IMP(test): Add feature to run functional tests in docker instance

Add usecase in basename Add test files for checks with find command Always show logs FIX: run void script to generate config and avoid sed failure Update README with functional test description Add skeleton for functional test Add argument to launch only specific test suite Add support for debian8 and compulsory mention of debian version at launch Improve README Simplify test file syntax to avoid copy/paste mistake Add script that runs tests on all debian targets Improve run_all_target script with nowait and nodel options Add dockerfile for Buster pre-version Chore: Use getopt for options and reviewed code by shellcheck Add trap to ensure cleanup on exit/interrupt Remove quotes that lead to `less` misinterpretation of the filenames Set `local` for variables inside `test_audit` func Move functional assertion functions to dedicated file Add cleanup for logs and containers Improve cleanup, and now exits Apply shellcheck recommendations FIX: allow script to be run from anywhere (dirname $0) Changes to be committed: modified: README.md new file: src/skel.test new file: tests/docker/Dockerfile.debian10_20181226 new file: tests/docker/Dockerfile.debian8 new file: tests/docker/Dockerfile.debian9 new file: tests/docker_build_and_run_tests.sh new file: tests/hardening/12.10_find_suid_files.sh new file: tests/hardening/12.11_find_sgid_files.sh new file: tests/hardening/12.7_find_world_writable_file.sh new file: tests/hardening/12.8_find_unowned_files.sh new file: tests/hardening/12.9_find_ungrouped_files.sh new file: tests/hardening/2.17_sticky_bit_world_writable_folder.sh new file: tests/launch_tests.sh new file: tests/lib.sh new file: tests/run_all_targets.sh
2025-06-23 19:14:34 +02:00 · 2018-12-24 14:12:59 +01:00
parent 843ce3efc3
commit 18693200dc
15 changed files with 673 additions and 0 deletions
--- a/src/skel.test
+++ b/src/skel.test
@ -0,0 +1,35 @@
+test_audit() {
+    # Make all variable local to the function by using `local`
+
+    # Optional part, only here if you need to change the audit script's default configuration
+    describe Running void to generate the conf file that will later be edited
+    /opt/debian-cis/bin/hardening/"${script_id}".sh || true
+    # for instance
+    echo 'EXCEPTIONS="$EXCEPTIONS <some file to treat as exception>"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg
+
+    # if your blank system is expected to be compliant
+    describe Running on blank host
+    register_test retvalshouldbe 0
+    register_test contain "<SAMPLE MESSAGE>"
+    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    # Proceed to operation that will end up to a non compliant system
+    describe Tests purposely failing
+    register_test retvalshouldbe 1
+    register_test contain "<SAMPLE TEXT SHOWING BAD CONFIG>"
+    register_test contain "$targetfile"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe Correcting situation
+    # if the audit script provides "apply" option, enable and run it
+    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    /opt/debian-cis/bin/hardening/"${script}".sh || true
+    # otherwise perform action that will make system compliant again
+
+    # Finally assess that your corrective actions end up with a compliant system
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    register_test contain "<SAMPLE MESSAGE>"
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+}
+