:19 +01:00
dev-sec CI
5487f624ec update inspec.yml and changelog 2021-03-22 22:23:48 +00:00
schurzi
c24d5ec64e
Merge pull request #151 from dev-sec/ci_fix 
add dependency to chef-config for CI
 2021-03-22 23:20:57 +01:00
Martin Schurz
b4f6b912a9 add dependency to chef-config for CI 
the gem chef-config is contained in both repos rubygems.org and cinc-project. This seems to confuse bundler when installing gems.

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-03-22 23:19:18 +01:00
dev-sec CI
8da3825e07 update inspec.yml and changelog 2021-02-22 09:26:09 +00:00
Sebastian Gumprich
11e04dd00c
Merge pull request #150 from dev-sec/cron 
add cron permissions hardening
 2021-02-22 10:07:18 +01:00
Sebastian Gumprich
559b16752f Add empty line after guard clause 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-02-22 09:53:12 +01:00
Sebastian Gumprich
06acbe35b8 add cron permissions hardening 2021-02-22 09:47:05 +01:00
dev-sec CI
df6b9523cd update inspec.yml and changelog 2021-02-02 14:58:58 +00:00
schurzi
638dee60b9
Merge pull request #148 from dev-sec/changelog_gen_v1 
use version tag for changelog action
 2021-02-02 14:42:19 +01:00
Martin Schurz
15c18981dc use version tag for changelog action 
Referencing actions by the short SHA will be deprecated soon

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-02-02 10:09:00 +01:00
dev-sec CI
e12e4d56ec update inspec.yml and changelog 2021-01-29 14:44:46 +00:00
schurzi
f7d1560333
Merge pull request #147 from dev-sec/super_fix 
fix super call
 2021-01-29 15:42:05 +01:00
Martin Schurz
8e505f9b99 fix super call 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-01-29 15:37:05 +01:00
dev-sec CI
be16dbaa77 update inspec.yml and changelog 2021-01-29 10:29:57 +00:00
schurzi
4dddfaa89a
update code to conform to new linting rules (#145) 
* update code to conform to new linting rules

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>

* disable unneeded linting rule

Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2021-01-29 11:27:31 +01:00
dev-sec CI
80e931fabb update inspec.yml and changelog 2021-01-26 10:46:01 +00:00
schurzi
91f288678c
Merge pull request #144 from dev-sec/github_action 
add github action for tests, replace travis
 2021-01-26 11:43:23 +01:00
Sebastian Gumprich
ce7cf2a184 add scheduled run 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-01-26 09:13:05 +01:00
Sebastian Gumprich
c697beb94a rm travis 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-01-25 21:18:59 +01:00
Sebastian Gumprich
936fcf2bec rename cop 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-01-25 21:16:15 +01:00
Sebastian Gumprich
103e71d2f0 add github action for testing 
Signed-off-by: Sebastian Gumprich <sebastian.gumprich@t-systems.com>
 2021-01-25 21:14:09 +01:00
dev-sec CI
ae6af7c007 update inspec.yml and changelog 2021-01-25 09:09:00 +00:00
Danny
bc7d6483ab
Fix tiny typo (#143) 
rigths -> rights

Signed-off-by: Danny <1330413+danwit@users.noreply.github.com>
 2021-01-25 10:06:25 +01:00
dev-sec CI
11638378f2 update inspec.yml and changelog 2020-12-28 08:42:08 +00:00
Michée lengronne
8fa58f7319
Merge pull request #142 from mcgege/arp-ignore 
Allow arp_ignore = 2
 2020-12-28 09:39:44 +01:00
Michael Geiger
8f028d0386 Setting net.ipv4.conf.all.arp_ignore = 2 is used as a secure default in 
many places now and should be a valid option

Signed-off-by: Michael Geiger <info@mgeiger.de>
 2020-12-26 11:37:06 +01:00
dev-sec CI
150f365db3 update inspec.yml and changelog 2020-12-16 21:07:00 +00:00
Michée lengronne
a0de5c6553
Merge pull request #141 from schurzi/docker_cpuvuln 
only check cpu vulnerabilities if not in container
 2020-12-16 22:04:11 +01:00
Martin Schurz
beb89ca8f1 only check cpu vulnerabilities if not in container 
Signed-off-by: Martin Schurz <Martin.Schurz@t-systems.com>
 2020-12-16 21:22:48 +01:00
dev-sec CI
6468210bf7 update inspec.yml and changelog 2020-11-05 09:58:08 +00:00
Sebastian Gumprich
f2fad5442b
Merge pull request #138 from imjoseangel/ISSUE114 
feat(osbaseline): support validation for cpu vulnerabilities
 2020-11-05 10:55:41 +01:00
imjoseangel
f0873c7613
Add both vuln and Vuln 
Signed-off-by: imjoseangel <josea.munoz@gmail.com>
 2020-11-05 09:33:37 +01:00
imjoseangel
b03f36e508
Easiest solution for vuln string 
Signed-off-by: imjoseangel <josea.munoz@gmail.com>
 2020-11-05 09:11:52 +01:00
imjoseangel
a936317204
feat(osbaseline): support validation for cpu vulnerabilities 
Detects if vulnerabilities directory exists. If so checks all the files inside if any.

Signed-off-by: imjoseangel <josea.munoz@gmail.com>
 2020-11-05 09:11:27 +01:00
dev-sec CI
8ee448e3e2 update inspec.yml and changelog 2020-08-25 13:40:55 +00:00
Sebastian Gumprich
bb464225bb
Merge pull request #136 from dev-sec/arch_support 
add archlinux-support for audit-check
 2020-08-25 15:38:20 +02:00
Sebastian Gumprich
6908002ab1 add archlinux-support for audit-check 
Signed-off-by: Sebastian Gumprich <github@gumpri.ch>
 2020-08-22 14:05:24 +02:00
dev-sec CI
aa5adfa859 update inspec.yml and changelog 2020-07-23 12:41:27 +00:00