1
# Copyright 2016 Canonical Limited.
3
# This file is part of charm-helpers.
5
# charm-helpers is free software: you can redistribute it and/or modify
6
# it under the terms of the GNU Lesser General Public License version 3 as
7
# published by the Free Software Foundation.
9
# charm-helpers is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU Lesser General Public License for more details.
14
# You should have received a copy of the GNU Lesser General Public License
15
# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
17
from charmhelpers.core.hookenv import (
21
from charmhelpers.contrib.hardening.host.checks import (
35
log("Starting OS hardening checks.", level=DEBUG)
36
checks = apt.get_audits()
37
checks.extend(limits.get_audits())
38
checks.extend(login.get_audits())
39
checks.extend(minimize_access.get_audits())
40
checks.extend(pam.get_audits())
41
checks.extend(profile.get_audits())
42
checks.extend(securetty.get_audits())
43
checks.extend(suid_sgid.get_audits())
44
checks.extend(sysctl.get_audits())
47
log("Running '%s' check" % (check.__class__.__name__), level=DEBUG)
48
check.ensure_compliance()
50
log("OS hardening checks complete.", level=DEBUG)