diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2019-07-07 19:46:23 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2019-07-07 19:46:23 +0300 |
commit | 007faf47c35ad4606af8d1340674c46b09079fd5 (patch) | |
tree | a52cb94dccd7553cbffa99fc85b9d1c15dabc5cd /default.prf | |
parent | 3c7576f36bcfae8834b85c65d3df9177603ed60d (diff) |
Cleanup of default profile and migration of permdir/permfile
Diffstat (limited to 'default.prf')
-rw-r--r-- | default.prf | 118 |
1 files changed, 39 insertions, 79 deletions
diff --git a/default.prf b/default.prf index b9011d0e..98f3e20d 100644 --- a/default.prf +++ b/default.prf @@ -36,6 +36,9 @@ colors=yes # Compressed uploads (set to zero when errors with uploading occur) compressed-uploads=yes +# Amount of connections in WAIT state before reporting it as a suggestion +#connections-max-wait-state=5000 + # Debug mode (for debugging purposes, extra data logged to screen) #debug=yes @@ -267,98 +270,56 @@ config-data=sysctl;security.bsd.hardlink_check_uid;1;1;Unprivileged processes ar ################################################################################# # -# Apache options -# columns: (1)apache : (2)option : (3)value -# -################################################################################# - -apache:ServerTokens:Prod: - - -################################################################################# -# -# OpenLDAP options -# columns: (1)openldap : (2)file : (3)option : (4)expected value(s) -# -################################################################################# - -openldap:slapd.conf:permissions:640-600: -openldap:slapd.conf:owner:ldap-root: - - -################################################################################# -# -# File/directories permissions (currently not used yet) -# -################################################################################# - -# Scan for exact file name match -#[scanfiles] -#scanfile:/etc/rc.conf:FreeBSD configuration: - -# Scan for exact directory name match -#[scandirs] -#scandir:/etc:/etc directory: - - -################################################################################# -# # permfile # --------------- -# permfile:file name:file permissions:owner:group:action: +# permfile=file name:file permissions:owner:group:action: # Action = NOTICE or WARN # Examples: -# permfile:/etc/test1.dat:600:root:wheel:NOTICE: -# permfile:/etc/test1.dat:640:root:-:WARN: +# permfile=/etc/test1.dat:600:root:wheel:NOTICE: +# permfile=/etc/test1.dat:640:root:-:WARN: # ################################################################################# -#permfile:/etc/inetd.conf:rw-------:root:-:WARN: -#permfile:/etc/fstab:rw-r--r--:root:-:WARN: -permfile:/etc/lilo.conf:rw-------:root:-:WARN: -permfile:/boot/grub2/grub.cfg:rw-------:root:root:WARN: -permfile:/boot/grub/grub.cfg:rw-------:root:root:WARN: -permfile:/boot/grub2/user.cfg:rw-------:root:root:WARN: -permfile:/etc/motd:rw-r--r--:root:root:WARN: -permfile:/etc/issue:rw-r--r--:root:root:WARN: -permfile:/etc/issue.net:rw-r--r--:root:root:WARN: -permfile:/etc/hosts.allow:rw-r--r--:root:root:WARN: -permfile:/etc/hosts.deny:rw-r--r--:root:root:WARN: -permfile:/etc/crontab:rw-------:root:-:WARN: -permfile:/etc/cron.allow:rw-------:root:-:WARN: -permfile:/etc/cron.deny:rw-------:root:-:WARN: -permfile:/etc/at.allow:rw-------:root:-:WARN: -permfile:/etc/at.deny:rw-------:root:-:WARN: -permfile:/etc/ssh/sshd_config:rw-------:root:-:WARN: -permfile:/etc/passwd:rw-r--r--:root:-:WARN: -permfile:/etc/shadow:---------:root:-:WARN: -permfile:/etc/group:rw-r--r--:root:-:WARN: -permfile:/etc/gshadow:---------:root:-:WARN: -permfile:/etc/passwd-:rw-r--r--:root:-:WARN: -permfile:/etc/shadow-:---------:root:-:WARN: -permfile:/etc/group-:rw-r--r--:root:-:WARN: -permfile:/etc/gshadow-:---------:root:-:WARN: +#permfile=/etc/inetd.conf:rw-------:root:-:WARN: +#permfile=/etc/fstab:rw-r--r--:root:-:WARN: +permfile=/boot/grub2/grub.cfg:rw-------:root:root:WARN: +permfile=/boot/grub/grub.cfg:rw-------:root:root:WARN: +permfile=/boot/grub2/user.cfg:rw-------:root:root:WARN: +permfile=/etc/at.allow:rw-------:root:-:WARN: +permfile=/etc/at.deny:rw-------:root:-:WARN: +permfile=/etc/cron.allow:rw-------:root:-:WARN: +permfile=/etc/cron.deny:rw-------:root:-:WARN: +permfile=/etc/crontab:rw-------:root:-:WARN: +permfile=/etc/group:rw-r--r--:root:-:WARN: +permfile=/etc/group-:rw-r--r--:root:-:WARN: +permfile=/etc/gshadow:---------:root:-:WARN: +permfile=/etc/gshadow-:---------:root:-:WARN: +permfile=/etc/hosts.allow:rw-r--r--:root:root:WARN: +permfile=/etc/hosts.deny:rw-r--r--:root:root:WARN: +permfile=/etc/issue:rw-r--r--:root:root:WARN: +permfile=/etc/issue.net:rw-r--r--:root:root:WARN: +permfile=/etc/lilo.conf:rw-------:root:-:WARN: +permfile=/etc/motd:rw-r--r--:root:root:WARN: +permfile=/etc/passwd:rw-r--r--:root:-:WARN: +permfile=/etc/passwd-:rw-r--r--:root:-:WARN: +permfile=/etc/shadow:---------:root:-:WARN: +permfile=/etc/shadow-:---------:root:-:WARN: +permfile=/etc/ssh/sshd_config:rw-------:root:-:WARN: ################################################################################# # # permdir # --------------- -# permdir:directory name:file permissions:owner:group:action when permissions are different: +# permdir=directory name:file permissions:owner:group:action when permissions are different: # ################################################################################# -permdir:/root/.ssh:rwx------:root:-:WARN: -permdir:/etc/cron.hourly:rwx------:root:root:WARN: -permdir:/etc/cron.daily:rwx------:root:root:WARN: -permdir:/etc/cron.weekly:rwx------:root:root:WARN: -permdir:/etc/cron.monthly:rwx------:root:root:WARN: -permdir:/etc/cron.d:rwx------:root:root:WARN: - -# Scan for a program/binary in BINPATHs -#scanbinary:Rootkit Hunter:rkhunter: - -# Amount of connections in WAIT state before reporting it as a suggestion -#connections-max-wait-state=5000 +permdir=/root/.ssh:rwx------:root:-:WARN: +permdir=/etc/cron.d:rwx------:root:root:WARN: +permdir=/etc/cron.daily:rwx------:root:root:WARN: +permdir=/etc/cron.hourly:rwx------:root:root:WARN: +permdir=/etc/cron.weekly:rwx------:root:root:WARN: +permdir=/etc/cron.monthly:rwx------:root:root:WARN: # Ignore some specific home directories @@ -402,7 +363,7 @@ permdir:/etc/cron.d:rwx------:root:root:WARN: ################################################################################# # # Lynis Enterprise options -# ----------------- +# ------------------------ # ################################################################################# @@ -453,5 +414,4 @@ upload-options= #tags=db,production,ssn-1304 - #EOF |