msw/CISS.debian.installer
SHA256
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 1m53s
Details

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-10-24 20:58:50 +01:00
parent ffb20a7342
commit 17bf5ca5fc
88 changed files with 104 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
func/cdi_4400_hardening/4400_kernel_modules.sh
View File

@@ -47,7 +47,7 @@ EOF
do_log "info" "file_only" "4400() Installed: '/usr/lib/modules-load.d/30_security-misc.conf'."
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
@@ -71,7 +71,7 @@ kernel_modprobe() {
do_log "info" "file_only" "4400() Installed: '/etc/modprobe.d/0000_ciss_debian_installer.conf'."
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4410_kernel_sysctl.sh
View File

@@ -30,7 +30,7 @@ kernel_sysctl() {
do_log "info" "file_only" "4410() Installed: '/etc/sysctl.d/9999_ciss_debian_installer.hardened'."
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4420_hardening_fail2ban.sh
View File

@@ -337,7 +337,7 @@ EOF
fail2ban-client -d >> ${var_logfile} && echo "OK: config parsed" >> ${var_logfile} || echo "ERROR: config invalid" >> ${var_logfile}
"
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4430_hardening_files.sh
View File

@@ -67,7 +67,7 @@ uname -snrm
EOF
chmod 0755 /etc/update-motd.d/10-uname
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4440_hardening_haveged.sh
View File

@@ -44,7 +44,7 @@ DAEMON_ARGS="-w 2048 -v 1"
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh
EOF
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4442_hardening_jitterentropy.sh
View File

@@ -37,7 +37,7 @@ ExecStart=
ExecStart=/usr/sbin/jitterentropy-rngd --osr=2
EOF
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4445_hardening_logrotate.sh
View File

@@ -87,7 +87,7 @@ include /etc/logrotate.d
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=conf
EOF
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

4
func/cdi_4400_hardening/4450_hardening_memory.sh
View File

@@ -111,7 +111,7 @@ EOF
# - write_pam_sudo-i()
# guard_pam_limits
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034
@@ -177,7 +177,7 @@ guard_pam_limits() {
(( var_changed )) && do_log "info" "file_only" "4460() Activated pam_limits.so: (common-session[*])"
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4460_hardening_openssl.sh
View File

@@ -30,7 +30,7 @@ hardening_openssl() {
insert_comments "${TARGET}/etc/ssl/openssl.cnf"
cat "${VAR_SETUP_PATH}/includes/target/etc/ssl/openssl.cnf" >> "${TARGET}/etc/ssl/openssl.cnf"
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4470_hardening_ufw.sh
View File

@@ -102,7 +102,7 @@ hardening_ufw() {
chroot_script "${var_target}" "ufw status verbose >> ${var_logfile}"
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4480_hardening_usb.sh
View File

@@ -55,7 +55,7 @@ hardening_usb() {
#sed -i 's/PresentDevicePolicy=apply-policy/PresentDevicePolicy=allow/' /etc/usbguard/usbguard-daemon.conf
"
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034

2
func/cdi_4400_hardening/4490_hardening_virus.sh
View File

@@ -33,7 +33,7 @@ hardening_virus() {
apt-get install -y --no-install-recommends --no-install-suggests rkhunter 2>&1 | tee -a ${var_logfile}
"
guard_dir && return 0
guard_dir; return 0
}
### Prevents accidental 'unset -f'.
# shellcheck disable=SC2034