IMP: add multiple Improvements

* add new kernel module detection (enable & listing) with detection of monolithic kernel * change way to detect if file system type is disabled * add global IS_CONTAINER variable * disable test for 3.4.x to be consistent with others * add cli options to override configuration loglevel
2025-06-21 18:23:42 +02:00 · 2021-02-04 16:21:49 +01:00
parent ec9e2addc2
commit 0b6ea0d97e
22 changed files with 362 additions and 165 deletions
--- a/tests/hardening/3.4.1_disable_dccp.sh
+++ b/tests/hardening/3.4.1_disable_dccp.sh
@ -1,11 +1,15 @@
 # shellcheck shell=bash
 # run-shellcheck
 test_audit() {
-    describe Running on blank host
-    register_test retvalshouldbe 0
-    dismiss_count_for_test
-    # shellcheck disable=2154
-    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    if [ -f "/.dockerenv" ]; then
+        skip "SKIPPED on docker"
+    else
+        describe Running on blank host
+        register_test retvalshouldbe 0
+        dismiss_count_for_test
+        # shellcheck disable=2154
+        run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    fi

    ##################################################################
    # For this test, we only check that it runs properly on a blank  #
--- a/tests/hardening/3.4.2_disable_sctp.sh
+++ b/tests/hardening/3.4.2_disable_sctp.sh
@ -1,11 +1,15 @@
 # shellcheck shell=bash
 # run-shellcheck
 test_audit() {
-    describe Running on blank host
-    register_test retvalshouldbe 0
-    dismiss_count_for_test
-    # shellcheck disable=2154
-    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    if [ -f "/.dockerenv" ]; then
+        skip "SKIPPED on docker"
+    else
+        describe Running on blank host
+        register_test retvalshouldbe 0
+        dismiss_count_for_test
+        # shellcheck disable=2154
+        run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    fi

    ##################################################################
    # For this test, we only check that it runs properly on a blank  #
--- a/tests/hardening/3.4.3_disable_rds.sh
+++ b/tests/hardening/3.4.3_disable_rds.sh
@ -1,11 +1,15 @@
 # shellcheck shell=bash
 # run-shellcheck
 test_audit() {
-    describe Running on blank host
-    register_test retvalshouldbe 0
-    dismiss_count_for_test
-    # shellcheck disable=2154
-    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    if [ -f "/.dockerenv" ]; then
+        skip "SKIPPED on docker"
+    else
+        describe Running on blank host
+        register_test retvalshouldbe 0
+        dismiss_count_for_test
+        # shellcheck disable=2154
+        run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    fi

    ##################################################################
    # For this test, we only check that it runs properly on a blank  #
--- a/tests/hardening/3.4.4_disable_tipc.sh
+++ b/tests/hardening/3.4.4_disable_tipc.sh
@ -1,11 +1,15 @@
 # shellcheck shell=bash
 # run-shellcheck
 test_audit() {
-    describe Running on blank host
-    register_test retvalshouldbe 0
-    dismiss_count_for_test
-    # shellcheck disable=2154
-    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    if [ -f "/.dockerenv" ]; then
+        skip "SKIPPED on docker"
+    else
+        describe Running on blank host
+        register_test retvalshouldbe 0
+        dismiss_count_for_test
+        # shellcheck disable=2154
+        run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    fi

    ##################################################################
    # For this test, we only check that it runs properly on a blank  #