From 2559dd82cb8c66f6f9cf660bb84e0b5ffe5faca5 Mon Sep 17 00:00:00 2001 From: Thibault Ayanides Date: Tue, 27 Oct 2020 16:44:14 +0100 Subject: [PATCH] IMP(5.1.8): add purposely failing tests --- tests/hardening/5.1.8_cron_users.sh | 51 ++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/tests/hardening/5.1.8_cron_users.sh b/tests/hardening/5.1.8_cron_users.sh index b333419..80807b8 100644 --- a/tests/hardening/5.1.8_cron_users.sh +++ b/tests/hardening/5.1.8_cron_users.sh @@ -6,5 +6,54 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + local test_user="testcrontabduser" + + describe Tests purposely failing + touch /etc/cron.deny /etc/at.deny + register_test retvalshouldbe 1 + register_test contain "/etc/cron.deny exists" + register_test contain "/etc/at.deny exists" + run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + describe correcting situation + sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg + /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + + touch /etc/cron.allow /etc/at.allow + describe Tests purposely failing + useradd $test_user + chown $test_user:$test_user /etc/cron.allow + chown $test_user:$test_user /etc/at.allow + register_test retvalshouldbe 1 + register_test contain "/etc/cron.allow ownership was not set to" + register_test contain "/etc/at.allow ownership was not set to" + run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + userdel $test_user + + describe correcting situation + sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg + /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + + describe Tests purposely failing + useradd $test_user + chmod 777 /etc/cron.allow + chmod 777 /etc/at.allow + register_test retvalshouldbe 1 + register_test contain "/etc/cron.allow permissions were not set to" + register_test contain "/etc/at.allow permissions were not set to" + run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + userdel $test_user + + describe correcting situation + sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg + /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + + describe Checking resolved state + register_test retvalshouldbe 0 + register_test contain "/etc/cron.allow has correct permissions" + register_test contain "/etc/cron.allow has correct ownership" + register_test contain "/etc/at.allow has correct permissions" + register_test contain "/etc/at.allow has correct ownership" + run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + }