debian-cis/tests/hardening/2.2.1.1_use_time_sync.sh

20 lines
611 B
Bash
Raw Permalink Normal View History

# shellcheck shell=bash
Renumber special purpose services 6.x new file: bin/hardening/2.2.1.1_use_time_sync.sh renamed: bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh new file: bin/hardening/2.2.1.3_configure_chrony.sh renamed: bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh renamed: bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh renamed: bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh renamed: bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh renamed: bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh renamed: bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh renamed: bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh renamed: bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh renamed: bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh renamed: bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh renamed: bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh renamed: bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh renamed: bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh renamed: bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh deleted: bin/hardening/6.3_disable_print_server.sh new file: tests/hardening/2.2.1.1_use_time_sync.sh renamed: tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh renamed: tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh renamed: tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh renamed: tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh renamed: tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh renamed: tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh renamed: tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh renamed: tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh renamed: tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh renamed: tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh renamed: tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh renamed: tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh renamed: tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh renamed: tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh renamed: tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh renamed: tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
# run-shellcheck
test_audit() {
describe Running on blank host
register_test retvalshouldbe 1
dismiss_count_for_test
2020-12-07 17:16:19 +01:00
# shellcheck disable=2154
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
Renumber special purpose services 6.x new file: bin/hardening/2.2.1.1_use_time_sync.sh renamed: bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh new file: bin/hardening/2.2.1.3_configure_chrony.sh renamed: bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh renamed: bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh renamed: bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh renamed: bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh renamed: bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh renamed: bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh renamed: bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh renamed: bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh renamed: bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh renamed: bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh renamed: bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh renamed: bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh renamed: bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh renamed: bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh deleted: bin/hardening/6.3_disable_print_server.sh new file: tests/hardening/2.2.1.1_use_time_sync.sh renamed: tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh renamed: tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh renamed: tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh renamed: tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh renamed: tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh renamed: tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh renamed: tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh renamed: tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh renamed: tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh renamed: tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh renamed: tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh renamed: tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh renamed: tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh renamed: tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh renamed: tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh renamed: tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
describe Correcting situation
2020-12-07 17:16:19 +01:00
apt-get update
apt-get install -y ntp
Renumber special purpose services 6.x new file: bin/hardening/2.2.1.1_use_time_sync.sh renamed: bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh new file: bin/hardening/2.2.1.3_configure_chrony.sh renamed: bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh renamed: bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh renamed: bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh renamed: bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh renamed: bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh renamed: bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh renamed: bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh renamed: bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh renamed: bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh renamed: bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh renamed: bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh renamed: bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh renamed: bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh renamed: bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh deleted: bin/hardening/6.3_disable_print_server.sh new file: tests/hardening/2.2.1.1_use_time_sync.sh renamed: tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh renamed: tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh renamed: tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh renamed: tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh renamed: tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh renamed: tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh renamed: tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh renamed: tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh renamed: tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh renamed: tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh renamed: tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh renamed: tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh renamed: tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh renamed: tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh renamed: tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh renamed: tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
# Finally assess that your corrective actions end up with a compliant system
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "Time synchronization is available through"
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
Renumber special purpose services 6.x new file: bin/hardening/2.2.1.1_use_time_sync.sh renamed: bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh new file: bin/hardening/2.2.1.3_configure_chrony.sh renamed: bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh renamed: bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh renamed: bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh renamed: bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh renamed: bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh renamed: bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh renamed: bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh renamed: bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh renamed: bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh renamed: bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh renamed: bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh renamed: bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh renamed: bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh renamed: bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh deleted: bin/hardening/6.3_disable_print_server.sh new file: tests/hardening/2.2.1.1_use_time_sync.sh renamed: tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh renamed: tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh renamed: tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh renamed: tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh renamed: tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh renamed: tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh renamed: tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh renamed: tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh renamed: tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh renamed: tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh renamed: tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh renamed: tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh renamed: tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh renamed: tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh renamed: tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh renamed: tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
}