dda5fab968
Drop CIS 5.4.1.4
CIS 5.4.1.4 should be configured in /etc/default/useradd
cis-5-4-1-4.yml attempts to configure this item in
pillar that relates to /etc/login.defs and should be removed.
Related-Prod: PROD-23600
Change-Id: Iea93a54a44df919c07001fc02e3551276ef9583c
6年前
579f6df95c
CIS 5.4.4
* 5.4.4 Ensure default user umask is 027 or more restrictive (Scored)
Change-Id: Idc219e7f6e8ab4b7e3d24a36f95f8aab4eff3160
Related-Prod: PROD-18386
6年前
bf79ba4369
CIS 5.4.1.x
* CIS 5.4.1.1 Ensure password expiration is 90 days or less (Scored)
* CIS 5.4.1.2 Ensure minimum days between password changes is 7 or more (Scored)
* CIS 5.4.1.3 Ensure password expiration warning days is 7 or more (Scored)
* CIS 5.4.1.4 Ensure inactive password lock is 30 days or less (Scored)
Related-Prod: PROD-18386
Change-Id: I42697c31823c631acb1528ca917b39c069fb72bf
6年前
def4bdd931
CIS 1.1.21 Disable Automounting
Related-Prod: PROD-22653
Change-Id: I5b389309f0cb2890cf9a9a777348efb5a9d7d735
6年前
ee7b811a62
CIS compliance (modprobe.d)
* CIS 1.1.1.1 Ensure mounting of cramfs filesystems is disabled
* CIS 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled
* CIS 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled
* CIS 1.1.1.4 Ensure mounting of hfs filesystems is disabled
* CIS 1.1.1.5 Ensure mounting of hfsplus filesystems is disabled
* CIS 1.1.1.6 Ensure mounting of squashfs filesystems is disabled
* CIS 1.1.1.7 Ensure mounting of udf filesystems is disabled
* CIS 1.1.1.8 Ensure mounting of FAT filesystems is disabled
* CIS 3.5.1 Ensure DCCP is disabled
* CIS 3.5.2 Ensure SCTP is disabled
* CIS 3.5.3 Ensure RDS is disabled
* CIS 3.5.4 Ensure TIPC is disabled
Related-Prod: PROD-20756
Related-Prod: PROD-20757
Related-Prod: PROD-20758
Related-Prod: PROD-20759
Change-Id: Ia8bf992498ef739a4a40fb108fcb449900caf6e3
6年前
4326d345c7
CIS compliance (packages)
* CIS 1.5.4 Ensure prelink is disabled
* CIS 2.3.1 Ensure NIS Client is not installed
* CIS 2.3.2 Ensure rsh client is not installed
* CIS 2.3.3 Ensure talk client is not installed
* CIS 2.3.4 Ensure telnet client is not installed
Change-Id: I0eb11d39deaa28f238a2e618bf95cc248189197c
6年前
ca10ffa318
CIS compliance (/dev/shm mount options)
* CIS 1.1.14 Ensure nodev option set on /dev/shm partition (Scored)
* CIS 1.1.15 Ensure nosuid option set on /dev/shm partition (Scored)
* CIS 1.1.16 Ensure noexec option set on /dev/shm partition (Scored)
Related-Prod: PROD-22652
Change-Id: I35f371ce36bae6104e0176f63bd43a8fc4e5bad3
6年前
11ef3737d2
CIS 6.1.2-6.1.9
CIS items copied from cisbench:
* CIS 6.1.2 Ensure permissions on /etc/passwd are configured (Scored)
* CIS 6.1.3 Ensure permissions on /etc/shadow are configured (Scored)
* CIS 6.1.4 Ensure permissions on /etc/group are configured (Scored)
* CIS 6.1.5 Ensure permissions on /etc/gshadow are configured (Scored)
* CIS 6.1.6 Ensure permissions on /etc/passwd- are configured (Scored)
* CIS 6.1.7 Ensure permissions on /etc/shadow- are configured (Scored)
* CIS 6.1.8 Ensure permissions on /etc/group- are configured (Scored)
* CIS 6.1.9 Ensure permissions on /etc/gshadow- are configured (Scored)
Change-Id: I195d08a98c2401a9b0fa8f146ee4b365f933fa1f
6年前
75a4eb54a6
Disable cis-3-3-3 rule
Change-Id: I956da1f26e500eae693827ed5dce0f7e65e291bc
Closes-Bug: PROD-22520 (PROD:22520)
6年前
ad85db09b0
Remove non-existent CIS items
Change-Id: I91bfb8e2a06fc0499addd376db9e38483a6756d0
6年前
af730f9602
CIS compliance (sysctl, limits)
* CIS 1.5.1 Ensure core dumps are restricted
* CIS 1.5.3 Ensure address space layout randomization (ASLR) is enabled
* CIS 3.1.2 Ensure packet redirect sending is disabled
* CIS 3.2.1 Ensure source routed packets are not accepted
* CIS 3.2.2 Ensure ICMP redirects are not accepted
* CIS 3.2.3 Ensure secure ICMP redirects are not accepted
* CIS 3.2.4 Ensure suspicious packets are logged
* CIS 3.2.5 Ensure broadcast ICMP requests are ignored
* CIS 3.2.6 Ensure bogus ICMP responses are ignored
* CIS 3.2.7 Ensure Reverse Path Filtering is enabled
* CIS 3.2.8 Ensure TCP SYN Cookies is enabled
All sysctls are valid for Ubuntu 14.04, Ubuntu 16.04.
Change-Id: I48f34c55d97a78c253d4810db46b2a04ff5c0c1a
6年前
cf1b5b322a
Revert "CIS compliance (modprobe.d)"
This reverts commit d87f461319
6年前
d87f461319
CIS compliance (modprobe.d)
* CIS 1.1.1.1 Ensure mounting of cramfs filesystems is disabled
* CIS 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled
* CIS 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled
* CIS 1.1.1.4 Ensure mounting of hfs filesystems is disabled
* CIS 1.1.1.5 Ensure mounting of hfsplus filesystems is disabled
* CIS 1.1.1.6 Ensure mounting of squashfs filesystems is disabled
* CIS 1.1.1.7 Ensure mounting of udf filesystems is disabled
* CIS 1.1.1.8 Ensure mounting of FAT filesystems is disabled
* CIS 3.5.1 Ensure DCCP is disabled
* CIS 3.5.2 Ensure SCTP is disabled
* CIS 3.5.3 Ensure RDS is disabled
* CIS 3.5.4 Ensure TIPC is disabled
Related-Prod: PROD-20756
Related-Prod: PROD-20757
Related-Prod: PROD-20758
Related-Prod: PROD-20759
Change-Id: I719984829978caf0401e78daaabf1adfb0d1cfdf
6年前
cc7263a275
CIS 3.3.3 Ensure IPv6 is disabled
Related-Prod: PROD-20755
Change-Id: I44cc3bdb4a0436ff17f790a828d03697b89d3520
6年前
25839cca97
purging repos
7年前
3a9faa53ed
Container metadata
8年前
cbe08a2eec
New parameteters
9年前
a24b9af5ec
disable heka logging for now
9年前
d8fee8492b
Monitoring metadata, mount dont create fs for nfs
9年前
f5383a44be
Initial commit
9年前
Dmitry Teselkin
azvyagintsev
Jiri Broulik
Ales Komarek
Ales Komarek
jan kaufman
Filip Pytloun