-
Notifications
You must be signed in to change notification settings - Fork 704
/
Debian.yml
65 lines (56 loc) · 1.96 KB
/
Debian.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
---
os_packages_pam_ccreds: 'libpam-ccreds'
os_nologin_shell_path: '/usr/sbin/nologin'
# Different distros use different standards for /etc/shadow perms, e.g.
# RHEL derivatives use root:root 0000, whereas Debian-based use root:shadow 0640.
# You must provide key/value pairs for owner, group, and mode if overriding.
os_shadow_perms:
owner: root
group: shadow
mode: '0640'
os_passwd_perms:
owner: root
group: root
mode: '0644'
os_env_umask: '027'
os_auth_uid_min: 1000
os_auth_uid_max: 60000
os_auth_gid_min: 1000
os_auth_gid_max: 60000
os_auth_sys_uid_min: 100
os_auth_sys_uid_max: 999
os_auth_sys_gid_min: 100
os_auth_sys_gid_max: 999
os_auth_sub_uid_min: 100000
os_auth_sub_uid_max: 600100000
os_auth_sub_uid_count: 65536
os_auth_sub_gid_min: 100000
os_auth_sub_gid_max: 600100000
os_auth_sub_gid_count: 65536
# defaults for useradd
os_useradd_mail_dir: /var/mail
modprobe_package: 'kmod'
auditd_package: 'auditd'
os_auditd_rules_events_os:
# System events must be logged. Telekom SoC 3.65 ReqID 32213164
# (Un)Installation of software
- "-w /usr/bin/dpkg -p x -k software_mgmt"
- "-w /usr/bin/apt-add-repository -p x -k software_mgmt"
- "-w /usr/bin/apt-get -p x -k software_mgmt"
- "-w /usr/bin/aptitude -p x -k software_mgmt"
# Access and Authentication events must be logged. Telekom SoC 3.65 ReqID f081ec34
# Logon and Logoff
- "-w /var/log/faillog -p wa -k logins"
- "-w /var/log/tallylog -p wa -k logins"
# Configuration Change events must be logged. Telekom SoC 3.65 ReqID 5a090110
# Deletion and unauthorized modification of logs
- "-w /var/log/auth.log"
- "-w /var/log/system.log"
# Change of network configuration
- "-w /etc/network/interfaces -p wa -k system-locale"
# Change of AppArmor configuration
- "-w /etc/apparmor -p wa -k MAC-policy"
- "-w /etc/apparmor.d -p wa -k MAC-policy"
tally2_path: '/usr/share/pam-configs/tally2'
passwdqc_path: '/usr/share/pam-configs/passwdqc'
hidepid_option: '2' # allowed values: 0, 1, 2