Easy add and remove packages, disable services #138
Conversation
HardeningFramework-DCO-1.1-Signed-off-by: Tim Stoop <github@timstoop.nl> (github: timstoop)
HardeningFramework-DCO-1.1-Signed-off-by: Tim Stoop <github@timstoop.nl> (github: timstoop)
HardeningFramework-DCO-1.1-Signed-off-by: Tim Stoop <github@timstoop.nl> (github: timstoop)
|
I think this is a good idea, especially on then |
|
I'm happy to change it to empty arrays and give an example for Debian Stretch in the documentation, if you feel that's better. |
|
@mcgege I have the same view |
|
(I'm on holiday still this week, will fix the commit next week.) |
HardeningFramework-DCO-1.1-Signed-off-by: Tim Stoop <github@timstoop.nl> (github: timstoop)
HardeningFramework-DCO-1.1-Signed-off-by: Tim Stoop <github@timstoop.nl> (github: timstoop)
|
Would this be acceptable? |
README.md
Outdated
|
|
||
| As the CIS Distribution Independent Linux Benchmark is a good starting point | ||
| regarding hardening of systems, it was deemed appropriate to implement an easy | ||
| way to deal with one-offs for which one doesn't write to write an entire module. |
There was a problem hiding this comment.
Good description, just remove the double to write
|
Many thanks for your contribution! |
Sometimes it is needed to simply remove some packages everywhere or add them everywhere. Or to disable a service. This especially in relation with CIS DIL Benchmark 2.2.1 (Time Synchronization), 2.2.16 (Ensure rsync service is not enabled) and 2.3.4 (Ensure telnet client is not installed), where it may be too much to add a specific module for each application.
Let me know if something like this is acceptable or if you'd like to see this solved another way.