Skip to content

Commit

Permalink
update anssi bp28 minimal profile for debian 12
Browse files Browse the repository at this point in the history 
Activate some rules that were previously disabled due to an incompatible prodtype.
  • Loading branch information
@a-skr
a-skr committed Feb 15, 2024
1 parent d6f597f commit d64b770
Showing 1 changed file with 5 additions and 27 deletions.
32 changes: 5 additions & 27 deletions products/debian12/profiles/anssi_bp28_minimal.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,55 +15,33 @@ selections:
- anssi:all:minimal
# PASS_MIN_LEN is handled by PAM on debian systems.
- '!accounts_password_minlen_login_defs'
# ANSSI BP 28 suggest using libpam_pwquality, which isn't deployed by default
- 'package_libpampwquality_installed'
# PAM honour login.defs file for algorithm
- 'set_password_hashing_algorithm_logindefs'

# Following rules once had a prodtype incompatible with the debian12 product
- '!package_ypserv_removed'
- '!accounts_password_pam_dcredit'
- '!accounts_passwords_pam_tally2_deny_root'
- '!security_patches_up_to_date'
- '!package_sendmail_removed'
- '!ensure_redhat_gpgkey_installed'
- '!accounts_passwords_pam_faillock_deny'
- '!accounts_password_pam_unix_rounds_password_auth'
- '!accounts_passwords_pam_faillock_unlock_time'
- '!accounts_passwords_pam_faillock_interval'
- '!file_permissions_ungroupowned'
- '!set_password_hashing_algorithm_systemauth'
- '!package_tftp-server_removed'
- '!package_rsh_removed'
- '!package_dnf-automatic_installed'
- '!no_files_unowned_by_user'
- '!accounts_passwords_pam_faillock_deny_root'
- '!accounts_password_pam_ocredit'
- '!accounts_password_pam_lcredit'
- '!dnf-automatic_security_updates_only'
- '!cracklib_accounts_password_pam_lcredit'
- '!dnf-automatic_apply_updates'
- '!cracklib_accounts_password_pam_ocredit'
- '!package_telnet-server_removed'
- '!package_talk_removed'
- '!accounts_password_pam_minlen'
- '!package_talk-server_removed'
- '!package_ypbind_removed'
- '!accounts_password_pam_unix_rounds_system_auth'
- '!timer_dnf-automatic_enabled'
- '!accounts_passwords_pam_tally2'
- '!cracklib_accounts_password_pam_ucredit'
- '!accounts_password_pam_unix_remember'
- '!file_permissions_unauthorized_sgid'
- '!ensure_gpgcheck_local_packages'
- '!accounts_passwords_pam_tally2_unlock_time'
- '!enable_authselect'
- '!cracklib_accounts_password_pam_minlen'
- '!package_dhcp_removed'
- '!package_telnet_removed'
- '!dir_perms_world_writable_root_owned'
- '!cracklib_accounts_password_pam_dcredit'
- '!package_xinetd_removed'
- '!ensure_gpgcheck_globally_activated'
- '!package_tftp_removed'
- '!package_rsh-server_removed'
- '!accounts_password_pam_ucredit'
- '!file_permissions_unauthorized_suid'
- '!ensure_gpgcheck_never_disabled'
- '!ensure_oracle_gpgkey_installed'

0 comments on commit d64b770

Please sign in to comment.