From 1341622335985aea0ad1b3ef01a977f13844a612 Mon Sep 17 00:00:00 2001 From: tdenof Date: Wed, 8 Dec 2021 08:42:22 +0100 Subject: [PATCH] Fix empty fstab test (#134) Signed-off-by: Tarik Megzari Co-authored-by: Thibault Dewailly --- lib/utils.sh | 8 ++++---- tests/hardening/1.1.15_run_shm_nodev.sh | 5 ++--- tests/hardening/1.1.16_run_shm_nosuid.sh | 3 +-- tests/hardening/1.1.17_run_shm_noexec.sh | 3 +-- 4 files changed, 8 insertions(+), 11 deletions(-) diff --git a/lib/utils.sh b/lib/utils.sh index 63f2afa..7d22f8f 100644 --- a/lib/utils.sh +++ b/lib/utils.sh @@ -415,9 +415,9 @@ is_kernel_option_enabled() { is_a_partition() { local PARTITION=$1 FNRET=128 - if [ ! -f /etc/fstab ] || [ -n "$(sed '/^#/d' /etc/fstab)" ]; then + if [ ! -f /etc/fstab ] || [ -z "$(sed '/^#/d' /etc/fstab)" ]; then debug "/etc/fstab not found or empty, searching mountpoint" - if mountpoint "$PARTITION" | grep -qE ".*is a mountpoint.*"; then + if mountpoint -q "$PARTITION"; then FNRET=0 fi else @@ -448,8 +448,8 @@ is_mounted() { has_mount_option() { local PARTITION=$1 local OPTION=$2 - if [ ! -f /etc/fstab ] || [ -n "$(sed '/^#/d' /etc/fstab)" ]; then - debug "/etc/fstab not found or empty, readin current mount options" + if [ ! -f /etc/fstab ] || [ -z "$(sed '/^#/d' /etc/fstab)" ]; then + debug "/etc/fstab not found or empty, reading current mount options" has_mounted_option "$PARTITION" "$OPTION" else if grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $4}' | grep -q "bind"; then diff --git a/tests/hardening/1.1.15_run_shm_nodev.sh b/tests/hardening/1.1.15_run_shm_nodev.sh index e348207..1a86791 100644 --- a/tests/hardening/1.1.15_run_shm_nodev.sh +++ b/tests/hardening/1.1.15_run_shm_nodev.sh @@ -2,15 +2,14 @@ # run-shellcheck test_audit() { describe Running on blank host - register_test retvalshouldbe 1 - dismiss_count_for_test + register_test retvalshouldbe 0 # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all ln -s /dev/shm /run/shm describe Partition symlink - register_test retvalshouldbe 1 + register_test retvalshouldbe 0 run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup diff --git a/tests/hardening/1.1.16_run_shm_nosuid.sh b/tests/hardening/1.1.16_run_shm_nosuid.sh index 695b564..1a86791 100644 --- a/tests/hardening/1.1.16_run_shm_nosuid.sh +++ b/tests/hardening/1.1.16_run_shm_nosuid.sh @@ -3,14 +3,13 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 - dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all ln -s /dev/shm /run/shm describe Partition symlink - register_test retvalshouldbe 1 + register_test retvalshouldbe 0 run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup diff --git a/tests/hardening/1.1.17_run_shm_noexec.sh b/tests/hardening/1.1.17_run_shm_noexec.sh index 695b564..1a86791 100644 --- a/tests/hardening/1.1.17_run_shm_noexec.sh +++ b/tests/hardening/1.1.17_run_shm_noexec.sh @@ -3,14 +3,13 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 - dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all ln -s /dev/shm /run/shm describe Partition symlink - register_test retvalshouldbe 1 + register_test retvalshouldbe 0 run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all # Cleanup