Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: update Readme to clarify project usage #223

Merged
merged 1 commit into from
Dec 26, 2023
Merged

fix: update Readme to clarify project usage #223

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@
Modular Debian 10/11/12 security hardening scripts based on [cisecurity.org](https://www.cisecurity.org)
recommendations. We use it at [OVHcloud](https://www.ovhcloud.com) to harden our PCI-DSS infrastructure.

NB : Although Debian 12 CIS Hardening guide is still in development, we do use this set of scripts
in production at OVHcloud on Debian 12 Operating Systems.

```console
$ bin/hardening.sh --audit-all
[...]
Expand Down Expand Up @@ -243,6 +246,20 @@ built a secure environment. While we use it at OVHcloud to harden our PCI-DSS co
infrastructure, we can not guarantee that it will work for you. It will not
magically secure any random host.

A word about numbering, implementation and sustainability over time of this repository:
This project is born with the Debian 7 distribution in 2016. Over time, CIS Benchmark PDF
has evolved, changing it's numbering, deleting obsolete checks.
In order to keep retro-compatiblity with the last maintained Debian, the numbering
has not been changed along with the PDF, because the configuration scripts are named after it.
Changing the numbering might break automation for admins using it for years, and handling
this issue without breaking anything would require a huge refactoring.
As a consequence, please do not worry about numbering, the checks are there,
but the numbering accross PDFs might differ.
Please also note that all the check inside CIS Benchmark PDF might not be implemented
in this set of scripts.
We did choose the most relevant to us at OVHcloud, do not hesitate to make a
Pull Request in order to add the missing script you might find relevant for you.

Additionally, quoting the License:

> THIS SOFTWARE IS PROVIDED BY OVH SAS AND CONTRIBUTORS ``AS IS'' AND ANY
Expand All @@ -256,6 +273,7 @@ Additionally, quoting the License:
> (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
> SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


## :satellite: Reference

- **Center for Internet Security**: https://www.cisecurity.org/
Expand Down
Loading