mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-25 15:01:22 +01:00
IMP(6.2.2,6.2.3,6.2.4): add purposely failing tests
This commit is contained in:
parent
7ab41f7b88
commit
1e64a14299
@ -21,7 +21,7 @@ RESULT=''
|
|||||||
audit () {
|
audit () {
|
||||||
info "Checking if accounts have a legacy password entry"
|
info "Checking if accounts have a legacy password entry"
|
||||||
if $SUDO_CMD grep '^+:' $FILE -q; then
|
if $SUDO_CMD grep '^+:' $FILE -q; then
|
||||||
RESULT=$(grep '^+:' $FILE)
|
RESULT=$($SUDO_CMD grep '^+:' $FILE)
|
||||||
crit "Some accounts have a legacy password entry"
|
crit "Some accounts have a legacy password entry"
|
||||||
crit $RESULT
|
crit $RESULT
|
||||||
else
|
else
|
||||||
|
@ -6,5 +6,26 @@ test_audit() {
|
|||||||
# shellcheck disable=2154
|
# shellcheck disable=2154
|
||||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
# TODO fill comprehensive tests
|
local test_user="testetcpasswduser"
|
||||||
|
|
||||||
|
describe Tests purposely failing
|
||||||
|
useradd $test_user
|
||||||
|
sed -i "s/$test_user:x/+:$test_user:x/" /etc/passwd
|
||||||
|
register_test retvalshouldbe 1
|
||||||
|
register_test contain "Some accounts have a legacy password entry"
|
||||||
|
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
describe correcting situation
|
||||||
|
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||||
|
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||||
|
|
||||||
|
describe Checking resolved state
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "All accounts have a valid password entry format"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
# cleanup
|
||||||
|
groupdel $test_user
|
||||||
|
useradd $test_user
|
||||||
|
userdel $test_user
|
||||||
}
|
}
|
||||||
|
@ -6,5 +6,25 @@ test_audit() {
|
|||||||
# shellcheck disable=2154
|
# shellcheck disable=2154
|
||||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
# TODO fill comprehensive tests
|
local test_user="testetcshadowusr"
|
||||||
|
|
||||||
|
describe Tests purposely failing
|
||||||
|
useradd $test_user
|
||||||
|
sed -i "s/$test_user:/+:$test_user:/" /etc/shadow
|
||||||
|
register_test retvalshouldbe 1
|
||||||
|
register_test contain "Some accounts have a legacy password entry"
|
||||||
|
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
describe correcting situation
|
||||||
|
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||||
|
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||||
|
|
||||||
|
describe Checking resolved state
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "All accounts have a valid password entry format"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
# cleanup
|
||||||
|
userdel $test_user
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -6,5 +6,24 @@ test_audit() {
|
|||||||
# shellcheck disable=2154
|
# shellcheck disable=2154
|
||||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
# TODO fill comprehensive tests
|
local test_user="testetcgroupuser"
|
||||||
|
|
||||||
|
describe Tests purposely failing
|
||||||
|
useradd $test_user
|
||||||
|
sed -i "s/$test_user:x/+:$test_user:x/" /etc/group
|
||||||
|
register_test retvalshouldbe 1
|
||||||
|
register_test contain "Some accounts have a legacy group entry"
|
||||||
|
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
describe correcting situation
|
||||||
|
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||||
|
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||||
|
|
||||||
|
describe Checking resolved state
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "All accounts have a valid group entry format"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
# cleanup
|
||||||
|
userdel $test_user
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user