harbian-audit
harbian-audit copied to clipboard
hardenedlinux
Hardened Debian GNU/Linux distro auditing
Some kernel modules should be disabled on GNU/Linux server but the current implementation doesn't check if its blacklisted, e.g: 2.20_disable_jffs2 2.18_disable_cramfs 2.19_disable_freevxfs 2.20_disable_jffs2 2.21_disable_hfs 2.22_disable_hfsplus 2.23_disable_squashfs Shouldn't be an extra...
Debian distrop ships pam_tally2.so in libpam-modules while Ubuntu doesn't. harbian-audit need to adapt the differences.
Ubuntu has different path of audisp: /etc/audit/audisp-remote.conf Please fix it in 8.1.1.5_ensure_set_remote_server.sh
The firewall checks currently require that iptables be installed to pass, but much like the RHEL 8 STIG expectations, Debian 11 is a systemd system that leverages nftables under the...
Debian 11 uses pwquality for password checks, not cracklib. While cracklib _is available_ for Deb 11, it is considered the deprecated package. Checks should be preferring pwquality.
I'm getting a false postive failure for 14.1 due to the grep method being used returning the full path of the matching lines, followed by a colon. The grep expects...
Hi there. I'm currently fighting the `harbian-audit` checks for the following files: - /etc/shadow - /etc/shadow- - /etc/gshadow - /etc/gshadow- harbian-audit expects the main files to be 640, while the...
