linux-baseline
linux-baseline copied to clipboard
dev-sec
DevSec Linux Baseline - InSpec Profile
The `sysctl-34` checks are currently failing with the latest amzn linux 2 images from aws (used ami filter `amzn2-ami-hvm-*-x86_64-gp2`): ``` CIS-AMZN2.amazon-ebs.amz-ami: × sysctl-34: Ensure links are protected (2 failed) CIS-AMZN2.amazon-ebs.amz-ami:...
This MR bundles some additional checks related to account setting. I can split those up into multiple MRs with an issue each, but might be easier and simpler to just...
This adds the checks for the other shadow and passwd files into the existing rules os-02 and os-03. An alternative solution would be to create additional rule ids, in order...
**Is your feature request related to a problem? Please describe.** We currently have `os-02` and `os-03` which checks the permissions of `/etc/shadow` and `/etc/passwd`. There are other files related to...
see Telekom 2021.07-01 SoC 3.65 Req32-37 Public [Telekom Security - Requirements](https://www.telekom.com/resource/blob/327540/0af4a73d01334926f71d5530a2c2477e/dl-security-requirements-data.zip)
and set default to 60 see Telekom 2021.07-01 SoC 3.01 Req 25 and SoC 3.65 Req46 Public [Telekom Security - Requirements](https://www.telekom.com/resource/blob/327540/0af4a73d01334926f71d5530a2c2477e/dl-security-requirements-data.zip)
**Is your feature request related to a problem? Please describe.** I received a notice of a open rpcbind port on my fresh installed Debian 10.6 system yesterday. The rpcbind port...
**Describe the bug** In closing-off issue #114, an additional check was added to search for the string `[vV]ulnerable` in files beneath `/sys/devices/system/cpu/vulnerabilities` - however, to be an effective test more...
Customers reported that the find permission command takes too long. We should find a solution to do this faster. ``` Running handlers: [2017-03-16T13:17:19-04:00] INFO: Running report handlers [2017-03-16T13:17:19-04:00] WARN: Format...
**Is your feature request related to a problem? Please describe.** Currently, the project doesn't have a normative specification that can be used as a benchmark in an audit - we...
