Skip to content

Commit

Permalink
Fix some Debian rules
Browse files Browse the repository at this point in the history
  • Loading branch information
@cristgl
cristgl committed Jun 7, 2019
1 parent 374baf0 commit d3da6ea
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions sca/debian/cis_debian_linux_rcl.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ checks:
- pci_dss: "2.2.4"
condition: all
rules:
- 'not c:mount -> r:\s/tmp\s'
- 'c:mount -> r:\s/tmp\s && r:nodev'


Expand Down Expand Up @@ -198,7 +199,7 @@ checks:
condition: any
rules:
- 'not c:mount -> r:\s/run/shm\s'
- 'c:mount -> r:\s/media\s && r:nodev'
- 'c:mount -> r:\s/run/shm\s && r:nodev'

- id: 5016
title: "Add nosuid Option to /run/shm Partition"
Expand Down Expand Up @@ -428,8 +429,8 @@ checks:
- cis: "3.2.1"
condition: all
rules:
- 'c:sysctl net.ipv4.conf.all.accept_source_route -> 0'
- 'c:sysctl net.ipv4.conf.default.accept_source_route -> 0'
- 'c:sysctl net.ipv4.conf.all.accept_source_route -> r:= 0$'
- 'c:sysctl net.ipv4.conf.default.accept_source_route -> r:= 0$'

- id: 5034
title: "Ensure broadcast ICMP requests are ignored"
Expand All @@ -441,7 +442,7 @@ checks:
- cis: "3.2.5"
condition: all
rules:
- 'c:sysctl net.ipv4.icmp_echo_ignore_broadcasts -> 1'
- 'c:sysctl net.ipv4.icmp_echo_ignore_broadcasts -> r:= 1$'

# Section 5.2 - SSH Server Configuration
- id: 5035
Expand Down

0 comments on commit d3da6ea

Please sign in to comment.