ovh / debian-cis

PCI-DSS compliant Debian 10/11/12 hardening

ovh/debian-cis Issues

5.4.5_default_timeout.sh missing HARDENING_LEVEL
Updated a month ago
What CIS Benchmark is used exactly ? What do I implement ?
Closed a month ago1
How to use debian-cis? [explained for non expert Linux admins]
Closed a month ago5
Ignoring path requires 3 different variables
Updated 3 months ago1
hardening.sh --set-hardening-level does not work
Closed 4 months ago1
Unable to deploy this script on Ubuntu 22.o LTS
Closed 4 months ago5
[5.2.18] Script breaks due to space separation in ALLOWED_USERS
Closed 4 months ago
wrong check of REMOTE_HOST in 4.2.1.6_remote_syslog-ng_acl.sh
Closed 5 months ago
Use multiple scripts with only option
Closed 5 months ago1
Update README.md to Represent Actual Hardening Abilities
Closed 5 months ago1
can follow the guide, can't read etc/default/cis-hardening: No such file or directory
Closed 5 months ago1
Fix Quickstart, missing character
Closed 5 months ago1
Seeking approval for relicensing of software
Closed 5 months ago1
Password hashes in /etc/shadow not SHA512
Closed 6 months ago1
Deprecated check 99.5.2.8_ssh_sys_sandbox
Closed 6 months ago1
Debian 11 goes into tty mode(commmand line mode) after apply level 3 hardening
Updated 8 months ago2
nftables is not checked.
Closed 9 months ago1
Script 2.2.1.1_use_time_sync not checking for systemd-timesyncd
Closed 9 months ago2
ntp service is checked even chrony is installed and configured
Closed 9 months ago7
CIS Benchmark numbering doesn't match CIS official docs
Closed 9 months ago1
Is this script compatible with Debian 12 ?
Closed 9 months ago2
5.2.15 script not looking for match defined in the CIS_Debian_Linux_10_Benchmark_v1.0.0.pdf
Closed 9 months ago3
Does the about section need to be updated?
Closed 9 months ago3
Debain 11 Crashed when enable selinux enforcing mode
Updated 9 months ago1
Use a uniformized way to manage EXCEPTIONS
Closed a year ago1
Audit logging rules not persistent
Closed a year ago
flawed functions easily fixed: is_a_partition and has_mount_option
Closed a year ago
5.4.5 Does Not Append Correctly Nor to Correct Files
Closed a year ago1
unknown compression for member 'control.tar.zst', giving up
Closed a year ago
Adapt 5.3.4 (password hashing algorithm) to Debian11
Closed a year ago
99.1.3_acc_sudoers_no_all.sh: timeout with large sudoers.d/
Closed a year ago
Double users_valid_homedir.sh
Closed 2 years ago1
Debian 11 support ?
Closed 2 years ago1
Debian 11
Closed 2 years ago3
chrony and ntp checks should skip if package is not installed
Closed 2 years ago3
LOGLEVEL config option takes precedence over `--set-log-level' parameter
Closed 2 years ago
SSH protocol 2 check is obsolete
Closed 3 years ago5
Show only failed scripts
Closed 3 years ago1
acc_shadow_sha512 does not recognise SHA512 password with options
Closed 3 years ago
acc_logindefs_sha512 does not need to reload ssh
Closed 3 years ago
5.4.5_default_timeout miss TMOUT detection
Closed 3 years ago
question: isn't UsePrivilegeSeparation deprecated?
Closed 3 years ago2
5.2.7 and 5.2.23 fails when configured number is lower than the expected one
Closed 3 years ago
2.2.1.2 allways fails cause systemd-timesyncd isn't detected correctly
Closed 3 years ago
lsmod and modprobe need to be run with sudo
Closed 3 years ago
Need variable EXCEPTION for 1.1.21 and 6.1.10
Closed 3 years ago
Test that stderr is empty
Closed 3 years ago
99.5.2.8_ssh_sys_sandbox - UsePrivilegeSeparation
Closed 3 years ago1
Addition of auditd rules in not persistent
Closed 3 years ago1
Case is not important for sshd configuration
Closed 3 years ago