mirror of
https://github.com/dev-sec/linux-baseline
synced 2024-11-26 13:00:21 +00:00
No description
de8b8f15fb
Instead of going for the whitelist and expecting all other SUID/SGID bits to be removed, go for the blacklist in the default profile. This behavior is preferred, since we don't want to enable a search through all nodes on a system for any SUID/SGID bits by default. This search is desired and reasonable in all cases, but many new users will be turned away if we activate it by default. It causes issues with any regularly mounted network filesystems (which take very long) or very large (amount of entries on the filesystem) storage nodes. We will add this point to the documentation, as it's the user's task to mount these components with a nosuid configuration. Signed-off-by: Dominik Richter <dominik.richter@gmail.com> |
||
|---|---|---|
| default | ||
| lockdown/serverspec | ||
| .gitignore | ||
| .rubocop.yml | ||
| .travis.yml | ||
| Gemfile | ||
| Rakefile | ||
| README.md | ||
tests-os-hardening
This are the integration tests for the projects
they start at integration level
you can use the gem kitchen-sharedtests
to make them available to your project. Use thor kitchen:fetch-remote-tests to put the repo into test/integration
Standalone Usage
you can target the integration tests to any host were you have ssh access
rake -T gives you a list of suites you can run (well ignore directories which are obviously not suites for now)
± rake -T
rake serverspec:data_bags # Run serverspec suite data_bags
rake serverspec:default # Run serverspec suite default
run it with:
bundle install
# default user and ssh-key
bundle exec rake serverspec:default target_host=<name-or-ip-of-target-server>
# or with user, host, password
ASK_LOGIN_PASSWORD=true bundle exec rake serverspec:default target_host=192.168.1.222 user=stack
add format=html to get a report.html document