elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 05:27:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix empty fstab test (#134)

Browse Source 
Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>

Co-authored-by: Thibault Dewailly <thibault.dewailly@corp.ovh.com>
This commit is contained in:
tdenof 2021-12-08 08:42:22 +01:00 committed by GitHub
parent c8fcfed248
commit 1341622335
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 8 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/utils.sh
View File

@ -415,9 +415,9 @@ is_kernel_option_enabled() {
is_a_partition() { is_a_partition() {
local PARTITION=$1 local PARTITION=$1
FNRET=128 FNRET=128
if [ ! -f /etc/fstab ] || [ -n "$(sed '/^#/d' /etc/fstab)" ]; then if [ ! -f /etc/fstab ] || [ -z "$(sed '/^#/d' /etc/fstab)" ]; then
debug "/etc/fstab not found or empty, searching mountpoint" debug "/etc/fstab not found or empty, searching mountpoint"
if mountpoint "$PARTITION" | grep -qE ".*is a mountpoint.*"; then if mountpoint -q "$PARTITION"; then
FNRET=0 FNRET=0
fi fi
else else
@ -448,8 +448,8 @@ is_mounted() {
has_mount_option() { has_mount_option() {
local PARTITION=$1 local PARTITION=$1
local OPTION=$2 local OPTION=$2
if [ ! -f /etc/fstab ] || [ -n "$(sed '/^#/d' /etc/fstab)" ]; then if [ ! -f /etc/fstab ] || [ -z "$(sed '/^#/d' /etc/fstab)" ]; then
debug "/etc/fstab not found or empty, readin current mount options" debug "/etc/fstab not found or empty, reading current mount options"
has_mounted_option "$PARTITION" "$OPTION" has_mounted_option "$PARTITION" "$OPTION"
else else
if grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $4}' | grep -q "bind"; then if grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $4}' | grep -q "bind"; then

5
tests/hardening/1.1.15_run_shm_nodev.sh
View File

@ -2,15 +2,14 @@
# run-shellcheck # run-shellcheck
test_audit() { test_audit() {
describe Running on blank host describe Running on blank host
register_test retvalshouldbe 1 register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154 # shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
ln -s /dev/shm /run/shm ln -s /dev/shm /run/shm
describe Partition symlink describe Partition symlink
register_test retvalshouldbe 1 register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup

3
tests/hardening/1.1.16_run_shm_nosuid.sh
View File

@ -3,14 +3,13 @@
test_audit() { test_audit() {
describe Running on blank host describe Running on blank host
register_test retvalshouldbe 0 register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154 # shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
ln -s /dev/shm /run/shm ln -s /dev/shm /run/shm
describe Partition symlink describe Partition symlink
register_test retvalshouldbe 1 register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup

3
tests/hardening/1.1.17_run_shm_noexec.sh
View File

@ -3,14 +3,13 @@
test_audit() { test_audit() {
describe Running on blank host describe Running on blank host
register_test retvalshouldbe 0 register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154 # shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
ln -s /dev/shm /run/shm ln -s /dev/shm /run/shm
describe Partition symlink describe Partition symlink
register_test retvalshouldbe 1 register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup