From 1586dae0c5836d2b0cfb471b09955d012f641f4c Mon Sep 17 00:00:00 2001
From: Charles Herlin <charles.herlin@corp.ovh.com>
Date: Thu, 14 Feb 2019 11:15:51 +0100
Subject: [PATCH] Improve user management in test cases

---
 tests/hardening/13.14_check_duplicate_uid.sh        | 13 +++++--------
 tests/hardening/13.5_find_0_uid_non_root_account.sh |  7 ++-----
 2 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/tests/hardening/13.14_check_duplicate_uid.sh b/tests/hardening/13.14_check_duplicate_uid.sh
index 6c6c662..7f8354a 100644
--- a/tests/hardening/13.14_check_duplicate_uid.sh
+++ b/tests/hardening/13.14_check_duplicate_uid.sh
@@ -6,28 +6,25 @@ test_audit() {
     # shellcheck disable=2154
     run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
-    useradd usertest1
-    useradd usertest2
-    sed -i 's/1001/1000/g' /etc/passwd
+    useradd -u 1001 usertest1
+    useradd -o -u 1001 usertest2
 
     # Proceed to operation that will end up to a non compliant system
     describe Tests purposely failing
     register_test retvalshouldbe 1
-    register_test contain "[ KO ] Duplicate UID (1000): usertest1 usertest2"
+    register_test contain "[ KO ] Duplicate UID (1001): usertest1 usertest2"
     run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # shellcheck disable=2016
-    echo 'EXCEPTIONS="$EXCEPTIONS 1000"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg
+    echo 'EXCEPTIONS="$EXCEPTIONS 1001"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg
 
     describe Adding exceptions
     register_test retvalshouldbe 0
-    register_test contain "[ OK ] No duplicate UIDs apart from configured exceptions: (1000): usertest1 usertest2"
+    register_test contain "[ OK ] No duplicate UIDs apart from configured exceptions: (1001): usertest1 usertest2"
     run exception /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
     userdel usertest1
     userdel usertest2
-    sed -i '/usertest1/d' /etc/group
-    sed -i '/usertest2/d' /etc/group
 }
 
diff --git a/tests/hardening/13.5_find_0_uid_non_root_account.sh b/tests/hardening/13.5_find_0_uid_non_root_account.sh
index fe6635d..4a598f2 100644
--- a/tests/hardening/13.5_find_0_uid_non_root_account.sh
+++ b/tests/hardening/13.5_find_0_uid_non_root_account.sh
@@ -6,8 +6,7 @@ test_audit() {
     # shellcheck disable=2154
     run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
-    useradd usertest1
-    sed -i 's/1000/0/g' /etc/passwd
+    useradd -o -u 0 usertest1
 
     # Proceed to operation that will end up to a non compliant system
     describe Tests purposely failing
@@ -24,8 +23,6 @@ test_audit() {
     run exception /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
 
     # Cleanup
-    sed -i '/usertest1/d' /etc/passwd
-    sed -i '/usertest1/d' /etc/shadow
-    sed -i '/usertest1/d' /etc/group
+    userdel -f usertest1
 }