mirror of
https://github.com/ovh/debian-cis.git
synced 2024-12-22 05:55:24 +01:00
fix: ensure mountpoints are properly detected (#177)
Fixes #155 When real entries are present in fstab, system startup or runtime mountpoints are now properly detected Add a supplementary check in case of partition not present in fstab
This commit is contained in:
parent
47cf86237b
commit
19ce790a27
@ -424,6 +424,9 @@ is_a_partition() {
|
||||
if grep "[[:space:]]$1[[:space:]]" /etc/fstab | grep -vqE "^#"; then
|
||||
debug "$PARTITION found in fstab"
|
||||
FNRET=0
|
||||
elif mountpoint -q "$PARTITION"; then
|
||||
debug "$PARTITION found in /proc fs"
|
||||
FNRET=0
|
||||
else
|
||||
debug "Unable to find $PARTITION in fstab"
|
||||
FNRET=1
|
||||
@ -461,6 +464,9 @@ has_mount_option() {
|
||||
if grep "[[:space:]]${PARTITION}[[:space:]]" /etc/fstab | grep -vE "^#" | awk '{print $4}' | grep -q "$OPTION"; then
|
||||
debug "$OPTION has been detected in fstab for partition $PARTITION"
|
||||
FNRET=0
|
||||
elif mountpoint -q "$PARTITION"; then
|
||||
debug "$OPTION not detected in fstab, but $PARTITION is a mount point searching in /proc fs"
|
||||
has_mounted_option "$PARTITION" "$OPTION"
|
||||
else
|
||||
debug "Unable to find $OPTION in fstab for partition $PARTITION"
|
||||
FNRET=1
|
||||
|
@ -12,8 +12,15 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
echo "dummy entry" >>/etc/fstab
|
||||
|
||||
describe Fstab with a real entry to match runtime partitions
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
rm /run/shm
|
||||
sed "/dummy entry/d" /etc/fstab
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -12,8 +12,15 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
echo "dummy entry" >>/etc/fstab
|
||||
|
||||
describe Fstab with a real entry to match runtime partitions
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
rm /run/shm
|
||||
sed "/dummy entry/d" /etc/fstab
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -12,8 +12,15 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
echo "dummy entry" >>/etc/fstab
|
||||
|
||||
describe Fstab with a real entry to match runtime partitions
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# Cleanup
|
||||
rm /run/shm
|
||||
sed "/dummy entry/d" /etc/fstab
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
Loading…
Reference in New Issue
Block a user