tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-09-01 06:58:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
harbian-audit/bin/hardening
History
Samson-W e00770d5ff Optimize 9.2.14 audit items, and update README.md README-CN.md
2023-08-25 01:49:11 +08:00
..
1.1_install_updates.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
1.2_enable_verify_sign_packages_from_repository.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
1.3_enable_verify_sign_of_local_packages.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
1.4_set_no_allow_insecure_repository_by_apt.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
2.1_tmp_partition.sh
Modify variable name: *REDHAT to *CENTOS.
2020-03-06 16:02:11 +08:00
2.2_tmp_nodev.sh
Update 2.2 2.3 2.4 7.6 for Debian12.
2023-06-17 10:21:46 +08:00
2.3_tmp_nosuid.sh
Update 2.2 2.3 2.4 7.6 for Debian12.
2023-06-17 10:21:46 +08:00
2.4_tmp_noexec.sh
Update 2.2 2.3 2.4 7.6 for Debian12.
2023-06-17 10:21:46 +08:00
2.5_var_partition.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.6.1_var_tmp_partition.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.6.2_var_tmp_nodev.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.6.3_var_tmp_nosuid.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.6.4_var_tmp_noexec.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.7_var_log_partition.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.8_var_log_audit_partition.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.9_home_partition.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.10_home_nodev.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.11_removable_device_nodev.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.12_removable_device_noexec.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.13_removable_device_nosuid.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.14_run_shm_nodev.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.15_run_shm_nosuid.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.16_run_shm_noexec.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.17_sticky_bit_world_writable_folder.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
2.18_disable_cramfs.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
2.19_disable_freevxfs.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
2.20_disable_jffs2.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
2.21_disable_hfs.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
2.22_disable_hfsplus.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
2.23_disable_squashfs.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
2.24_disable_udf.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
2.25_disable_automounting.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.26_home_nosuid.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.27_nfs_nosuid.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.28_nfs_noexec.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
2.29_nfs_RPCSEC_GSS.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
3.1_bootloader_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
3.2_bootloader_permissions.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
3.3_bootloader_password.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
3.4_root_password.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
4.1_restrict_core_dumps.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
4.2_enable_nx_support.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
4.3_enable_randomized_vm_placement.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
4.4_disable_prelink.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
4.5_enable_apparmor.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
4.6_enable_selinux.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
4.7_enable_selinux_policy.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
4.8_disable_usb_devices.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
5.1.1_disable_nis.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
5.1.2_disable_rsh.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
5.1.3_disable_rsh_client.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
5.1.4_disable_talk.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
5.1.5_disable_talk_client.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
5.1.6_disable_telnet_server.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
5.1.7_disable_inetd.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
5.2_install_screen.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
5.3_enable_openssh_server.sh
Modify variable name: *REDHAT to *CENTOS.
2020-03-06 16:02:11 +08:00
5.4_disable_ctrl_alt_del_target.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
5.5_ensure_installed_sudo.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
6.1_disable_xwindow_system.sh
Fix a bug for 6.1
2020-06-21 04:55:34 +08:00
6.2_disable_avahi_server.sh
Modify variable name: *REDHAT to *CENTOS.
2020-03-06 16:02:11 +08:00
6.3_disable_print_server.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.4_disable_dhcp.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.5_ensure_time_sync_server_is_installed.sh
Add systemd-timesyncd server
2023-03-07 13:55:24 +01:00
6.6_disable_ldap.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.7_disable_nfs_rpc.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.8_disable_dns_server.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.9_disable_ftp.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.10_disable_http_server.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.11_disable_imap_pop.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.12_disable_samba.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
6.13_disable_http_proxy.sh
Optimize the method of uninstallation.
2020-04-17 14:20:04 +08:00
6.14_disable_snmp_server.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
6.15_mta_localhost.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
6.16_disable_rsync.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
6.17_ensure_virul_scan_server_is_enabled.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
6.18_ensure_virusscan_program_update_is_enabled.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
6.19_configure_ntp.sh
Update 6.19_configure_ntp.sh
2023-03-07 11:43:02 +01:00
6.20_configure_chrony.sh
Add systemd-timesyncd server
2023-03-07 13:55:24 +01:00
7.1.1_disable_ip_forwarding.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.1.2_disable_send_packet_redirects.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.1.3_disable_interface_promisc_mode.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.2.1_disable_source_routed_packets.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.2.2_disable_icmp_redirect.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.2.3_disable_secure_icmp_redirect.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.2.4_log_martian_packets.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.2.5_ignore_broadcast_requests.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.2.6_enable_bad_error_message_protection.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.2.7_enable_source_route_validation.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.2.8_enable_tcp_syn_cookies.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.3.1_disable_ipv6_router_advertisement.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.3.2_disable_ipv6_redirect.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.4.1_install_tcp_wrapper.sh
Modify variable name: *REDHAT to *CENTOS.
2020-03-06 16:02:11 +08:00
7.4.2_hosts_allow.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.4.3_hosts_allow_permissions.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.4.4_hosts_deny.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.4.5_hosts_deny_permissions.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
7.6_disable_wireless.sh
Update 2.2 2.3 2.4 7.6 for Debian12.
2023-06-17 10:21:46 +08:00
7.7.1_enable_firewall.sh
Update 7.7.1 for nftables
2023-06-15 01:47:35 +08:00
7.7.2_ensure_set_firewall_rules.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.3_ensure_firewall_set_protect_dos_attacks.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.4.1_ensure_default_deny_firewall_policy.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.4.2_ensure_loopback_traffic_is_configured.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.4.3_ensure_firewall_rules_exist_for_all_open_ports.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.4.4_ensure_outbound_and_established_connections_are_configured.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.5.1_ensure_default_deny_firewall_policy_for_v6.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.5.2_ensure_loopback_traffic_is_configured_for_v6.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.5.3_ensure_firewall_rules_exist_for_all_open_ports_for_v6.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
7.7.5.4_ensure_outbound_and_established_connections_are_configured_for_v6.sh
Fix #44: Debian 11 uses ntfables, not iptables. Update 7.7.2 7.7.3 7.7.4.1 7.7.4.3 7.7.4.4 7.7.5.1 7.7.5.2 7.7.5.3 7.7.5.4 for nftables.
2023-06-17 00:12:06 +08:00
8.0_enable_auditd_kernel.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.1.1.1_audit_log_storage.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.1.1.2_halt_when_audit_log_full.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.1.1.3_keep_all_audit_logs.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.1.1.4_set_failure_mode.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.1.1.5_ensure_set_remote_server.sh
Fix issues #37 need extra checks on audisp path on Ubuntu.
2022-08-25 18:11:23 +00:00
8.1.1.6_ensure_set_encrypt_for_audit_remote.sh
Fix issues #37 need extra checks on audisp path on Ubuntu.
2022-08-25 18:11:23 +00:00
8.1.1.7_ensure_set_action_for_audit_storage_full.sh
Fix issues #37 need extra checks on audisp path on Ubuntu.
2022-08-25 18:11:23 +00:00
8.1.1.8_ensure_set_action_for_net_fail.sh
Fix issues #37 need extra checks on audisp path on Ubuntu.
2022-08-25 18:11:23 +00:00
8.1.1.9_set_space_left_audit.sh
Fix a bug space_left of auditd.conf
2021-07-17 22:46:18 +08:00
8.1.2_enable_auditd.sh
Modify variable name: *REDHAT to *CENTOS.
2020-03-06 16:02:11 +08:00
8.1.3_audit_bootloader.sh
Fix issues #16 8.1.3_audit_bootloader check not accounting entire configs
2020-05-18 18:43:57 +08:00
8.1.4_record_date_time_edit.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.5_record_user_group_edit.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.6_record_network_edit.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.7_record_mac_edit.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.8_record_login_logout.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.9_record_session_init.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.10_record_dac_edit.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.11_record_failed_access_file.sh
Modify related auditd checklist for --dont-auditd-by-uid
2021-06-21 00:07:36 +08:00
8.1.12_record_syscall_execve.sh
Fix issues #15 auditd check has duplicates.
2020-05-17 03:32:12 +08:00
8.1.13_record_successful_mount.sh
Modify related auditd checklist for --dont-auditd-by-uid
2021-06-21 00:07:36 +08:00
8.1.14_record_file_deletions.sh
Modify related auditd checklist for --dont-auditd-by-uid
2021-06-21 00:07:36 +08:00
8.1.15_record_sudoers_edit.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.16_record_sudo_usage.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.17_record_kernel_modules.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.18_record_Events_netfilter.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.19_record_sshkeysign_usage.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.20_record_open_by_handle_at_syscall.sh
Modify related auditd checklist for --dont-auditd-by-uid
2021-06-21 00:07:36 +08:00
8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.24_record_crontab_cmd_usage.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.25_record_pam_timestamp_check_cmd_usage.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.26_record_pam_tally_cmd_usage.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.27_record_Events_that_modify_conf_files.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
8.1.28_record_acl_cmd_usage.sh
Modify related auditd checklist for --dont-auditd-by-uid
2021-06-21 00:07:36 +08:00
8.1.29_record_usermod_cmd_usage.sh
Fix some bugs for Debian12.
2023-06-17 00:14:38 +08:00
8.1.30_record_unix_update_cmd_usage.sh
Modify related auditd checklist for --dont-auditd-by-uid
2021-06-21 00:07:36 +08:00
8.1.31_record_file_transfer_related.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.32_record_ufw_of_debian_like.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.33_record_iptables_restore_exec.sh
Modify some checklists apply check_audit_path
2021-06-22 21:20:30 +08:00
8.1.34_record_privileged_commands.sh
Rename 8.1.31 to 8.1.34, rename 8.1.34 to 8.1.31
2021-06-21 22:59:24 +08:00
8.1.35_freeze_auditd_conf.sh
Add 8.1.32 8.1.33 8.1.34 for auditd rules, and rename 8.1.32 to 8.1.35. Add global variable DONT_AUDITD_BY_UID for enable/disable use UID in the auditd rules.
2021-06-15 21:38:36 +08:00
8.2.1_install_rsyslog.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.2.2_enable_rsyslog.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.2.3_set_logfile_perm_cfg_rsyslog.sh
Fix #51 Autofix improvement: Ensure rsyslog default file permissions are configured. Add method for check FileCreateMode in /etc/rsyslog.d/
2023-07-10 01:11:55 +08:00
8.2.4_rsyslog_remote_host.sh
Delete unimplemented items: 8.2.3 8.3.3 8.6 9.4
2021-06-23 01:43:21 +08:00
8.3.1_install_syslog-ng.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.3.2_enable_syslog-ng.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.3.3_set_logfile_perm.sh
Delete unimplemented items: 8.2.3 8.3.3 8.6 9.4
2021-06-23 01:43:21 +08:00
8.3.4_syslog-ng_remote_host.sh
Delete unimplemented items: 8.2.3 8.3.3 8.6 9.4
2021-06-23 01:43:21 +08:00
8.4.1_install_aide.sh
Modify 8.1.34 for apply --dont-auditd-by-uid, and add aide-common pkg for 8.4.1
2021-06-21 22:23:49 +08:00
8.4.2_aide_cron.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
8.5_ensure_permissions_on_all_logfiles.sh
fix(log directory permissions) : Apply chmod only to logfiles instead of 'log/*'
2021-11-12 15:00:12 +08:00
8.6_verify_integrity_packages.sh
Delete unimplemented items: 8.2.3 8.3.3 8.6 9.4
2021-06-23 01:43:21 +08:00
8.7.1_journald_config_compress.sh
Fix #49: Autofix improvement: Ensure journald is configured to compress large log files
2023-07-15 02:02:58 +08:00
8.7.2_journald_config_storage.sh
Update the description information of 8.7.2
2023-07-15 18:02:28 +08:00
9.1.1_enable_cron.sh
Modify variable name: *REDHAT to *CENTOS.
2020-03-06 16:02:11 +08:00
9.1.2_crontab_perm_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.1.3_cron_hourly_perm_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.1.4_cron_daily_perm_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.1.5_cron_weekly_perm_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.1.6_cron_monthly_perm_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.1.7_cron_d_perm_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.1.8_cron_users.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.2.1_pam_retry_cracklib.sh
Update 9.2.2 for Debian12
2023-06-12 01:23:48 +08:00
9.2.2_pam_minlen_cracklib.sh
Update 9.2.2 for Debian12
2023-06-12 01:23:48 +08:00
9.2.3_pam_dcredit_cracklib.sh
Update 9.2.3 for Debian12
2023-06-12 01:27:48 +08:00
9.2.4_pam_ucredit_cracklib.sh
Fix #43: Debian 11 uses pwquality, not cracklib. Update 9.2.4 9.2.5 9.2.6 9.2.7 9.2.8 9.2.9 9.2.10 for Debian11/Debian12
2023-06-12 01:59:10 +08:00
9.2.5_pam_ocredit_cracklib.sh
Fix #43: Debian 11 uses pwquality, not cracklib. Update 9.2.4 9.2.5 9.2.6 9.2.7 9.2.8 9.2.9 9.2.10 for Debian11/Debian12
2023-06-12 01:59:10 +08:00
9.2.6_pam_lcredit_cracklib.sh
Fix #43: Debian 11 uses pwquality, not cracklib. Update 9.2.4 9.2.5 9.2.6 9.2.7 9.2.8 9.2.9 9.2.10 for Debian11/Debian12
2023-06-12 01:59:10 +08:00
9.2.7_pam_difok_cracklib.sh
Fix #43: Debian 11 uses pwquality, not cracklib. Update 9.2.4 9.2.5 9.2.6 9.2.7 9.2.8 9.2.9 9.2.10 for Debian11/Debian12
2023-06-12 01:59:10 +08:00
9.2.8_pam_minclass_cracklib.sh
Fix #43: Debian 11 uses pwquality, not cracklib. Update 9.2.4 9.2.5 9.2.6 9.2.7 9.2.8 9.2.9 9.2.10 for Debian11/Debian12
2023-06-12 01:59:10 +08:00
9.2.9_pam_maxrepeat_cracklib.sh
Fix #43: Debian 11 uses pwquality, not cracklib. Update 9.2.4 9.2.5 9.2.6 9.2.7 9.2.8 9.2.9 9.2.10 for Debian11/Debian12
2023-06-12 01:59:10 +08:00
9.2.10_pam_maxclassrepeat_cracklib.sh
Fix #43: Debian 11 uses pwquality, not cracklib. Update 9.2.4 9.2.5 9.2.6 9.2.7 9.2.8 9.2.9 9.2.10 for Debian11/Debian12
2023-06-12 01:59:10 +08:00
9.2.11_pam_deny_times_tally2.sh
Update 9.2.11 9.2.12 9.2.13 for Debian12
2023-06-12 02:18:30 +08:00
9.2.12_pam_lockout_failed_tally2.sh
Update 9.2.11 9.2.12 9.2.13 for Debian12
2023-06-12 02:18:30 +08:00
9.2.13_pam_even_deny_root_tally2.sh
Update 9.2.11 9.2.12 9.2.13 for Debian12
2023-06-12 02:18:30 +08:00
9.2.14_pam_dictcheck_pwquality.sh
Optimize 9.2.14 audit items, and update README.md README-CN.md
2023-08-25 01:49:11 +08:00
9.2.15_pam_printlastlog_to_showfailed_lastlog.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
9.2.16_pam_limit_password_reuse.sh
Fix issues #20
2020-09-22 12:52:12 +08:00
9.2.17_pam_password_sha512_unix.sh
Fix #48: Debian 12 errors : Current OS is not support!
2023-06-13 01:23:56 +08:00
9.2.18_pam_auth_without_nullpwd_unix.sh
Add 9.2.14_pam_dictcheck_pwquality.sh
2023-08-24 00:45:51 +08:00
9.3.1_sshd_protocol.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.3.2_sshd_loglevel.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.3_sshd_conf_perm_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.3.4_disable_x11_forwarding.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.5_sshd_maxauthtries.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.6_enable_sshd_ignorerhosts.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.7_disable_sshd_hostbasedauthentication.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.8_disable_root_login.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.9_disable_sshd_permitemptypasswords.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.10_disable_sshd_setenv.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.11_sshd_ciphers.sh
Modify 9.3.11 9.3.21 9.3.24 to adapt the check of default parameter values through the runtime state of sshd configuration.
2020-11-06 01:42:22 +08:00
9.3.12_sshd_idle_timeout.sh
Apply check_sshd_conf_for_one_value_runtime for 9.3.12
2020-11-05 14:20:55 +08:00
9.3.13_sshd_limit_access.sh
Modify description of 9.3.13
2020-07-06 23:22:47 +08:00
9.3.14_ssh_banner.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.15_sshd_printlastlog.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.16_sshd_IgnoreUserKnownHosts.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.17_sshd_GSSAPIAuthentication.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.18_sshd_KerberosAuthentication.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.19_sshd_StrictModes.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.20_sshd_compression.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.3.21_sshd_MACs.sh
Modify 9.3.11 9.3.21 9.3.24 to adapt the check of default parameter values through the runtime state of sshd configuration.
2020-11-06 01:42:22 +08:00
9.3.22_ssh_check_pub_hostkey_permission.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.3.23_ssh_check_priv_hostkey_permission.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
9.3.24_sshd_kexalgorithms.sh
Modify 9.3.11 9.3.21 9.3.24 to adapt the check of default parameter values through the runtime state of sshd configuration.
2020-11-06 01:42:22 +08:00
9.3.25_sshd_logingracetime.sh
Optimize the error message for sshd configuration relate.
2020-11-05 02:47:53 +08:00
9.4_pam_restrict_su.sh
Delete unimplemented items: 8.2.3 8.3.3 8.6 9.4
2021-06-23 01:43:21 +08:00
10.1.1_set_password_exp_days.sh
Modify the values in 10.1.1 and 10.1.2 check items according to U_Red_Hat_Enterprise_Linux_7_V2R5.
2020-03-04 14:47:00 +08:00
10.1.2_set_password_min_days_change.sh
Modify the values in 10.1.1 and 10.1.2 check items according to U_Red_Hat_Enterprise_Linux_7_V2R5.
2020-03-04 14:47:00 +08:00
10.1.3_set_password_exp_warning_days.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
10.1.4_set_password_encrypt_method.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
10.1.5_set_password_lock_inactive_user.sh
Fix a bug: Debian 12 errors : Current OS is not support!
2023-06-17 00:40:38 +08:00
10.1.6_remove_nopasswd_sudoers.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
10.1.7_remove_noauthenticate_sudoers.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
10.1.8_set_fail_delay_seconds.sh
Modify methods name: *_redhat to *_centos.
2020-03-06 03:57:46 +08:00
10.1.9_set_create_home_bool.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
10.1.10_set_maxlogins_for_all_accounts.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
10.1.11_ensure_no_shosts_cfg_on_system.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
10.2_disable_system_accounts.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
10.3_default_root_group.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
10.4_default_umask.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
10.5_set_timeout_tty.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
11.1_warning_banners.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
11.2_remove_os_info_warning_banners.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
12.1_etc_passwd_permissions.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
12.2_etc_shadow_permissions.sh
Modify variable name: *REDHAT to *CENTOS.
2020-03-06 16:02:11 +08:00
12.3_etc_group_permissions.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
12.4_etc_gshadow_permissions.sh
Modify variable name: *REDHAT to *CENTOS.
2020-03-06 16:02:11 +08:00
12.5_etc_passwd_backup_permissions.sh
Fix #40: Shadow utils checks are not possible to maintain with current requirements.
2023-06-17 13:57:38 +08:00
12.6_etc_shadow_backup_permissions.sh
Fix #40: Shadow utils checks are not possible to maintain with current requirements.
2023-06-17 13:57:38 +08:00
12.7_find_world_writable_file.sh
Fix some bugs: When the find command has permission denied, it will exit due to an error, so remove set -e.
2023-07-05 00:11:51 +08:00
12.8_find_unowned_files.sh
Fix some bugs: When the find command has permission denied, it will exit due to an error, so remove set -e.
2023-07-05 00:11:51 +08:00
12.9_find_ungrouped_files.sh
Fix some bugs: When the find command has permission denied, it will exit due to an error, so remove set -e.
2023-07-05 00:11:51 +08:00
12.10_find_suid_files.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
12.11_find_sgid_files.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
12.12_etc_group_backup_permissions.sh
Fix #40: Shadow utils checks are not possible to maintain with current requirements.
2023-06-17 13:57:38 +08:00
12.13_etc_gshadow_backup_permissions.sh
Fix #40: Shadow utils checks are not possible to maintain with current requirements.
2023-06-17 13:57:38 +08:00
13.1_remove_empty_password_field.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.2_remove_legacy_passwd_entries.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.3_remove_legacy_shadow_entries.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.4_remove_legacy_group_entries.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.5_find_0_uid_non_root_account.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.6_sanitize_root_path.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.7_check_user_dir_perm.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.8_check_user_dot_file_perm.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.9_set_perm_on_user_netrc.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.10_find_user_rhosts_files.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.11_find_passwd_group_inconsistencies.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.12_users_valid_homedir.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.13_check_user_homedir_ownership.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.14_check_duplicate_uid.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.15_check_duplicate_gid.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.16_check_duplicate_username.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.17_check_duplicate_groupname.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.18_find_user_netrc_files.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.19_find_user_forward_files.sh
Update comment for Description of which operating systems are implemented.
2020-02-28 00:56:28 +08:00
13.20_shadow_group_empty.sh
Update comment: CentOS8->CentOS 8.
2020-02-28 15:02:13 +08:00
14.1_security_related_NAT_slipstreaming.sh
Fix some bugs about disable kernel module
2023-06-17 11:18:31 +08:00
14.2_check_abuse_777_permissions.sh
Add 14.2: Check abuse 777 permissions
2022-04-01 01:12:42 +08:00