debian-cis/tests/hardening/2.2.1.1_use_time_sync.sh

22 lines
662 B
Bash
Raw Normal View History

# shellcheck shell=bash
Renumber special purpose services 6.x new file: bin/hardening/2.2.1.1_use_time_sync.sh renamed: bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh new file: bin/hardening/2.2.1.3_configure_chrony.sh renamed: bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh renamed: bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh renamed: bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh renamed: bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh renamed: bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh renamed: bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh renamed: bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh renamed: bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh renamed: bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh renamed: bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh renamed: bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh renamed: bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh renamed: bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh renamed: bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh deleted: bin/hardening/6.3_disable_print_server.sh new file: tests/hardening/2.2.1.1_use_time_sync.sh renamed: tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh renamed: tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh renamed: tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh renamed: tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh renamed: tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh renamed: tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh renamed: tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh renamed: tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh renamed: tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh renamed: tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh renamed: tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh renamed: tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh renamed: tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh renamed: tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh renamed: tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh renamed: tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
# run-shellcheck
test_audit() {
# Make all variable local to the function by using `local`
describe Running on blank host
register_test retvalshouldbe 1
dismiss_count_for_test
Renumber special purpose services 6.x new file: bin/hardening/2.2.1.1_use_time_sync.sh renamed: bin/hardening/6.5_configure_ntp.sh -> bin/hardening/2.2.1.2_configure_ntp.sh new file: bin/hardening/2.2.1.3_configure_chrony.sh renamed: bin/hardening/6.10_disable_http_server.sh -> bin/hardening/2.2.10_disable_http_server.sh renamed: bin/hardening/6.11_disable_imap_pop.sh -> bin/hardening/2.2.11_disable_imap_pop.sh renamed: bin/hardening/6.12_disable_samba.sh -> bin/hardening/2.2.12_disable_samba.sh renamed: bin/hardening/6.13_disable_http_proxy.sh -> bin/hardening/2.2.13_disable_http_proxy.sh renamed: bin/hardening/6.14_disable_snmp_server.sh -> bin/hardening/2.2.14_disable_snmp_server.sh renamed: bin/hardening/6.15_mta_localhost.sh -> bin/hardening/2.2.15_mta_localhost.sh renamed: bin/hardening/6.16_disable_rsync.sh -> bin/hardening/2.2.16_disable_rsync.sh renamed: bin/hardening/6.1_disable_xwindow_system.sh -> bin/hardening/2.2.2_disable_xwindow_system.sh renamed: bin/hardening/6.2_disable_avahi_server.sh -> bin/hardening/2.2.3_disable_avahi_server.sh renamed: bin/hardening/6.4_disable_dhcp.sh -> bin/hardening/2.2.5_disable_dhcp.sh renamed: bin/hardening/6.6_disable_ldap.sh -> bin/hardening/2.2.6_disable_ldap.sh renamed: bin/hardening/6.7_disable_nfs_rpc.sh -> bin/hardening/2.2.7_disable_nfs_rpc.sh renamed: bin/hardening/6.8_disable_dns_server.sh -> bin/hardening/2.2.8_disable_dns_server.sh renamed: bin/hardening/6.9_disable_ftp.sh -> bin/hardening/2.2.9_disable_ftp.sh deleted: bin/hardening/6.3_disable_print_server.sh new file: tests/hardening/2.2.1.1_use_time_sync.sh renamed: tests/hardening/6.9_disable_ftp.sh -> tests/hardening/2.2.1.2_configure_ntp.sh renamed: tests/hardening/6.8_disable_dns_server.sh -> tests/hardening/2.2.1.3_configure_chrony.sh renamed: tests/hardening/6.7_disable_nfs_rpc.sh -> tests/hardening/2.2.10_disable_http_server.sh renamed: tests/hardening/6.6_disable_ldap.sh -> tests/hardening/2.2.11_disable_imap_pop.sh renamed: tests/hardening/6.5_configure_ntp.sh -> tests/hardening/2.2.12_disable_samba.sh renamed: tests/hardening/6.4_disable_dhcp.sh -> tests/hardening/2.2.13_disable_http_proxy.sh renamed: tests/hardening/6.3_disable_print_server.sh -> tests/hardening/2.2.14_disable_snmp_server.sh renamed: tests/hardening/6.2_disable_avahi_server.sh -> tests/hardening/2.2.15_mta_localhost.sh renamed: tests/hardening/6.1_disable_xwindow_system.sh -> tests/hardening/2.2.16_disable_rsync.sh renamed: tests/hardening/6.16_disable_rsync.sh -> tests/hardening/2.2.2_disable_xwindow_system.sh renamed: tests/hardening/6.15_mta_localhost.sh -> tests/hardening/2.2.3_disable_avahi_server.sh renamed: tests/hardening/6.14_disable_snmp_server.sh -> tests/hardening/2.2.5_disable_dhcp.sh renamed: tests/hardening/6.13_disable_http_proxy.sh -> tests/hardening/2.2.6_disable_ldap.sh renamed: tests/hardening/6.12_disable_samba.sh -> tests/hardening/2.2.7_disable_nfs_rpc.sh renamed: tests/hardening/6.11_disable_imap_pop.sh -> tests/hardening/2.2.8_disable_dns_server.sh renamed: tests/hardening/6.10_disable_http_server.sh -> tests/hardening/2.2.9_disable_ftp.sh
2019-08-29 16:02:39 +02:00
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Correcting situation
apt update
apt install -y ntp
# Finally assess that your corrective actions end up with a compliant system
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "Time synchronization is available through"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
}