Commit Graph

5958 Commits

Author SHA1 Message Date
Bob Mottram 3695d6a138 Bump size of tmp 2016-12-01 10:53:40 +00:00
Bob Mottram 1c392150aa Show passes and fails 2016-12-01 10:47:04 +00:00
Bob Mottram 1a1e8826a6 Add STIG tests to the security menu 2016-12-01 10:41:48 +00:00
Bob Mottram 3ae78c3765 Optionally show all stig test passes 2016-12-01 10:38:23 +00:00
Bob Mottram 8e6edc7780 More generic sysctl patterns 2016-11-30 23:43:48 +00:00
Bob Mottram ac67e36611 Catch more sysctl comment patterns 2016-11-30 23:39:32 +00:00
Bob Mottram 28f5fe42c4 Lockdown after upgrades 2016-11-30 21:22:40 +00:00
Bob Mottram 4ed6e4ff7f Schedule daily STIG tests 2016-11-30 21:00:17 +00:00
Bob Mottram cf74c113cb Null passwords not permitted 2016-11-30 20:40:32 +00:00
Bob Mottram b0ed59de5f Remove messages when running STIG 2016-11-30 20:21:58 +00:00
Bob Mottram 0e47f66928 Test STIG separately and with no output if all tests pass 2016-11-30 20:20:13 +00:00
Bob Mottram 42d5bc9321 Move tmp to a ramdisk 2016-11-30 20:10:51 +00:00
Bob Mottram 8f11ab2102 Don't check bluetooth
In most cases it doesn't exist and if it does it gets turned off in the config
2016-11-30 19:36:01 +00:00
Bob Mottram fa9c3b6f22 Prefer bettercrypto cyphers 2016-11-30 19:16:27 +00:00
Bob Mottram 28e8155750 Modules aren't installed anyway 2016-11-30 18:27:07 +00:00
Bob Mottram b872f429c6 Invert logic 2016-11-30 18:08:58 +00:00
Bob Mottram 496f3cd4f2 Not needed, handled by unattended upgrades 2016-11-30 18:02:50 +00:00
Bob Mottram 3f0d9b7b82 Disable null passwords 2016-11-30 17:54:45 +00:00
Bob Mottram 05a6efe365 This only applies in a typical server scenario where there are lots of users on one machine 2016-11-30 17:48:31 +00:00
Bob Mottram 22a7378852 Exceptions 2016-11-30 17:44:43 +00:00
Bob Mottram e6d4f1af0c Logging is already minimised by default 2016-11-30 17:37:53 +00:00
Bob Mottram b88a3e867b Disable tipc 2016-11-30 17:24:05 +00:00
Bob Mottram 6b4dba4771 Disable rds 2016-11-30 17:21:22 +00:00
Bob Mottram 21a3edf51a Disable sctp 2016-11-30 17:18:22 +00:00
Bob Mottram c9f6fbd54f Disable dccp 2016-11-30 17:15:43 +00:00
Bob Mottram 82a57bc41c Don't accept redirects 2016-11-30 17:04:56 +00:00
Bob Mottram b9ad7e57a3 ipv6 can be used 2016-11-30 16:26:05 +00:00
Bob Mottram b399c50c26 More ip rules 2016-11-30 16:18:40 +00:00
Bob Mottram d4c07b2cc8 Improve check for ctrl-alt-del 2016-11-30 16:04:05 +00:00
Bob Mottram b106d14890 Single quotes 2016-11-30 15:46:04 +00:00
Bob Mottram 23f67f2426 Checking for ctrl-alt-del link 2016-11-30 15:43:31 +00:00
Bob Mottram 2fd24df9a1 Zero on success 2016-11-30 14:43:36 +00:00
Bob Mottram 73316797e3 Change rule to exclude nonexistent directory 2016-11-30 14:38:28 +00:00
Bob Mottram 8dfaa5d981 irc user directory 2016-11-30 14:25:27 +00:00
Bob Mottram 01c8ac8b60 Passwords are usually random so this doesn't apply 2016-11-30 14:00:44 +00:00
Bob Mottram f45f281dd4 Set lychee permissions 2016-11-30 13:55:41 +00:00
Bob Mottram 6090d6c84c Permission on tox node keys 2016-11-30 13:51:03 +00:00
Bob Mottram 5c79c584fc Set sticky bits 2016-11-30 13:40:17 +00:00
Bob Mottram 3f58fc17d2 exim/procmail command permissions 2016-11-30 13:12:15 +00:00
Bob Mottram b97ec3892b Dummy nologin command
To fix STIG error
2016-11-30 10:30:56 +00:00
Bob Mottram 7e9f249e11 radicale user directory 2016-11-30 10:23:58 +00:00
Bob Mottram 466dec4d89 Change function name 2016-11-30 09:41:56 +00:00
Bob Mottram c4de2e86d2 Add and remove groups when for users 2016-11-30 09:40:10 +00:00
Bob Mottram e51e1a9ce2 Help option 2016-11-30 09:36:12 +00:00
Bob Mottram 396b202982 Disable core dumps 2016-11-29 23:19:31 +00:00
Bob Mottram a76a4d22f9 Disk encryption is optional 2016-11-29 23:13:36 +00:00
Bob Mottram a25037f226 Firewall drops forwards 2016-11-29 23:10:55 +00:00
Bob Mottram 4eced972fd Install screen to enable console locking 2016-11-29 22:39:29 +00:00
Bob Mottram 20701521bb Simultaneous user logins 2016-11-29 22:19:46 +00:00
Bob Mottram 83ef278c13 Done via control panel 2016-11-29 22:13:03 +00:00