debian-cis/src/skel.test

# run-shellcheck
test_audit() {
    # Make all variable local to the function by using `local`

    # Optional part, only here if you need to change the audit script's default configuration
    describe Running void to generate the conf file that will later be edited
    # shellcheck disable=2154
    /opt/debian-cis/bin/hardening/"${script}".sh || true
    # for instance
    echo 'EXCEPTIONS="$EXCEPTIONS <some file to treat as exception>"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg

    # if your blank system is expected to be compliant
    describe Running on blank host
    register_test retvalshouldbe 0
    register_test contain "<SAMPLE MESSAGE>"
    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

    # Proceed to operation that will end up to a non compliant system
    describe Tests purposely failing
    register_test retvalshouldbe 1
    register_test contain "<SAMPLE TEXT SHOWING BAD CONFIG>"
    register_test contain "$targetfile"
    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

    describe Correcting situation
    # if the audit script provides "apply" option, enable and run it
    sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
    /opt/debian-cis/bin/hardening/"${script}".sh || true
    # otherwise perform action that will make system compliant again

    # Finally assess that your corrective actions end up with a compliant system
    describe Checking resolved state
    register_test retvalshouldbe 0
    register_test contain "<SAMPLE MESSAGE>"
    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
}
Fix typo in test skeleton and add shellcheck comment 2019-01-25 14:16:47 +01:00			`# run-shellcheck`
IMP(test): Add feature to run functional tests in docker instance Add usecase in basename Add test files for checks with find command Always show logs FIX: run void script to generate config and avoid sed failure Update README with functional test description Add skeleton for functional test Add argument to launch only specific test suite Add support for debian8 and compulsory mention of debian version at launch Improve README Simplify test file syntax to avoid copy/paste mistake Add script that runs tests on all debian targets Improve run_all_target script with nowait and nodel options Add dockerfile for Buster pre-version Chore: Use getopt for options and reviewed code by shellcheck Add trap to ensure cleanup on exit/interrupt Remove quotes that lead to `less` misinterpretation of the filenames Set `local` for variables inside `test_audit` func Move functional assertion functions to dedicated file Add cleanup for logs and containers Improve cleanup, and now exits Apply shellcheck recommendations FIX: allow script to be run from anywhere (dirname $0) Changes to be committed: modified: README.md new file: src/skel.test new file: tests/docker/Dockerfile.debian10_20181226 new file: tests/docker/Dockerfile.debian8 new file: tests/docker/Dockerfile.debian9 new file: tests/docker_build_and_run_tests.sh new file: tests/hardening/12.10_find_suid_files.sh new file: tests/hardening/12.11_find_sgid_files.sh new file: tests/hardening/12.7_find_world_writable_file.sh new file: tests/hardening/12.8_find_unowned_files.sh new file: tests/hardening/12.9_find_ungrouped_files.sh new file: tests/hardening/2.17_sticky_bit_world_writable_folder.sh new file: tests/launch_tests.sh new file: tests/lib.sh new file: tests/run_all_targets.sh 2018-12-24 14:12:59 +01:00			`test_audit() {`
			# Make all variable local to the function by using `local`

			`# Optional part, only here if you need to change the audit script's default configuration`
			`describe Running void to generate the conf file that will later be edited`
Fix typo in test skeleton and add shellcheck comment 2019-01-25 14:16:47 +01:00			`# shellcheck disable=2154`
			`/opt/debian-cis/bin/hardening/"${script}".sh \|\| true`
IMP(test): Add feature to run functional tests in docker instance Add usecase in basename Add test files for checks with find command Always show logs FIX: run void script to generate config and avoid sed failure Update README with functional test description Add skeleton for functional test Add argument to launch only specific test suite Add support for debian8 and compulsory mention of debian version at launch Improve README Simplify test file syntax to avoid copy/paste mistake Add script that runs tests on all debian targets Improve run_all_target script with nowait and nodel options Add dockerfile for Buster pre-version Chore: Use getopt for options and reviewed code by shellcheck Add trap to ensure cleanup on exit/interrupt Remove quotes that lead to `less` misinterpretation of the filenames Set `local` for variables inside `test_audit` func Move functional assertion functions to dedicated file Add cleanup for logs and containers Improve cleanup, and now exits Apply shellcheck recommendations FIX: allow script to be run from anywhere (dirname $0) Changes to be committed: modified: README.md new file: src/skel.test new file: tests/docker/Dockerfile.debian10_20181226 new file: tests/docker/Dockerfile.debian8 new file: tests/docker/Dockerfile.debian9 new file: tests/docker_build_and_run_tests.sh new file: tests/hardening/12.10_find_suid_files.sh new file: tests/hardening/12.11_find_sgid_files.sh new file: tests/hardening/12.7_find_world_writable_file.sh new file: tests/hardening/12.8_find_unowned_files.sh new file: tests/hardening/12.9_find_ungrouped_files.sh new file: tests/hardening/2.17_sticky_bit_world_writable_folder.sh new file: tests/launch_tests.sh new file: tests/lib.sh new file: tests/run_all_targets.sh 2018-12-24 14:12:59 +01:00			`# for instance`
			`echo 'EXCEPTIONS="$EXCEPTIONS <some file to treat as exception>"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg`

			`# if your blank system is expected to be compliant`
			`describe Running on blank host`
			`register_test retvalshouldbe 0`
			`register_test contain "<SAMPLE MESSAGE>"`
			`run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all`

			`# Proceed to operation that will end up to a non compliant system`
			`describe Tests purposely failing`
			`register_test retvalshouldbe 1`
			`register_test contain "<SAMPLE TEXT SHOWING BAD CONFIG>"`
			`register_test contain "$targetfile"`
			`run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all`

			`describe Correcting situation`
			`# if the audit script provides "apply" option, enable and run it`
FIX(tests): change sed to audit in test skeleton after 81f9348 2019-02-21 18:07:21 +01:00			`sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg`
IMP(test): Add feature to run functional tests in docker instance Add usecase in basename Add test files for checks with find command Always show logs FIX: run void script to generate config and avoid sed failure Update README with functional test description Add skeleton for functional test Add argument to launch only specific test suite Add support for debian8 and compulsory mention of debian version at launch Improve README Simplify test file syntax to avoid copy/paste mistake Add script that runs tests on all debian targets Improve run_all_target script with nowait and nodel options Add dockerfile for Buster pre-version Chore: Use getopt for options and reviewed code by shellcheck Add trap to ensure cleanup on exit/interrupt Remove quotes that lead to `less` misinterpretation of the filenames Set `local` for variables inside `test_audit` func Move functional assertion functions to dedicated file Add cleanup for logs and containers Improve cleanup, and now exits Apply shellcheck recommendations FIX: allow script to be run from anywhere (dirname $0) Changes to be committed: modified: README.md new file: src/skel.test new file: tests/docker/Dockerfile.debian10_20181226 new file: tests/docker/Dockerfile.debian8 new file: tests/docker/Dockerfile.debian9 new file: tests/docker_build_and_run_tests.sh new file: tests/hardening/12.10_find_suid_files.sh new file: tests/hardening/12.11_find_sgid_files.sh new file: tests/hardening/12.7_find_world_writable_file.sh new file: tests/hardening/12.8_find_unowned_files.sh new file: tests/hardening/12.9_find_ungrouped_files.sh new file: tests/hardening/2.17_sticky_bit_world_writable_folder.sh new file: tests/launch_tests.sh new file: tests/lib.sh new file: tests/run_all_targets.sh 2018-12-24 14:12:59 +01:00			`/opt/debian-cis/bin/hardening/"${script}".sh \|\| true`
			`# otherwise perform action that will make system compliant again`

			`# Finally assess that your corrective actions end up with a compliant system`
			`describe Checking resolved state`
			`register_test retvalshouldbe 0`
			`register_test contain "<SAMPLE MESSAGE>"`
			`run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all`
			`}`