From 1caf0f489ad4d0113f3d6d751fd2573ace530ab2 Mon Sep 17 00:00:00 2001 From: Charles Herlin Date: Tue, 26 Feb 2019 15:08:21 +0100 Subject: [PATCH] FIX(12.1x): fix tests exception for mail after da6acb0b Installing syslog-ng in Dockerfile added some suid/sgid binaries that needed to be treated as exception in test scenarii --- tests/hardening/12.10_find_suid_files.sh | 2 +- tests/hardening/12.11_find_sgid_files.sh | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/hardening/12.10_find_suid_files.sh b/tests/hardening/12.10_find_suid_files.sh index 41a0eb7..11ecdfd 100755 --- a/tests/hardening/12.10_find_suid_files.sh +++ b/tests/hardening/12.10_find_suid_files.sh @@ -4,7 +4,7 @@ test_audit() { # shellcheck disable=2154 /opt/debian-cis/bin/hardening/"${script}".sh || true # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS /usr/lib/dbus-1.0/dbus-daemon-launch-helper"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/sbin/exim4"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg describe Running on blank host register_test retvalshouldbe 0 diff --git a/tests/hardening/12.11_find_sgid_files.sh b/tests/hardening/12.11_find_sgid_files.sh index 215028e..23cd9c3 100755 --- a/tests/hardening/12.11_find_sgid_files.sh +++ b/tests/hardening/12.11_find_sgid_files.sh @@ -1,5 +1,11 @@ # run-shellcheck test_audit() { + describe Running void to generate the conf file that will later be edited + # shellcheck disable=2154 + /opt/debian-cis/bin/hardening/"${script}".sh || true + # shellcheck disable=2016 + echo 'EXCEPTIONS="$EXCEPTIONS /usr/bin/dotlock.mailutils"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg + describe Running on blank host register_test retvalshouldbe 0 register_test contain "No unknown sgid files found"