Debian Cis Versions Save

PCI-DSS compliant Debian 10/11/12 hardening

latest

1 month ago
  • 6079b16 - fix: invalid behavior on sid/alternative in 5.3.4/99.5.4.5.1 (#237)
  • f7cdf43 - build(deps): bump metcalfc/changelog-generator from 4.2.0 to 4.3.1 (#234)
  • 43fc23e - fix: catch cidr network in ssh keys (#236)
  • 3bd4078 - fix: allow set-hardening-level option usage (#232)

v4.1-4

3 months ago
  • allow multiple users in 5.2.18 (#228)
  • Allow multiple exception users to be defined for 99.5.2.4_ssh_keys_from (#221)
  • Syslog-ng fixes and enhancements (#226)
  • fix: Allow --only option to be called multiple times (#225)
  • fix: update Readme to clarify project usage (#223)
  • fix: typo in README. Update example of --audit usage (#222)

v4.1-3

5 months ago
  • Adapt all scripts to yescrypt (#216)
  • build(deps): bump metcalfc/changelog-generator from 4.1.0 to 4.2.0 (#214)
  • fix: clean obsolete check 99.5.4.5.1, now handled by 5.3.4 (#215)
  • enh: remove ssh system sandbox check (#213)
  • build(deps): bump luizm/action-sh-checker from 0.7.0 to 0.8.0 (#210)
  • feat: advertise Debian 12 compatibility in readme

v4.1-2

7 months ago
  • fix: root_dir is still /opt/cis-hardening for the moment (#208)

v4.1-1

7 months ago
  • fix: debian12 functional test pass is now mandatory (#207)
  • feat: Officialize Debian 12 support (#206)
  • Update the README to reflect on changes made in PR#204 (#205)
  • Replace CIS_ROOT_DIR by a more flexible system (#204)
  • feat: add nftables to firewall software allow list (#203)
  • build(deps): bump actions/checkout from 3 to 4 (#202)
  • fix: correct debian version check on 5.2.15 configuration generation (#199)
  • fix: chore, debug logs print correctly now (#197)
  • fix: chore debian manual update (#198)
  • build(deps): bump dev-drprasad/delete-tag-and-release (#184)
  • fix: added systemd-timesyncd to use_time_sync script (#189) (#190)
  • Update warn messages on 2.2.15_mta_localhost.sh (#193)
  • fix: enhance test 99.1.3 speed for large /etc/sudoers.d folders (#188)
  • feat: Add experimental debian12 functionnal tests (#187)

v4.0-1

10 months ago
  • fix: 99.1.3_acc_sudoers_no_all: fix a race condition (#186)
  • fix: change auditd file rule remediation (#179)
  • fix: correct debian package compression override (#181)
  • fix: ensure mountpoints are properly detected (#177)
  • fix: correct search in 5.4.5_default_timeout in apply mode (#178)
  • fix: force xz compression during .deb build (#180)
  • feat: official Debian 11 compatibility (#176)
  • Bump luizm/action-sh-checker from 0.5.0 to 0.7.0 (#171)

v3.8-1

1 year ago
  • fix: timeout of 99.1.3 (#168)

v3.7-1

1 year ago
  • feat: add FIND_IGNORE_NOSUCHFILE_ERR flag (#159)

v3.6-1

1 year ago
  • feat: Filter the filesystem to check when the list is built. (#156)

v3.5-1

2 years ago
  • fix: add 10s wait timeout on iptables command (#151)