PCI-DSS compliant Debian 10/11/12 hardening
Find a file
2016-04-20 11:29:44 +02:00
bin Added exit code to CIS_ROOT_DIR test def, optimized sed and sort 2016-04-20 11:29:44 +02:00
debian Debianization time 2016-04-18 17:14:56 +02:00
etc Added exit code to CIS_ROOT_DIR test def, optimized sed and sort 2016-04-20 11:29:44 +02:00
lib Added exit code to CIS_ROOT_DIR test def, optimized sed and sort 2016-04-20 11:29:44 +02:00
src
tmp/backups
.gitignore
LICENSE Corrected script names, added License, Completed README and corrected bug with too long logger messages 2016-04-19 09:31:01 +02:00
README add --audit-all-enable-passed, add info in README and help 2016-04-19 20:16:47 +02:00

# CIS Debian 7 Hardening git repository
# Authors : Thibault Dewailly, OVH <thibault.dewailly@corp.ovh.com>
# This is the code base which will be used to fill CIS hardening requirements

# Hardening scripts :
# bin/hardening : Every script has a .cfg associated, status must be defined here

# Configuration
# etc/hardening.cfg : Global variables defined such as backup directory, or log level
# etc/conf.d        : Folder with all .cfg associated to hardening scripts

# Status parameter will define on each script if it has to be disabled (do nothing), audit (RO), enabled (RW)
# Enabled will perform audit and most of the time correct your system accordingly. 
# There is exceptions as it is difficult to know how you want to correct that.

# Main script : 
# bin/hardening.sh : Will execute hardening according to configuration
# Options are :
# --apply                   : Will apply hardening when scripts have status enabled (RW), and audit points where status is audit (RO)
# --audit                   : Will audit hardening when scripts have status enabled or audit (RO)
# --audit-all               : Apply audit (RO) on all scripts
# --audit-all-enable-passed : Apply audit (RO) on all scripts, and *modify* configuration files to enable scripts that passed. In other words, this is an easy way to enable scripts for which you're already compliant. However, please always review each activated script afterwards, this option should only be regarded as a way to kickstart a configuration from scratch faster than otherwise. Don't run this if you have already customized the scripts enable/disable configurations, obviously.