diff --git a/bin/hardening.sh b/bin/hardening.sh index 8476ece..0ab2e78 100755 --- a/bin/hardening.sh +++ b/bin/hardening.sh @@ -201,21 +201,21 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ] || [ -z "${CIS_CONF_DIR}" ] || [ -z "${CIS_CHECKS_DIR}" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR, CIS_CONF_DIR, CIS_CHECKS_DIR variables, aborting." exit 128 fi # shellcheck source=../etc/hardening.cfg -[ -r "$CIS_ROOT_DIR"/etc/hardening.cfg ] && . "$CIS_ROOT_DIR"/etc/hardening.cfg +[ -r "${CIS_CONF_DIR}"/hardening.cfg ] && . "${CIS_CONF_DIR}"/hardening.cfg if [ "$ASK_LOGLEVEL" ]; then LOGLEVEL=$ASK_LOGLEVEL; fi # shellcheck source=../lib/common.sh -[ -r "$CIS_ROOT_DIR"/lib/common.sh ] && . "$CIS_ROOT_DIR"/lib/common.sh +[ -r "${CIS_LIB_DIR}"/common.sh ] && . "${CIS_LIB_DIR}"/common.sh # shellcheck source=../lib/utils.sh -[ -r "$CIS_ROOT_DIR"/lib/utils.sh ] && . "$CIS_ROOT_DIR"/lib/utils.sh +[ -r "${CIS_LIB_DIR}"/utils.sh ] && . "${CIS_LIB_DIR}"/utils.sh # shellcheck source=../lib/constants.sh -[ -r "$CIS_ROOT_DIR"/lib/constants.sh ] && . "$CIS_ROOT_DIR"/lib/constants.sh +[ -r "${CIS_LIB_DIR}"/constants.sh ] && . "${CIS_LIB_DIR}"/constants.sh # If we're on a unsupported platform and there is no flag --allow-unsupported-distribution # print warning, otherwise quit @@ -257,7 +257,7 @@ fi # If --allow-service-list is specified, don't run anything, just list the supported services if [ "$ALLOW_SERVICE_LIST" = 1 ]; then declare -a HARDENING_EXCEPTIONS_LIST - for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do + for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do template=$(grep "^HARDENING_EXCEPTION=" "$SCRIPT" | cut -d= -f2) [ -n "$template" ] && HARDENING_EXCEPTIONS_LIST[${#HARDENING_EXCEPTIONS_LIST[@]}]="$template" done @@ -272,7 +272,7 @@ if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then exit 1 fi - for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do + for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do SCRIPT_BASENAME=$(basename "$SCRIPT" .sh) script_level=$(grep "^HARDENING_LEVEL=" "$SCRIPT" | cut -d= -f2) if [ -z "$script_level" ]; then @@ -281,7 +281,7 @@ if [ -n "$SET_HARDENING_LEVEL" ] && [ "$SET_HARDENING_LEVEL" != 0 ]; then fi wantedstatus=disabled [ "$script_level" -le "$SET_HARDENING_LEVEL" ] && wantedstatus=enabled - sed -i -re "s/^status=.+/status=$wantedstatus/" "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg" + sed -i -re "s/^status=.+/status=$wantedstatus/" "${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg" done echo "Configuration modified to enable scripts for hardening level at or below $SET_HARDENING_LEVEL" exit 0 @@ -293,7 +293,7 @@ if [ "$CREATE_CONFIG" = 1 ] && [ "$EUID" -ne 0 ]; then fi # Parse every scripts and execute them in the required mode -for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do +for SCRIPT in $(find "${CIS_CHECKS_DIR}"/ -name "*.sh" | sort -V); do if [ "${#TEST_LIST[@]}" -gt 0 ]; then # --only X has been specified at least once, is this script in my list ? SCRIPT_PREFIX=$(grep -Eo '^[0-9.]+' <<<"$(basename "$SCRIPT")") @@ -332,8 +332,8 @@ for SCRIPT in $(find "$CIS_ROOT_DIR"/bin/hardening/ -name "*.sh" | sort -V); do PASSED_CHECKS=$((PASSED_CHECKS + 1)) if [ "$AUDIT_ALL_ENABLE_PASSED" = 1 ]; then SCRIPT_BASENAME=$(basename "$SCRIPT" .sh) - sed -i -re 's/^status=.+/status=enabled/' "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg" - info "Status set to enabled in $CIS_ROOT_DIR/etc/conf.d/$SCRIPT_BASENAME.cfg" + sed -i -re 's/^status=.+/status=enabled/' "${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg" + info "Status set to enabled in ${CIS_CONF_DIR}/conf.d/$SCRIPT_BASENAME.cfg" fi ;; 1) diff --git a/bin/hardening/1.1.1.1_disable_freevxfs.sh b/bin/hardening/1.1.1.1_disable_freevxfs.sh index 36c8712..92e3715 100755 --- a/bin/hardening/1.1.1.1_disable_freevxfs.sh +++ b/bin/hardening/1.1.1.1_disable_freevxfs.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.2_disable_jffs2.sh b/bin/hardening/1.1.1.2_disable_jffs2.sh index 713fba7..775a8b9 100755 --- a/bin/hardening/1.1.1.2_disable_jffs2.sh +++ b/bin/hardening/1.1.1.2_disable_jffs2.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.3_disable_hfs.sh b/bin/hardening/1.1.1.3_disable_hfs.sh index 6607d26..9ad94bd 100755 --- a/bin/hardening/1.1.1.3_disable_hfs.sh +++ b/bin/hardening/1.1.1.3_disable_hfs.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.4_disable_hfsplus.sh b/bin/hardening/1.1.1.4_disable_hfsplus.sh index 824d456..6c1e6c2 100755 --- a/bin/hardening/1.1.1.4_disable_hfsplus.sh +++ b/bin/hardening/1.1.1.4_disable_hfsplus.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.5_disable_squashfs.sh b/bin/hardening/1.1.1.5_disable_squashfs.sh index 8c6766e..506cd6b 100755 --- a/bin/hardening/1.1.1.5_disable_squashfs.sh +++ b/bin/hardening/1.1.1.5_disable_squashfs.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.6_disable_udf.sh b/bin/hardening/1.1.1.6_disable_udf.sh index e62d134..76944ff 100755 --- a/bin/hardening/1.1.1.6_disable_udf.sh +++ b/bin/hardening/1.1.1.6_disable_udf.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.7_restrict_fat.sh b/bin/hardening/1.1.1.7_restrict_fat.sh index be8954b..d442dd3 100755 --- a/bin/hardening/1.1.1.7_restrict_fat.sh +++ b/bin/hardening/1.1.1.7_restrict_fat.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.1.8_disable_cramfs.sh b/bin/hardening/1.1.1.8_disable_cramfs.sh index 6821561..b1a489d 100755 --- a/bin/hardening/1.1.1.8_disable_cramfs.sh +++ b/bin/hardening/1.1.1.8_disable_cramfs.sh @@ -60,17 +60,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.10_var_tmp_noexec.sh b/bin/hardening/1.1.10_var_tmp_noexec.sh index d1265de..04e6853 100755 --- a/bin/hardening/1.1.10_var_tmp_noexec.sh +++ b/bin/hardening/1.1.10_var_tmp_noexec.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.11.1_var_log_noexec.sh b/bin/hardening/1.1.11.1_var_log_noexec.sh index cbc4d03..e82fe95 100755 --- a/bin/hardening/1.1.11.1_var_log_noexec.sh +++ b/bin/hardening/1.1.11.1_var_log_noexec.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.11.2_var_log_nosuid.sh b/bin/hardening/1.1.11.2_var_log_nosuid.sh index 126f596..16c11af 100755 --- a/bin/hardening/1.1.11.2_var_log_nosuid.sh +++ b/bin/hardening/1.1.11.2_var_log_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.11.3_var_log_nodev.sh b/bin/hardening/1.1.11.3_var_log_nodev.sh index 09eb3be..821df1b 100755 --- a/bin/hardening/1.1.11.3_var_log_nodev.sh +++ b/bin/hardening/1.1.11.3_var_log_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.11_var_log_partition.sh b/bin/hardening/1.1.11_var_log_partition.sh index 8dffa6a..b3c1819 100755 --- a/bin/hardening/1.1.11_var_log_partition.sh +++ b/bin/hardening/1.1.11_var_log_partition.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.12.1_var_log_audit_noexec.sh b/bin/hardening/1.1.12.1_var_log_audit_noexec.sh index 0e1666d..25e2a7c 100755 --- a/bin/hardening/1.1.12.1_var_log_audit_noexec.sh +++ b/bin/hardening/1.1.12.1_var_log_audit_noexec.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh b/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh index 0970a0f..a69c1ed 100755 --- a/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh +++ b/bin/hardening/1.1.12.2_var_log_audit_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.12.3_var_log_audit_nodev.sh b/bin/hardening/1.1.12.3_var_log_audit_nodev.sh index bb6cd17..ce0ca18 100755 --- a/bin/hardening/1.1.12.3_var_log_audit_nodev.sh +++ b/bin/hardening/1.1.12.3_var_log_audit_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.12_var_log_audit_partition.sh b/bin/hardening/1.1.12_var_log_audit_partition.sh index ff5995c..cfc5ed0 100755 --- a/bin/hardening/1.1.12_var_log_audit_partition.sh +++ b/bin/hardening/1.1.12_var_log_audit_partition.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.13_home_partition.sh b/bin/hardening/1.1.13_home_partition.sh index c6a537c..49faeb8 100755 --- a/bin/hardening/1.1.13_home_partition.sh +++ b/bin/hardening/1.1.13_home_partition.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.14.1_home_nosuid.sh b/bin/hardening/1.1.14.1_home_nosuid.sh index 5fc1b6c..90a0a80 100755 --- a/bin/hardening/1.1.14.1_home_nosuid.sh +++ b/bin/hardening/1.1.14.1_home_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.14_home_nodev.sh b/bin/hardening/1.1.14_home_nodev.sh index e3221fb..7139a67 100755 --- a/bin/hardening/1.1.14_home_nodev.sh +++ b/bin/hardening/1.1.14_home_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.15_run_shm_nodev.sh b/bin/hardening/1.1.15_run_shm_nodev.sh index df9b839..4554d10 100755 --- a/bin/hardening/1.1.15_run_shm_nodev.sh +++ b/bin/hardening/1.1.15_run_shm_nodev.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.16_run_shm_nosuid.sh b/bin/hardening/1.1.16_run_shm_nosuid.sh index 82794ca..927cc56 100755 --- a/bin/hardening/1.1.16_run_shm_nosuid.sh +++ b/bin/hardening/1.1.16_run_shm_nosuid.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.17_run_shm_noexec.sh b/bin/hardening/1.1.17_run_shm_noexec.sh index 01cc4cc..a6f24a6 100755 --- a/bin/hardening/1.1.17_run_shm_noexec.sh +++ b/bin/hardening/1.1.17_run_shm_noexec.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.18_removable_device_nodev.sh b/bin/hardening/1.1.18_removable_device_nodev.sh index 4c4ef34..9c20af7 100755 --- a/bin/hardening/1.1.18_removable_device_nodev.sh +++ b/bin/hardening/1.1.18_removable_device_nodev.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.19_removable_device_nosuid.sh b/bin/hardening/1.1.19_removable_device_nosuid.sh index cecdca1..9597381 100755 --- a/bin/hardening/1.1.19_removable_device_nosuid.sh +++ b/bin/hardening/1.1.19_removable_device_nosuid.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.20_removable_device_noexec.sh b/bin/hardening/1.1.20_removable_device_noexec.sh index 4247044..1983acf 100755 --- a/bin/hardening/1.1.20_removable_device_noexec.sh +++ b/bin/hardening/1.1.20_removable_device_noexec.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh index b74413b..a7d4146 100755 --- a/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh +++ b/bin/hardening/1.1.21_sticky_bit_world_writable_folder.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.22_disable_automounting.sh b/bin/hardening/1.1.22_disable_automounting.sh index 62eb6e0..42a4768 100755 --- a/bin/hardening/1.1.22_disable_automounting.sh +++ b/bin/hardening/1.1.22_disable_automounting.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.23_disable_usb_storage.sh b/bin/hardening/1.1.23_disable_usb_storage.sh index 59faa80..df7aa12 100755 --- a/bin/hardening/1.1.23_disable_usb_storage.sh +++ b/bin/hardening/1.1.23_disable_usb_storage.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.2_tmp_partition.sh b/bin/hardening/1.1.2_tmp_partition.sh index 75a5458..3da15f5 100755 --- a/bin/hardening/1.1.2_tmp_partition.sh +++ b/bin/hardening/1.1.2_tmp_partition.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.3_tmp_nodev.sh b/bin/hardening/1.1.3_tmp_nodev.sh index 95f65e7..edfd187 100755 --- a/bin/hardening/1.1.3_tmp_nodev.sh +++ b/bin/hardening/1.1.3_tmp_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.4_tmp_nosuid.sh b/bin/hardening/1.1.4_tmp_nosuid.sh index 4225bf6..3450e4b 100755 --- a/bin/hardening/1.1.4_tmp_nosuid.sh +++ b/bin/hardening/1.1.4_tmp_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.5_tmp_noexec.sh b/bin/hardening/1.1.5_tmp_noexec.sh index 54fe441..8fa1c58 100755 --- a/bin/hardening/1.1.5_tmp_noexec.sh +++ b/bin/hardening/1.1.5_tmp_noexec.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.6.1_var_nodev.sh b/bin/hardening/1.1.6.1_var_nodev.sh index a84b642..45c92ef 100755 --- a/bin/hardening/1.1.6.1_var_nodev.sh +++ b/bin/hardening/1.1.6.1_var_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.6.2_var_nosuid.sh b/bin/hardening/1.1.6.2_var_nosuid.sh index 42a4a0e..7a3f02c 100755 --- a/bin/hardening/1.1.6.2_var_nosuid.sh +++ b/bin/hardening/1.1.6.2_var_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.6_var_partition.sh b/bin/hardening/1.1.6_var_partition.sh index 09d4757..bb97a55 100755 --- a/bin/hardening/1.1.6_var_partition.sh +++ b/bin/hardening/1.1.6_var_partition.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.7_var_tmp_partition.sh b/bin/hardening/1.1.7_var_tmp_partition.sh index 29dacac..1655613 100755 --- a/bin/hardening/1.1.7_var_tmp_partition.sh +++ b/bin/hardening/1.1.7_var_tmp_partition.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.8_var_tmp_nodev.sh b/bin/hardening/1.1.8_var_tmp_nodev.sh index ea6dd63..84aae2a 100755 --- a/bin/hardening/1.1.8_var_tmp_nodev.sh +++ b/bin/hardening/1.1.8_var_tmp_nodev.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.1.9_var_tmp_nosuid.sh b/bin/hardening/1.1.9_var_tmp_nosuid.sh index ac9a772..8f586c1 100755 --- a/bin/hardening/1.1.9_var_tmp_nosuid.sh +++ b/bin/hardening/1.1.9_var_tmp_nosuid.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.3.1_install_sudo.sh b/bin/hardening/1.3.1_install_sudo.sh index b2a99f7..61635de 100755 --- a/bin/hardening/1.3.1_install_sudo.sh +++ b/bin/hardening/1.3.1_install_sudo.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.3.2_pty_sudo.sh b/bin/hardening/1.3.2_pty_sudo.sh index c61d6ef..f0511d1 100755 --- a/bin/hardening/1.3.2_pty_sudo.sh +++ b/bin/hardening/1.3.2_pty_sudo.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.3.3_logfile_sudo.sh b/bin/hardening/1.3.3_logfile_sudo.sh index 2ff1416..dc5c9ac 100755 --- a/bin/hardening/1.3.3_logfile_sudo.sh +++ b/bin/hardening/1.3.3_logfile_sudo.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.4.1_install_tripwire.sh b/bin/hardening/1.4.1_install_tripwire.sh index aa77d00..b2ed7e3 100755 --- a/bin/hardening/1.4.1_install_tripwire.sh +++ b/bin/hardening/1.4.1_install_tripwire.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.4.2_tripwire_cron.sh b/bin/hardening/1.4.2_tripwire_cron.sh index 80ccfdd..7c76f27 100755 --- a/bin/hardening/1.4.2_tripwire_cron.sh +++ b/bin/hardening/1.4.2_tripwire_cron.sh @@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.5.1_bootloader_ownership.sh b/bin/hardening/1.5.1_bootloader_ownership.sh index 70dbd77..1374a89 100755 --- a/bin/hardening/1.5.1_bootloader_ownership.sh +++ b/bin/hardening/1.5.1_bootloader_ownership.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.5.2_bootloader_password.sh b/bin/hardening/1.5.2_bootloader_password.sh index 2ae0847..fd4a9ec 100755 --- a/bin/hardening/1.5.2_bootloader_password.sh +++ b/bin/hardening/1.5.2_bootloader_password.sh @@ -71,17 +71,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.5.3_root_password.sh b/bin/hardening/1.5.3_root_password.sh index e3cc8a7..f98896d 100755 --- a/bin/hardening/1.5.3_root_password.sh +++ b/bin/hardening/1.5.3_root_password.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.1_enable_nx_support.sh b/bin/hardening/1.6.1_enable_nx_support.sh index 2e03561..b202d6d 100755 --- a/bin/hardening/1.6.1_enable_nx_support.sh +++ b/bin/hardening/1.6.1_enable_nx_support.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.2_enable_randomized_vm_placement.sh b/bin/hardening/1.6.2_enable_randomized_vm_placement.sh index e158aef..9551ff1 100755 --- a/bin/hardening/1.6.2_enable_randomized_vm_placement.sh +++ b/bin/hardening/1.6.2_enable_randomized_vm_placement.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.3.1_disable_apport.sh b/bin/hardening/1.6.3.1_disable_apport.sh index c64bd8f..d6b9ca6 100755 --- a/bin/hardening/1.6.3.1_disable_apport.sh +++ b/bin/hardening/1.6.3.1_disable_apport.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.3_disable_prelink.sh b/bin/hardening/1.6.3_disable_prelink.sh index 043f49f..1efd568 100755 --- a/bin/hardening/1.6.3_disable_prelink.sh +++ b/bin/hardening/1.6.3_disable_prelink.sh @@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.6.4_restrict_core_dumps.sh b/bin/hardening/1.6.4_restrict_core_dumps.sh index 4890d98..19ae0ac 100755 --- a/bin/hardening/1.6.4_restrict_core_dumps.sh +++ b/bin/hardening/1.6.4_restrict_core_dumps.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.7.1.1_install_apparmor.sh b/bin/hardening/1.7.1.1_install_apparmor.sh index e32827c..faccba1 100755 --- a/bin/hardening/1.7.1.1_install_apparmor.sh +++ b/bin/hardening/1.7.1.1_install_apparmor.sh @@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.7.1.2_enable_apparmor.sh b/bin/hardening/1.7.1.2_enable_apparmor.sh index 5975365..9794104 100755 --- a/bin/hardening/1.7.1.2_enable_apparmor.sh +++ b/bin/hardening/1.7.1.2_enable_apparmor.sh @@ -118,17 +118,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh b/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh index 8a36381..003728a 100755 --- a/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh +++ b/bin/hardening/1.7.1.3_enforce_or_complain_apparmor.sh @@ -75,17 +75,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.7.1.4_enforcing_apparmor.sh b/bin/hardening/1.7.1.4_enforcing_apparmor.sh index 5ae9c80..f1cb847 100755 --- a/bin/hardening/1.7.1.4_enforcing_apparmor.sh +++ b/bin/hardening/1.7.1.4_enforcing_apparmor.sh @@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.1_remove_os_info_motd.sh b/bin/hardening/1.8.1.1_remove_os_info_motd.sh index 70e63d5..0911ac5 100755 --- a/bin/hardening/1.8.1.1_remove_os_info_motd.sh +++ b/bin/hardening/1.8.1.1_remove_os_info_motd.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.2_remove_os_info_issue.sh b/bin/hardening/1.8.1.2_remove_os_info_issue.sh index 89f3c78..5173e78 100755 --- a/bin/hardening/1.8.1.2_remove_os_info_issue.sh +++ b/bin/hardening/1.8.1.2_remove_os_info_issue.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh b/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh index 1fef6a0..0ab5c02 100755 --- a/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh +++ b/bin/hardening/1.8.1.3_remove_os_info_issue_net.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.4_motd_perms.sh b/bin/hardening/1.8.1.4_motd_perms.sh index e86d3a1..8a7539a 100755 --- a/bin/hardening/1.8.1.4_motd_perms.sh +++ b/bin/hardening/1.8.1.4_motd_perms.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.5_etc_issue_perms.sh b/bin/hardening/1.8.1.5_etc_issue_perms.sh index 51406db..cacebea 100755 --- a/bin/hardening/1.8.1.5_etc_issue_perms.sh +++ b/bin/hardening/1.8.1.5_etc_issue_perms.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.1.6_etc_issue_net_perms.sh b/bin/hardening/1.8.1.6_etc_issue_net_perms.sh index 0c66a65..87c73d7 100755 --- a/bin/hardening/1.8.1.6_etc_issue_net_perms.sh +++ b/bin/hardening/1.8.1.6_etc_issue_net_perms.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.8.2_graphical_warning_banners.sh b/bin/hardening/1.8.2_graphical_warning_banners.sh index 69335c1..ea0e842 100755 --- a/bin/hardening/1.8.2_graphical_warning_banners.sh +++ b/bin/hardening/1.8.2_graphical_warning_banners.sh @@ -37,17 +37,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/1.9_install_updates.sh b/bin/hardening/1.9_install_updates.sh index 07c6155..8ee1147 100755 --- a/bin/hardening/1.9_install_updates.sh +++ b/bin/hardening/1.9_install_updates.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.1.1_disable_xinetd.sh b/bin/hardening/2.1.1_disable_xinetd.sh index 6273a70..21dde81 100755 --- a/bin/hardening/2.1.1_disable_xinetd.sh +++ b/bin/hardening/2.1.1_disable_xinetd.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.1.2_disable_bsd_inetd.sh b/bin/hardening/2.1.2_disable_bsd_inetd.sh index 3425e21..cefc987 100755 --- a/bin/hardening/2.1.2_disable_bsd_inetd.sh +++ b/bin/hardening/2.1.2_disable_bsd_inetd.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.1.1_use_time_sync.sh b/bin/hardening/2.2.1.1_use_time_sync.sh index af9507f..13ac264 100755 --- a/bin/hardening/2.2.1.1_use_time_sync.sh +++ b/bin/hardening/2.2.1.1_use_time_sync.sh @@ -49,17 +49,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh b/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh index 6bbb561..6b8c15f 100755 --- a/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh +++ b/bin/hardening/2.2.1.2_configure_systemd-timesyncd.sh @@ -44,17 +44,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.1.3_configure_chrony.sh b/bin/hardening/2.2.1.3_configure_chrony.sh index 4404c53..2996e90 100755 --- a/bin/hardening/2.2.1.3_configure_chrony.sh +++ b/bin/hardening/2.2.1.3_configure_chrony.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.1.4_configure_ntp.sh b/bin/hardening/2.2.1.4_configure_ntp.sh index f8cfbe5..5f2fe8d 100755 --- a/bin/hardening/2.2.1.4_configure_ntp.sh +++ b/bin/hardening/2.2.1.4_configure_ntp.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.10_disable_http_server.sh b/bin/hardening/2.2.10_disable_http_server.sh index 6c15abe..73ad084 100755 --- a/bin/hardening/2.2.10_disable_http_server.sh +++ b/bin/hardening/2.2.10_disable_http_server.sh @@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.11_disable_imap_pop.sh b/bin/hardening/2.2.11_disable_imap_pop.sh index f65df29..ae11bd4 100755 --- a/bin/hardening/2.2.11_disable_imap_pop.sh +++ b/bin/hardening/2.2.11_disable_imap_pop.sh @@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.12_disable_samba.sh b/bin/hardening/2.2.12_disable_samba.sh index 940f0eb..3df06a0 100755 --- a/bin/hardening/2.2.12_disable_samba.sh +++ b/bin/hardening/2.2.12_disable_samba.sh @@ -71,17 +71,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.13_disable_http_proxy.sh b/bin/hardening/2.2.13_disable_http_proxy.sh index 199039c..85b0bb4 100755 --- a/bin/hardening/2.2.13_disable_http_proxy.sh +++ b/bin/hardening/2.2.13_disable_http_proxy.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.14_disable_snmp_server.sh b/bin/hardening/2.2.14_disable_snmp_server.sh index 12fe790..82d761a 100755 --- a/bin/hardening/2.2.14_disable_snmp_server.sh +++ b/bin/hardening/2.2.14_disable_snmp_server.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.15_mta_localhost.sh b/bin/hardening/2.2.15_mta_localhost.sh index 098af48..6a8d4f3 100755 --- a/bin/hardening/2.2.15_mta_localhost.sh +++ b/bin/hardening/2.2.15_mta_localhost.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.16_disable_rsync.sh b/bin/hardening/2.2.16_disable_rsync.sh index 4d91f26..64e4e1a 100755 --- a/bin/hardening/2.2.16_disable_rsync.sh +++ b/bin/hardening/2.2.16_disable_rsync.sh @@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.17_disable_nis.sh b/bin/hardening/2.2.17_disable_nis.sh index 438f3aa..e90f762 100755 --- a/bin/hardening/2.2.17_disable_nis.sh +++ b/bin/hardening/2.2.17_disable_nis.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.2_disable_xwindow_system.sh b/bin/hardening/2.2.2_disable_xwindow_system.sh index 0cbe0f5..ed36027 100755 --- a/bin/hardening/2.2.2_disable_xwindow_system.sh +++ b/bin/hardening/2.2.2_disable_xwindow_system.sh @@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.3_disable_avahi_server.sh b/bin/hardening/2.2.3_disable_avahi_server.sh index a2b2941..09322a3 100755 --- a/bin/hardening/2.2.3_disable_avahi_server.sh +++ b/bin/hardening/2.2.3_disable_avahi_server.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.4_disable_print_server.sh b/bin/hardening/2.2.4_disable_print_server.sh index 9a2239e..cf3e2bf 100755 --- a/bin/hardening/2.2.4_disable_print_server.sh +++ b/bin/hardening/2.2.4_disable_print_server.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.5_disable_dhcp.sh b/bin/hardening/2.2.5_disable_dhcp.sh index 6d33622..f7b9fd1 100755 --- a/bin/hardening/2.2.5_disable_dhcp.sh +++ b/bin/hardening/2.2.5_disable_dhcp.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.6_disable_ldap.sh b/bin/hardening/2.2.6_disable_ldap.sh index 09b4a0d..568ef3c 100755 --- a/bin/hardening/2.2.6_disable_ldap.sh +++ b/bin/hardening/2.2.6_disable_ldap.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.7_disable_nfs_rpc.sh b/bin/hardening/2.2.7_disable_nfs_rpc.sh index f2b98cf..54f42ab 100755 --- a/bin/hardening/2.2.7_disable_nfs_rpc.sh +++ b/bin/hardening/2.2.7_disable_nfs_rpc.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.8_disable_dns_server.sh b/bin/hardening/2.2.8_disable_dns_server.sh index b330da6..f07bcb9 100755 --- a/bin/hardening/2.2.8_disable_dns_server.sh +++ b/bin/hardening/2.2.8_disable_dns_server.sh @@ -57,17 +57,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.2.9_disable_ftp.sh b/bin/hardening/2.2.9_disable_ftp.sh index e0932d4..d184ac6 100755 --- a/bin/hardening/2.2.9_disable_ftp.sh +++ b/bin/hardening/2.2.9_disable_ftp.sh @@ -58,17 +58,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.1_disable_nis.sh b/bin/hardening/2.3.1_disable_nis.sh index 113ff15..10b5f90 100755 --- a/bin/hardening/2.3.1_disable_nis.sh +++ b/bin/hardening/2.3.1_disable_nis.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.2_disable_rsh_client.sh b/bin/hardening/2.3.2_disable_rsh_client.sh index b93b0fc..030099a 100755 --- a/bin/hardening/2.3.2_disable_rsh_client.sh +++ b/bin/hardening/2.3.2_disable_rsh_client.sh @@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.3_disable_talk_client.sh b/bin/hardening/2.3.3_disable_talk_client.sh index 4a63035..5bb5b8c 100755 --- a/bin/hardening/2.3.3_disable_talk_client.sh +++ b/bin/hardening/2.3.3_disable_talk_client.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.4_disable_telnet_client.sh b/bin/hardening/2.3.4_disable_telnet_client.sh index 00b75cf..6fb5418 100755 --- a/bin/hardening/2.3.4_disable_telnet_client.sh +++ b/bin/hardening/2.3.4_disable_telnet_client.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/2.3.5_disable_ldap_client.sh b/bin/hardening/2.3.5_disable_ldap_client.sh index ef1141d..d87c7fc 100755 --- a/bin/hardening/2.3.5_disable_ldap_client.sh +++ b/bin/hardening/2.3.5_disable_ldap_client.sh @@ -55,17 +55,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.1.1_disable_ipv6.sh b/bin/hardening/3.1.1_disable_ipv6.sh index 467588c..0ed8f3e 100755 --- a/bin/hardening/3.1.1_disable_ipv6.sh +++ b/bin/hardening/3.1.1_disable_ipv6.sh @@ -63,17 +63,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.1.2_disable_wireless.sh b/bin/hardening/3.1.2_disable_wireless.sh index 3dfa777..5b656d0 100755 --- a/bin/hardening/3.1.2_disable_wireless.sh +++ b/bin/hardening/3.1.2_disable_wireless.sh @@ -37,29 +37,29 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi ## Source Root Dir Parameter #if [ ! -r /etc/default/cis-hardening ]; then -# echo "There is no /etc/default/cis-hardening file, cannot source CIS_ROOT_DIR variable, aborting" +# echo "There is no /etc/default/cis-hardening file, cannot source CIS_LIB_DIR variable, aborting" # exit 128 #else # shellcheck source=../../debian/default # . /etc/default/cis-hardening -# if [ -z ${CIS_ROOT_DIR:-} ]; then -# echo "No CIS_ROOT_DIR variable, aborting" +# if [ -z ${CIS_LIB_DIR:-} ]; then +# echo "No CIS_LIB_DIR variable, aborting" # exit 128 # fi #fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.2.1_disable_send_packet_redirects.sh b/bin/hardening/3.2.1_disable_send_packet_redirects.sh index 077a102..ea6ca75 100755 --- a/bin/hardening/3.2.1_disable_send_packet_redirects.sh +++ b/bin/hardening/3.2.1_disable_send_packet_redirects.sh @@ -67,17 +67,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.2.2_disable_ip_forwarding.sh b/bin/hardening/3.2.2_disable_ip_forwarding.sh index 46a2fb3..6946314 100755 --- a/bin/hardening/3.2.2_disable_ip_forwarding.sh +++ b/bin/hardening/3.2.2_disable_ip_forwarding.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.1_disable_source_routed_packets.sh b/bin/hardening/3.3.1_disable_source_routed_packets.sh index f1538a5..fe4b0ac 100755 --- a/bin/hardening/3.3.1_disable_source_routed_packets.sh +++ b/bin/hardening/3.3.1_disable_source_routed_packets.sh @@ -76,17 +76,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.2_disable_icmp_redirect.sh b/bin/hardening/3.3.2_disable_icmp_redirect.sh index 69a351d..4bc28e6 100755 --- a/bin/hardening/3.3.2_disable_icmp_redirect.sh +++ b/bin/hardening/3.3.2_disable_icmp_redirect.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.3_disable_secure_icmp_redirect.sh b/bin/hardening/3.3.3_disable_secure_icmp_redirect.sh index 037470a..5ae544f 100755 --- a/bin/hardening/3.3.3_disable_secure_icmp_redirect.sh +++ b/bin/hardening/3.3.3_disable_secure_icmp_redirect.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.4_log_martian_packets.sh b/bin/hardening/3.3.4_log_martian_packets.sh index 2e2a869..28ff74e 100755 --- a/bin/hardening/3.3.4_log_martian_packets.sh +++ b/bin/hardening/3.3.4_log_martian_packets.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.5_ignore_broadcast_requests.sh b/bin/hardening/3.3.5_ignore_broadcast_requests.sh index b2a2841..2ca57bb 100755 --- a/bin/hardening/3.3.5_ignore_broadcast_requests.sh +++ b/bin/hardening/3.3.5_ignore_broadcast_requests.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.6_enable_bad_error_message_protection.sh b/bin/hardening/3.3.6_enable_bad_error_message_protection.sh index 8ceb274..43e6c59 100755 --- a/bin/hardening/3.3.6_enable_bad_error_message_protection.sh +++ b/bin/hardening/3.3.6_enable_bad_error_message_protection.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.7_enable_source_route_validation.sh b/bin/hardening/3.3.7_enable_source_route_validation.sh index a03cc11..2e50d5e 100755 --- a/bin/hardening/3.3.7_enable_source_route_validation.sh +++ b/bin/hardening/3.3.7_enable_source_route_validation.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.8_enable_tcp_syn_cookies.sh b/bin/hardening/3.3.8_enable_tcp_syn_cookies.sh index 9d54caf..16038e3 100755 --- a/bin/hardening/3.3.8_enable_tcp_syn_cookies.sh +++ b/bin/hardening/3.3.8_enable_tcp_syn_cookies.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh b/bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh index c6b3a85..18b46c0 100755 --- a/bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh +++ b/bin/hardening/3.3.9_disable_ipv6_router_advertisement.sh @@ -75,17 +75,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.4.1_disable_dccp.sh b/bin/hardening/3.4.1_disable_dccp.sh index ba1ceed..218c429 100755 --- a/bin/hardening/3.4.1_disable_dccp.sh +++ b/bin/hardening/3.4.1_disable_dccp.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.4.2_disable_sctp.sh b/bin/hardening/3.4.2_disable_sctp.sh index d7a3ad9..94f1b40 100755 --- a/bin/hardening/3.4.2_disable_sctp.sh +++ b/bin/hardening/3.4.2_disable_sctp.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.4.3_disable_rds.sh b/bin/hardening/3.4.3_disable_rds.sh index e10f9cc..03b37c7 100755 --- a/bin/hardening/3.4.3_disable_rds.sh +++ b/bin/hardening/3.4.3_disable_rds.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.4.4_disable_tipc.sh b/bin/hardening/3.4.4_disable_tipc.sh index f38c687..e49a878 100755 --- a/bin/hardening/3.4.4_disable_tipc.sh +++ b/bin/hardening/3.4.4_disable_tipc.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.5.1.1_enable_firewall.sh b/bin/hardening/3.5.1.1_enable_firewall.sh index 169c598..1163387 100755 --- a/bin/hardening/3.5.1.1_enable_firewall.sh +++ b/bin/hardening/3.5.1.1_enable_firewall.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh b/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh index 1d40127..ca76aeb 100755 --- a/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh +++ b/bin/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.1.1_install_auditd.sh b/bin/hardening/4.1.1.1_install_auditd.sh index 375c34d..6447356 100755 --- a/bin/hardening/4.1.1.1_install_auditd.sh +++ b/bin/hardening/4.1.1.1_install_auditd.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.1.2_enable_auditd.sh b/bin/hardening/4.1.1.2_enable_auditd.sh index 2bfb7cc..2edfbb8 100755 --- a/bin/hardening/4.1.1.2_enable_auditd.sh +++ b/bin/hardening/4.1.1.2_enable_auditd.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.1.3_audit_bootloader.sh b/bin/hardening/4.1.1.3_audit_bootloader.sh index 01bb518..22fd58a 100755 --- a/bin/hardening/4.1.1.3_audit_bootloader.sh +++ b/bin/hardening/4.1.1.3_audit_bootloader.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.1.4_audit_backlog_limit.sh b/bin/hardening/4.1.1.4_audit_backlog_limit.sh index 1186349..924a8aa 100755 --- a/bin/hardening/4.1.1.4_audit_backlog_limit.sh +++ b/bin/hardening/4.1.1.4_audit_backlog_limit.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.10_record_failed_access_file.sh b/bin/hardening/4.1.10_record_failed_access_file.sh index 68d72bd..328f0ef 100755 --- a/bin/hardening/4.1.10_record_failed_access_file.sh +++ b/bin/hardening/4.1.10_record_failed_access_file.sh @@ -90,17 +90,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.11_record_privileged_commands.sh b/bin/hardening/4.1.11_record_privileged_commands.sh index 87dac9a..d91e2e2 100755 --- a/bin/hardening/4.1.11_record_privileged_commands.sh +++ b/bin/hardening/4.1.11_record_privileged_commands.sh @@ -90,17 +90,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.12_record_successful_mount.sh b/bin/hardening/4.1.12_record_successful_mount.sh index ca794dd..445adde 100755 --- a/bin/hardening/4.1.12_record_successful_mount.sh +++ b/bin/hardening/4.1.12_record_successful_mount.sh @@ -88,17 +88,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.13_record_file_deletions.sh b/bin/hardening/4.1.13_record_file_deletions.sh index 8bc7b1d..aa60273 100755 --- a/bin/hardening/4.1.13_record_file_deletions.sh +++ b/bin/hardening/4.1.13_record_file_deletions.sh @@ -88,17 +88,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.14_record_sudoers_edit.sh b/bin/hardening/4.1.14_record_sudoers_edit.sh index 1e23023..f000b45 100755 --- a/bin/hardening/4.1.14_record_sudoers_edit.sh +++ b/bin/hardening/4.1.14_record_sudoers_edit.sh @@ -88,17 +88,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.15_record_sudo_usage.sh b/bin/hardening/4.1.15_record_sudo_usage.sh index 0e325c5..e66982a 100755 --- a/bin/hardening/4.1.15_record_sudo_usage.sh +++ b/bin/hardening/4.1.15_record_sudo_usage.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.16_record_kernel_modules.sh b/bin/hardening/4.1.16_record_kernel_modules.sh index 902aa61..b9699c0 100755 --- a/bin/hardening/4.1.16_record_kernel_modules.sh +++ b/bin/hardening/4.1.16_record_kernel_modules.sh @@ -90,17 +90,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.17_freeze_auditd_conf.sh b/bin/hardening/4.1.17_freeze_auditd_conf.sh index c367d21..3416cbb 100755 --- a/bin/hardening/4.1.17_freeze_auditd_conf.sh +++ b/bin/hardening/4.1.17_freeze_auditd_conf.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.2.1_audit_log_storage.sh b/bin/hardening/4.1.2.1_audit_log_storage.sh index 120a1dd..0558302 100755 --- a/bin/hardening/4.1.2.1_audit_log_storage.sh +++ b/bin/hardening/4.1.2.1_audit_log_storage.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.2.2_halt_when_audit_log_full.sh b/bin/hardening/4.1.2.2_halt_when_audit_log_full.sh index 3a2b94b..0196d79 100755 --- a/bin/hardening/4.1.2.2_halt_when_audit_log_full.sh +++ b/bin/hardening/4.1.2.2_halt_when_audit_log_full.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.2.3_keep_all_audit_logs.sh b/bin/hardening/4.1.2.3_keep_all_audit_logs.sh index eba4e74..764595b 100755 --- a/bin/hardening/4.1.2.3_keep_all_audit_logs.sh +++ b/bin/hardening/4.1.2.3_keep_all_audit_logs.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.3_record_date_time_edit.sh b/bin/hardening/4.1.3_record_date_time_edit.sh index 2870eae..f4c498f 100755 --- a/bin/hardening/4.1.3_record_date_time_edit.sh +++ b/bin/hardening/4.1.3_record_date_time_edit.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.4_record_user_group_edit.sh b/bin/hardening/4.1.4_record_user_group_edit.sh index 429c5f2..f170a7e 100755 --- a/bin/hardening/4.1.4_record_user_group_edit.sh +++ b/bin/hardening/4.1.4_record_user_group_edit.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.5_record_network_edit.sh b/bin/hardening/4.1.5_record_network_edit.sh index 2f47aee..da8b78c 100755 --- a/bin/hardening/4.1.5_record_network_edit.sh +++ b/bin/hardening/4.1.5_record_network_edit.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.6_record_mac_edit.sh b/bin/hardening/4.1.6_record_mac_edit.sh index 24c7076..e61e10b 100755 --- a/bin/hardening/4.1.6_record_mac_edit.sh +++ b/bin/hardening/4.1.6_record_mac_edit.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.7_record_login_logout.sh b/bin/hardening/4.1.7_record_login_logout.sh index 687584f..420b944 100755 --- a/bin/hardening/4.1.7_record_login_logout.sh +++ b/bin/hardening/4.1.7_record_login_logout.sh @@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.8_record_session_init.sh b/bin/hardening/4.1.8_record_session_init.sh index 896d15c..45d8650 100755 --- a/bin/hardening/4.1.8_record_session_init.sh +++ b/bin/hardening/4.1.8_record_session_init.sh @@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.1.9_record_dac_edit.sh b/bin/hardening/4.1.9_record_dac_edit.sh index 475b287..8f9af05 100755 --- a/bin/hardening/4.1.9_record_dac_edit.sh +++ b/bin/hardening/4.1.9_record_dac_edit.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.1_install_syslog-ng.sh b/bin/hardening/4.2.1.1_install_syslog-ng.sh index 3a1d8e6..1cb6ebb 100755 --- a/bin/hardening/4.2.1.1_install_syslog-ng.sh +++ b/bin/hardening/4.2.1.1_install_syslog-ng.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.2_enable_syslog-ng.sh b/bin/hardening/4.2.1.2_enable_syslog-ng.sh index 8df4653..4a0dc4e 100755 --- a/bin/hardening/4.2.1.2_enable_syslog-ng.sh +++ b/bin/hardening/4.2.1.2_enable_syslog-ng.sh @@ -64,17 +64,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.3_configure_syslog-ng.sh b/bin/hardening/4.2.1.3_configure_syslog-ng.sh index 715a4ed..4833ee3 100755 --- a/bin/hardening/4.2.1.3_configure_syslog-ng.sh +++ b/bin/hardening/4.2.1.3_configure_syslog-ng.sh @@ -42,17 +42,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh b/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh index 65e60a0..b9efcc4 100755 --- a/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh +++ b/bin/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh @@ -159,17 +159,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh b/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh index 2b9e7f5..59a8463 100755 --- a/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh +++ b/bin/hardening/4.2.1.5_syslog-ng_remote_host.sh @@ -84,17 +84,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh index 50d983e..9db6856 100755 --- a/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh +++ b/bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh @@ -108,17 +108,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.2.1_journald_logs.sh b/bin/hardening/4.2.2.1_journald_logs.sh index 1fc28a1..bef7332 100755 --- a/bin/hardening/4.2.2.1_journald_logs.sh +++ b/bin/hardening/4.2.2.1_journald_logs.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.2.2_journald_compress.sh b/bin/hardening/4.2.2.2_journald_compress.sh index cd44b9c..7057fc3 100755 --- a/bin/hardening/4.2.2.2_journald_compress.sh +++ b/bin/hardening/4.2.2.2_journald_compress.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.2.3_journald_write_persistent.sh b/bin/hardening/4.2.2.3_journald_write_persistent.sh index 8dcd492..46ba769 100755 --- a/bin/hardening/4.2.2.3_journald_write_persistent.sh +++ b/bin/hardening/4.2.2.3_journald_write_persistent.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.2.3_logs_permissions.sh b/bin/hardening/4.2.3_logs_permissions.sh index 2f19812..7702004 100755 --- a/bin/hardening/4.2.3_logs_permissions.sh +++ b/bin/hardening/4.2.3_logs_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.3_configure_logrotate.sh b/bin/hardening/4.3_configure_logrotate.sh index 06abe87..d109360 100755 --- a/bin/hardening/4.3_configure_logrotate.sh +++ b/bin/hardening/4.3_configure_logrotate.sh @@ -42,17 +42,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/4.4_logrotate_permissions.sh b/bin/hardening/4.4_logrotate_permissions.sh index bffddb4..2de14e7 100755 --- a/bin/hardening/4.4_logrotate_permissions.sh +++ b/bin/hardening/4.4_logrotate_permissions.sh @@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.1_enable_cron.sh b/bin/hardening/5.1.1_enable_cron.sh index bdd1f98..a716cbf 100755 --- a/bin/hardening/5.1.1_enable_cron.sh +++ b/bin/hardening/5.1.1_enable_cron.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.2_crontab_perm_ownership.sh b/bin/hardening/5.1.2_crontab_perm_ownership.sh index f3d37ba..419032b 100755 --- a/bin/hardening/5.1.2_crontab_perm_ownership.sh +++ b/bin/hardening/5.1.2_crontab_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.3_cron_hourly_perm_ownership.sh b/bin/hardening/5.1.3_cron_hourly_perm_ownership.sh index 44bb57b..d4fbad6 100755 --- a/bin/hardening/5.1.3_cron_hourly_perm_ownership.sh +++ b/bin/hardening/5.1.3_cron_hourly_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.4_cron_daily_perm_ownership.sh b/bin/hardening/5.1.4_cron_daily_perm_ownership.sh index 5ad3449..fa57556 100755 --- a/bin/hardening/5.1.4_cron_daily_perm_ownership.sh +++ b/bin/hardening/5.1.4_cron_daily_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.5_cron_weekly_perm_ownership.sh b/bin/hardening/5.1.5_cron_weekly_perm_ownership.sh index 5c5258e..29aad24 100755 --- a/bin/hardening/5.1.5_cron_weekly_perm_ownership.sh +++ b/bin/hardening/5.1.5_cron_weekly_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.6_cron_monthly_perm_ownership.sh b/bin/hardening/5.1.6_cron_monthly_perm_ownership.sh index 1ff9296..17367fc 100755 --- a/bin/hardening/5.1.6_cron_monthly_perm_ownership.sh +++ b/bin/hardening/5.1.6_cron_monthly_perm_ownership.sh @@ -86,17 +86,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.7_cron_d_perm_ownership.sh b/bin/hardening/5.1.7_cron_d_perm_ownership.sh index 36334b3..bb6e160 100755 --- a/bin/hardening/5.1.7_cron_d_perm_ownership.sh +++ b/bin/hardening/5.1.7_cron_d_perm_ownership.sh @@ -80,17 +80,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.1.8_cron_users.sh b/bin/hardening/5.1.8_cron_users.sh index 8422e11..958d62c 100755 --- a/bin/hardening/5.1.8_cron_users.sh +++ b/bin/hardening/5.1.8_cron_users.sh @@ -108,17 +108,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.10_disable_root_login.sh b/bin/hardening/5.2.10_disable_root_login.sh index 1972124..04bf510 100755 --- a/bin/hardening/5.2.10_disable_root_login.sh +++ b/bin/hardening/5.2.10_disable_root_login.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh b/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh index 22d4297..d713552 100755 --- a/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh +++ b/bin/hardening/5.2.11_disable_sshd_permitemptypasswords.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.12_disable_sshd_setenv.sh b/bin/hardening/5.2.12_disable_sshd_setenv.sh index e6be4d1..0ba0879 100755 --- a/bin/hardening/5.2.12_disable_sshd_setenv.sh +++ b/bin/hardening/5.2.12_disable_sshd_setenv.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.13_sshd_ciphers.sh b/bin/hardening/5.2.13_sshd_ciphers.sh index 81447d5..d849432 100755 --- a/bin/hardening/5.2.13_sshd_ciphers.sh +++ b/bin/hardening/5.2.13_sshd_ciphers.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.14_ssh_cry_mac.sh b/bin/hardening/5.2.14_ssh_cry_mac.sh index 6894aff..be415bd 100755 --- a/bin/hardening/5.2.14_ssh_cry_mac.sh +++ b/bin/hardening/5.2.14_ssh_cry_mac.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.15_ssh_cry_kex.sh b/bin/hardening/5.2.15_ssh_cry_kex.sh index c6c774f..9bddbe1 100755 --- a/bin/hardening/5.2.15_ssh_cry_kex.sh +++ b/bin/hardening/5.2.15_ssh_cry_kex.sh @@ -99,17 +99,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.16_sshd_idle_timeout.sh b/bin/hardening/5.2.16_sshd_idle_timeout.sh index 93b7ca2..d6619d4 100755 --- a/bin/hardening/5.2.16_sshd_idle_timeout.sh +++ b/bin/hardening/5.2.16_sshd_idle_timeout.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.17_sshd_login_grace_time.sh b/bin/hardening/5.2.17_sshd_login_grace_time.sh index 4d698bc..e807579 100755 --- a/bin/hardening/5.2.17_sshd_login_grace_time.sh +++ b/bin/hardening/5.2.17_sshd_login_grace_time.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.18_sshd_limit_access.sh b/bin/hardening/5.2.18_sshd_limit_access.sh index 1a5916b..99198f7 100755 --- a/bin/hardening/5.2.18_sshd_limit_access.sh +++ b/bin/hardening/5.2.18_sshd_limit_access.sh @@ -114,17 +114,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.19_ssh_banner.sh b/bin/hardening/5.2.19_ssh_banner.sh index c689fa6..cdbcb55 100755 --- a/bin/hardening/5.2.19_ssh_banner.sh +++ b/bin/hardening/5.2.19_ssh_banner.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh b/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh index 76599b9..cd69858 100755 --- a/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh +++ b/bin/hardening/5.2.1_sshd_conf_perm_ownership.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.20_enable_ssh_pam.sh b/bin/hardening/5.2.20_enable_ssh_pam.sh index 1ddf034..ffb5563 100755 --- a/bin/hardening/5.2.20_enable_ssh_pam.sh +++ b/bin/hardening/5.2.20_enable_ssh_pam.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh b/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh index 0668724..bcf6023 100755 --- a/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh +++ b/bin/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.22_configure_ssh_max_startups.sh b/bin/hardening/5.2.22_configure_ssh_max_startups.sh index 2f45d8d..2fb8ed7 100755 --- a/bin/hardening/5.2.22_configure_ssh_max_startups.sh +++ b/bin/hardening/5.2.22_configure_ssh_max_startups.sh @@ -95,17 +95,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.23_limit_ssh_max_sessions.sh b/bin/hardening/5.2.23_limit_ssh_max_sessions.sh index 7a0c94f..c094c13 100755 --- a/bin/hardening/5.2.23_limit_ssh_max_sessions.sh +++ b/bin/hardening/5.2.23_limit_ssh_max_sessions.sh @@ -107,17 +107,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh b/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh index 3285791..7ee3d36 100755 --- a/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh +++ b/bin/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh @@ -100,17 +100,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh index ac5fd76..743157c 100755 --- a/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh +++ b/bin/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh @@ -101,17 +101,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.4_sshd_protocol.sh b/bin/hardening/5.2.4_sshd_protocol.sh index 03a8fda..1be613b 100755 --- a/bin/hardening/5.2.4_sshd_protocol.sh +++ b/bin/hardening/5.2.4_sshd_protocol.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.5_sshd_loglevel.sh b/bin/hardening/5.2.5_sshd_loglevel.sh index ee47d8f..7e2f56f 100755 --- a/bin/hardening/5.2.5_sshd_loglevel.sh +++ b/bin/hardening/5.2.5_sshd_loglevel.sh @@ -94,17 +94,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.6_disable_x11_forwarding.sh b/bin/hardening/5.2.6_disable_x11_forwarding.sh index 4cf04ad..e917ba0 100755 --- a/bin/hardening/5.2.6_disable_x11_forwarding.sh +++ b/bin/hardening/5.2.6_disable_x11_forwarding.sh @@ -92,17 +92,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.7_sshd_maxauthtries.sh b/bin/hardening/5.2.7_sshd_maxauthtries.sh index 3d43324..5ed868d 100755 --- a/bin/hardening/5.2.7_sshd_maxauthtries.sh +++ b/bin/hardening/5.2.7_sshd_maxauthtries.sh @@ -106,17 +106,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh index bd92396..aa82cf9 100755 --- a/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh +++ b/bin/hardening/5.2.8_enable_sshd_ignorerhosts.sh @@ -90,17 +90,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh b/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh index 0ef03a4..2eaa287 100755 --- a/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh +++ b/bin/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.3.1_enable_pwquality.sh b/bin/hardening/5.3.1_enable_pwquality.sh index d966cc8..b1121bb 100755 --- a/bin/hardening/5.3.1_enable_pwquality.sh +++ b/bin/hardening/5.3.1_enable_pwquality.sh @@ -109,17 +109,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.3.2_enable_lockout_failed_password.sh b/bin/hardening/5.3.2_enable_lockout_failed_password.sh index 2104540..763e197 100755 --- a/bin/hardening/5.3.2_enable_lockout_failed_password.sh +++ b/bin/hardening/5.3.2_enable_lockout_failed_password.sh @@ -89,17 +89,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.3.3_limit_password_reuse.sh b/bin/hardening/5.3.3_limit_password_reuse.sh index 3845db7..13c646c 100755 --- a/bin/hardening/5.3.3_limit_password_reuse.sh +++ b/bin/hardening/5.3.3_limit_password_reuse.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.3.4_acc_pam_sha512.sh b/bin/hardening/5.3.4_acc_pam_sha512.sh index 6d449fc..0cb6045 100755 --- a/bin/hardening/5.3.4_acc_pam_sha512.sh +++ b/bin/hardening/5.3.4_acc_pam_sha512.sh @@ -69,17 +69,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.1_set_password_exp_days.sh b/bin/hardening/5.4.1.1_set_password_exp_days.sh index 1ef273e..dcefdf8 100755 --- a/bin/hardening/5.4.1.1_set_password_exp_days.sh +++ b/bin/hardening/5.4.1.1_set_password_exp_days.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.2_set_password_min_days_change.sh b/bin/hardening/5.4.1.2_set_password_min_days_change.sh index 378fa56..9980d12 100755 --- a/bin/hardening/5.4.1.2_set_password_min_days_change.sh +++ b/bin/hardening/5.4.1.2_set_password_min_days_change.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.3_set_password_exp_warning_days.sh b/bin/hardening/5.4.1.3_set_password_exp_warning_days.sh index ab5631a..f991a37 100755 --- a/bin/hardening/5.4.1.3_set_password_exp_warning_days.sh +++ b/bin/hardening/5.4.1.3_set_password_exp_warning_days.sh @@ -91,17 +91,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.4_lock_inactive_user_account.sh b/bin/hardening/5.4.1.4_lock_inactive_user_account.sh index f85f375..87cb2bc 100755 --- a/bin/hardening/5.4.1.4_lock_inactive_user_account.sh +++ b/bin/hardening/5.4.1.4_lock_inactive_user_account.sh @@ -41,17 +41,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.1.5_last_password_change_past.sh b/bin/hardening/5.4.1.5_last_password_change_past.sh index 1ada746..3beefc2 100755 --- a/bin/hardening/5.4.1.5_last_password_change_past.sh +++ b/bin/hardening/5.4.1.5_last_password_change_past.sh @@ -37,17 +37,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.2_disable_system_accounts.sh b/bin/hardening/5.4.2_disable_system_accounts.sh index fe320a1..439caba 100755 --- a/bin/hardening/5.4.2_disable_system_accounts.sh +++ b/bin/hardening/5.4.2_disable_system_accounts.sh @@ -114,17 +114,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.3_default_root_group.sh b/bin/hardening/5.4.3_default_root_group.sh index a807e3b..f0d4e26 100755 --- a/bin/hardening/5.4.3_default_root_group.sh +++ b/bin/hardening/5.4.3_default_root_group.sh @@ -49,17 +49,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.4_default_umask.sh b/bin/hardening/5.4.4_default_umask.sh index 8a64f1c..b0f9aa4 100755 --- a/bin/hardening/5.4.4_default_umask.sh +++ b/bin/hardening/5.4.4_default_umask.sh @@ -101,17 +101,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.4.5_default_timeout.sh b/bin/hardening/5.4.5_default_timeout.sh index 5cfdd85..6355ebc 100755 --- a/bin/hardening/5.4.5_default_timeout.sh +++ b/bin/hardening/5.4.5_default_timeout.sh @@ -104,17 +104,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.5_secure_tty.sh b/bin/hardening/5.5_secure_tty.sh index 0901ca1..006d670 100755 --- a/bin/hardening/5.5_secure_tty.sh +++ b/bin/hardening/5.5_secure_tty.sh @@ -41,17 +41,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/5.6_restrict_su.sh b/bin/hardening/5.6_restrict_su.sh index c34d6fb..60a5423 100755 --- a/bin/hardening/5.6_restrict_su.sh +++ b/bin/hardening/5.6_restrict_su.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.10_find_world_writable_file.sh b/bin/hardening/6.1.10_find_world_writable_file.sh index 5b66a8e..1722630 100755 --- a/bin/hardening/6.1.10_find_world_writable_file.sh +++ b/bin/hardening/6.1.10_find_world_writable_file.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.11_find_unowned_files.sh b/bin/hardening/6.1.11_find_unowned_files.sh index cadf9e3..2173e44 100755 --- a/bin/hardening/6.1.11_find_unowned_files.sh +++ b/bin/hardening/6.1.11_find_unowned_files.sh @@ -81,17 +81,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.12_find_ungrouped_files.sh b/bin/hardening/6.1.12_find_ungrouped_files.sh index a860ccc..81a20c8 100755 --- a/bin/hardening/6.1.12_find_ungrouped_files.sh +++ b/bin/hardening/6.1.12_find_ungrouped_files.sh @@ -82,17 +82,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.13_find_suid_files.sh b/bin/hardening/6.1.13_find_suid_files.sh index a753d12..820a6bb 100755 --- a/bin/hardening/6.1.13_find_suid_files.sh +++ b/bin/hardening/6.1.13_find_suid_files.sh @@ -85,17 +85,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.14_find_sgid_files.sh b/bin/hardening/6.1.14_find_sgid_files.sh index 0cbe248..f16106e 100755 --- a/bin/hardening/6.1.14_find_sgid_files.sh +++ b/bin/hardening/6.1.14_find_sgid_files.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.2_etc_passwd_permissions.sh b/bin/hardening/6.1.2_etc_passwd_permissions.sh index a64aac8..5bba2f9 100755 --- a/bin/hardening/6.1.2_etc_passwd_permissions.sh +++ b/bin/hardening/6.1.2_etc_passwd_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.3_etc_gshadow-_permissions.sh b/bin/hardening/6.1.3_etc_gshadow-_permissions.sh index 3714adc..6cc781d 100755 --- a/bin/hardening/6.1.3_etc_gshadow-_permissions.sh +++ b/bin/hardening/6.1.3_etc_gshadow-_permissions.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.4_etc_shadow_permissions.sh b/bin/hardening/6.1.4_etc_shadow_permissions.sh index 34e0a7a..46f0369 100755 --- a/bin/hardening/6.1.4_etc_shadow_permissions.sh +++ b/bin/hardening/6.1.4_etc_shadow_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.5_etc_group_permissions.sh b/bin/hardening/6.1.5_etc_group_permissions.sh index b7f0731..175e430 100755 --- a/bin/hardening/6.1.5_etc_group_permissions.sh +++ b/bin/hardening/6.1.5_etc_group_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.6_etc_passwd-_permissions.sh b/bin/hardening/6.1.6_etc_passwd-_permissions.sh index 4019b50..781b9ff 100755 --- a/bin/hardening/6.1.6_etc_passwd-_permissions.sh +++ b/bin/hardening/6.1.6_etc_passwd-_permissions.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.7_etc_shadow-_permissions.sh b/bin/hardening/6.1.7_etc_shadow-_permissions.sh index 6adea07..a67e59e 100755 --- a/bin/hardening/6.1.7_etc_shadow-_permissions.sh +++ b/bin/hardening/6.1.7_etc_shadow-_permissions.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.8_etc_group-_permissions.sh b/bin/hardening/6.1.8_etc_group-_permissions.sh index eed99d5..b14e447 100755 --- a/bin/hardening/6.1.8_etc_group-_permissions.sh +++ b/bin/hardening/6.1.8_etc_group-_permissions.sh @@ -77,17 +77,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.1.9_etc_gshadow_permissions.sh b/bin/hardening/6.1.9_etc_gshadow_permissions.sh index b1e7871..856f9e5 100755 --- a/bin/hardening/6.1.9_etc_gshadow_permissions.sh +++ b/bin/hardening/6.1.9_etc_gshadow_permissions.sh @@ -66,17 +66,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.10_check_user_dot_file_perm.sh b/bin/hardening/6.2.10_check_user_dot_file_perm.sh index b892ce7..a8adfc7 100755 --- a/bin/hardening/6.2.10_check_user_dot_file_perm.sh +++ b/bin/hardening/6.2.10_check_user_dot_file_perm.sh @@ -72,17 +72,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.11_find_user_forward_files.sh b/bin/hardening/6.2.11_find_user_forward_files.sh index f391e59..5f23d16 100755 --- a/bin/hardening/6.2.11_find_user_forward_files.sh +++ b/bin/hardening/6.2.11_find_user_forward_files.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.12_find_user_netrc_files.sh b/bin/hardening/6.2.12_find_user_netrc_files.sh index 65682b9..e146e4b 100755 --- a/bin/hardening/6.2.12_find_user_netrc_files.sh +++ b/bin/hardening/6.2.12_find_user_netrc_files.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.13_set_perm_on_user_netrc.sh b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh index cfca955..7eddd0c 100755 --- a/bin/hardening/6.2.13_set_perm_on_user_netrc.sh +++ b/bin/hardening/6.2.13_set_perm_on_user_netrc.sh @@ -71,17 +71,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.14_find_user_rhosts_files.sh b/bin/hardening/6.2.14_find_user_rhosts_files.sh index d712bf3..b915875 100755 --- a/bin/hardening/6.2.14_find_user_rhosts_files.sh +++ b/bin/hardening/6.2.14_find_user_rhosts_files.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh b/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh index 2e99813..cee6691 100755 --- a/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh +++ b/bin/hardening/6.2.15_find_passwd_group_inconsistencies.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.16_check_duplicate_uid.sh b/bin/hardening/6.2.16_check_duplicate_uid.sh index 621d8d7..2f6400c 100755 --- a/bin/hardening/6.2.16_check_duplicate_uid.sh +++ b/bin/hardening/6.2.16_check_duplicate_uid.sh @@ -72,17 +72,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.17_check_duplicate_gid.sh b/bin/hardening/6.2.17_check_duplicate_gid.sh index 977074c..f20aa25 100755 --- a/bin/hardening/6.2.17_check_duplicate_gid.sh +++ b/bin/hardening/6.2.17_check_duplicate_gid.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.18_check_duplicate_username.sh b/bin/hardening/6.2.18_check_duplicate_username.sh index e819915..030b9e5 100755 --- a/bin/hardening/6.2.18_check_duplicate_username.sh +++ b/bin/hardening/6.2.18_check_duplicate_username.sh @@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.19_check_duplicate_groupname.sh b/bin/hardening/6.2.19_check_duplicate_groupname.sh index dd4053a..f24a059 100755 --- a/bin/hardening/6.2.19_check_duplicate_groupname.sh +++ b/bin/hardening/6.2.19_check_duplicate_groupname.sh @@ -54,17 +54,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.1_remove_empty_password_field.sh b/bin/hardening/6.2.1_remove_empty_password_field.sh index d3d404e..2e85e16 100755 --- a/bin/hardening/6.2.1_remove_empty_password_field.sh +++ b/bin/hardening/6.2.1_remove_empty_password_field.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.20_shadow_group_empty.sh b/bin/hardening/6.2.20_shadow_group_empty.sh index 4d5322d..8b6cb44 100755 --- a/bin/hardening/6.2.20_shadow_group_empty.sh +++ b/bin/hardening/6.2.20_shadow_group_empty.sh @@ -61,17 +61,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh index 6faef01..fef016d 100755 --- a/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh +++ b/bin/hardening/6.2.2_remove_legacy_passwd_entries.sh @@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.3_users_homedir_exist.sh b/bin/hardening/6.2.3_users_homedir_exist.sh index 458049c..7830ef1 100755 --- a/bin/hardening/6.2.3_users_homedir_exist.sh +++ b/bin/hardening/6.2.3_users_homedir_exist.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh b/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh index f00dfcf..a7a71ac 100755 --- a/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh +++ b/bin/hardening/6.2.4_remove_legacy_shadow_entries.sh @@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.5_remove_legacy_group_entries.sh b/bin/hardening/6.2.5_remove_legacy_group_entries.sh index 506aa61..1ae12fd 100755 --- a/bin/hardening/6.2.5_remove_legacy_group_entries.sh +++ b/bin/hardening/6.2.5_remove_legacy_group_entries.sh @@ -56,17 +56,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.6_find_0_uid_non_root_account.sh b/bin/hardening/6.2.6_find_0_uid_non_root_account.sh index 1fa7086..3666a62 100755 --- a/bin/hardening/6.2.6_find_0_uid_non_root_account.sh +++ b/bin/hardening/6.2.6_find_0_uid_non_root_account.sh @@ -74,17 +74,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.7_sanitize_root_path.sh b/bin/hardening/6.2.7_sanitize_root_path.sh index 67bdccb..fd4b056 100755 --- a/bin/hardening/6.2.7_sanitize_root_path.sh +++ b/bin/hardening/6.2.7_sanitize_root_path.sh @@ -84,17 +84,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.8_check_user_dir_perm.sh b/bin/hardening/6.2.8_check_user_dir_perm.sh index c282f90..2d83187 100755 --- a/bin/hardening/6.2.8_check_user_dir_perm.sh +++ b/bin/hardening/6.2.8_check_user_dir_perm.sh @@ -115,17 +115,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/6.2.9_users_homedir_ownership.sh b/bin/hardening/6.2.9_users_homedir_ownership.sh index 3467d49..3beeebe 100755 --- a/bin/hardening/6.2.9_users_homedir_ownership.sh +++ b/bin/hardening/6.2.9_users_homedir_ownership.sh @@ -68,17 +68,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.1.1.1_disable_cramfs.sh b/bin/hardening/99.1.1.1_disable_cramfs.sh index 78ba88f..ebab0e8 100755 --- a/bin/hardening/99.1.1.1_disable_cramfs.sh +++ b/bin/hardening/99.1.1.1_disable_cramfs.sh @@ -52,17 +52,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.1.1.23_disable_usb_devices.sh b/bin/hardening/99.1.1.23_disable_usb_devices.sh index 13da243..b3b50c6 100755 --- a/bin/hardening/99.1.1.23_disable_usb_devices.sh +++ b/bin/hardening/99.1.1.23_disable_usb_devices.sh @@ -114,17 +114,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.1.3_acc_sudoers_no_all.sh b/bin/hardening/99.1.3_acc_sudoers_no_all.sh index 6de076c..dfb80a1 100755 --- a/bin/hardening/99.1.3_acc_sudoers_no_all.sh +++ b/bin/hardening/99.1.3_acc_sudoers_no_all.sh @@ -93,17 +93,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.2.2_disable_telnet_server.sh b/bin/hardening/99.2.2_disable_telnet_server.sh index ac5d23d..f804b39 100755 --- a/bin/hardening/99.2.2_disable_telnet_server.sh +++ b/bin/hardening/99.2.2_disable_telnet_server.sh @@ -87,17 +87,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.1_install_tcp_wrapper.sh b/bin/hardening/99.3.3.1_install_tcp_wrapper.sh index 381dbfa..87247be 100755 --- a/bin/hardening/99.3.3.1_install_tcp_wrapper.sh +++ b/bin/hardening/99.3.3.1_install_tcp_wrapper.sh @@ -50,17 +50,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.2_hosts_allow.sh b/bin/hardening/99.3.3.2_hosts_allow.sh index da3e77a..c56515b 100755 --- a/bin/hardening/99.3.3.2_hosts_allow.sh +++ b/bin/hardening/99.3.3.2_hosts_allow.sh @@ -51,17 +51,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.3_hosts_deny.sh b/bin/hardening/99.3.3.3_hosts_deny.sh index a1b18e8..0a5438a 100755 --- a/bin/hardening/99.3.3.3_hosts_deny.sh +++ b/bin/hardening/99.3.3.3_hosts_deny.sh @@ -65,17 +65,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.4_hosts_allow_permissions.sh b/bin/hardening/99.3.3.4_hosts_allow_permissions.sh index 222e919..b7befb0 100755 --- a/bin/hardening/99.3.3.4_hosts_allow_permissions.sh +++ b/bin/hardening/99.3.3.4_hosts_allow_permissions.sh @@ -73,17 +73,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.3.3.5_hosts_deny_permissions.sh b/bin/hardening/99.3.3.5_hosts_deny_permissions.sh index 64220a6..7b27c3a 100755 --- a/bin/hardening/99.3.3.5_hosts_deny_permissions.sh +++ b/bin/hardening/99.3.3.5_hosts_deny_permissions.sh @@ -73,17 +73,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.4.0_enable_auditd_kernel.sh b/bin/hardening/99.4.0_enable_auditd_kernel.sh index c01c4d4..828f185 100755 --- a/bin/hardening/99.4.0_enable_auditd_kernel.sh +++ b/bin/hardening/99.4.0_enable_auditd_kernel.sh @@ -53,17 +53,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh b/bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh index e7f0392..802046f 100755 --- a/bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh +++ b/bin/hardening/99.5.2.1_ssh_auth_pubk_only.sh @@ -82,17 +82,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.2_ssh_cry_rekey.sh b/bin/hardening/99.5.2.2_ssh_cry_rekey.sh index 68a8960..782dcef 100755 --- a/bin/hardening/99.5.2.2_ssh_cry_rekey.sh +++ b/bin/hardening/99.5.2.2_ssh_cry_rekey.sh @@ -99,17 +99,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.3_ssh_disable_features.sh b/bin/hardening/99.5.2.3_ssh_disable_features.sh index 4e57b66..e6e22be 100755 --- a/bin/hardening/99.5.2.3_ssh_disable_features.sh +++ b/bin/hardening/99.5.2.3_ssh_disable_features.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.4_ssh_keys_from.sh b/bin/hardening/99.5.2.4_ssh_keys_from.sh index 274053d..073963f 100755 --- a/bin/hardening/99.5.2.4_ssh_keys_from.sh +++ b/bin/hardening/99.5.2.4_ssh_keys_from.sh @@ -178,17 +178,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.5_ssh_strict_modes.sh b/bin/hardening/99.5.2.5_ssh_strict_modes.sh index f373e56..d0bdfe9 100755 --- a/bin/hardening/99.5.2.5_ssh_strict_modes.sh +++ b/bin/hardening/99.5.2.5_ssh_strict_modes.sh @@ -83,17 +83,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.6_ssh_sys_accept_env.sh b/bin/hardening/99.5.2.6_ssh_sys_accept_env.sh index c4319d2..cac69a0 100755 --- a/bin/hardening/99.5.2.6_ssh_sys_accept_env.sh +++ b/bin/hardening/99.5.2.6_ssh_sys_accept_env.sh @@ -74,17 +74,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh b/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh index 1c57951..a7a9774 100755 --- a/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh +++ b/bin/hardening/99.5.2.7_ssh_sys_no_legacy.sh @@ -54,16 +54,16 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then - echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment, cannot source CIS_ROOT_DIR variable, aborting" +if [ -z "$CIS_LIB_DIR" ]; then + echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment, cannot source CIS_LIB_DIR variable, aborting" exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.2.8_ssh_sys_sandbox.sh b/bin/hardening/99.5.2.8_ssh_sys_sandbox.sh index e81166e..2776f48 100755 --- a/bin/hardening/99.5.2.8_ssh_sys_sandbox.sh +++ b/bin/hardening/99.5.2.8_ssh_sys_sandbox.sh @@ -82,17 +82,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh index dc04042..5bfcd6a 100755 --- a/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh +++ b/bin/hardening/99.5.4.5.1_acc_logindefs_sha512.sh @@ -62,17 +62,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh index 1e76138..8c1f9e3 100755 --- a/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh +++ b/bin/hardening/99.5.4.5.2_acc_shadow_sha512.sh @@ -69,17 +69,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/bin/hardening/99.99_check_distribution.sh b/bin/hardening/99.99_check_distribution.sh index b11c29e..252e971 100755 --- a/bin/hardening/99.99_check_distribution.sh +++ b/bin/hardening/99.99_check_distribution.sh @@ -49,17 +49,17 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "$CIS_LIB_DIR" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_LIB_DIR in /etc/default/cis-hardening" exit 128 fi diff --git a/debian/default b/debian/default index f4db83d..2283123 100644 --- a/debian/default +++ b/debian/default @@ -1,5 +1,7 @@ -# Default file for CIS Debian hardening scripts +# # Default file for CIS Debian hardening scripts # Define here root directory for CIS debian hardening scripts -CIS_ROOT_DIR='/opt/cis-hardening' - +CIS_LIB_DIR='/opt/debian-cis/lib' +CIS_CHECKS_DIR="/opt/debian-cis/bin/hardening" +CIS_CONF_DIR='/opt/debian-cis/etc' +CIS_TMP_DIR='/opt/debian-cis/tmp' diff --git a/etc/hardening.cfg b/etc/hardening.cfg index 5295017..6be4c9f 100644 --- a/etc/hardening.cfg +++ b/etc/hardening.cfg @@ -6,4 +6,4 @@ LOGLEVEL=info # Backup directory, every file modified by hardening will be backuped here, with versionning # Means that if a file is modified more than once during the process, you will have hardening step diffs in the folder -BACKUPDIR="$CIS_ROOT_DIR/tmp/backups" +BACKUPDIR="${CIS_TMP_DIR}/backups" diff --git a/lib/main.sh b/lib/main.sh index 14f77e5..0047d45 100644 --- a/lib/main.sh +++ b/lib/main.sh @@ -17,16 +17,16 @@ if [ -n "${LOGLEVEL:-}" ]; then SAVED_LOGLEVEL=$LOGLEVEL fi # shellcheck source=../etc/hardening.cfg -[ -r "$CIS_ROOT_DIR"/etc/hardening.cfg ] && . "$CIS_ROOT_DIR"/etc/hardening.cfg +[ -r "${CIS_CONF_DIR}"/hardening.cfg ] && . "${CIS_CONF_DIR}"/hardening.cfg if [ -n "$SAVED_LOGLEVEL" ]; then LOGLEVEL=$SAVED_LOGLEVEL fi # shellcheck source=../lib/common.sh -[ -r "$CIS_ROOT_DIR"/lib/common.sh ] && . "$CIS_ROOT_DIR"/lib/common.sh +[ -r "${CIS_LIB_DIR}"/common.sh ] && . "${CIS_LIB_DIR}"/common.sh # shellcheck source=../lib/utils.sh -[ -r "$CIS_ROOT_DIR"/lib/utils.sh ] && . "$CIS_ROOT_DIR"/lib/utils.sh +[ -r "${CIS_LIB_DIR}"/utils.sh ] && . "${CIS_LIB_DIR}"/utils.sh # shellcheck source=constants.sh -[ -r "$CIS_ROOT_DIR"/lib/constants.sh ] && . "$CIS_ROOT_DIR"/lib/constants.sh +[ -r "${CIS_LIB_DIR}"/constants.sh ] && . "${CIS_LIB_DIR}"/constants.sh # Environment Sanitizing export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' @@ -59,7 +59,7 @@ while [[ $# -gt 0 ]]; do BATCH_MODE=1 LOGLEVEL=ok # shellcheck source=../lib/common.sh - [ -r "$CIS_ROOT_DIR"/lib/common.sh ] && . "$CIS_ROOT_DIR"/lib/common.sh + [ -r "${CIS_LIB_DIR}"/common.sh ] && . "${CIS_LIB_DIR}"/common.sh ;; *) debug "Unknown option passed" @@ -72,25 +72,25 @@ info "Working on $SCRIPT_NAME" info "[DESCRIPTION] $DESCRIPTION" # Source specific configuration file -if ! [ -r "$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg ]; then +if ! [ -r "${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg ]; then # If it doesn't exist, create it with default values - echo "# Configuration for $SCRIPT_NAME, created from default values on $(date)" >"$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg + echo "# Configuration for $SCRIPT_NAME, created from default values on $(date)" >"${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg # If create_config is a defined function, execute it. # Otherwise, just disable the test by default. if type -t create_config | grep -qw function; then - create_config >>"$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg + create_config >>"${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg else - echo "status=audit" >>"$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg + echo "status=audit" >>"${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg fi fi if [ "$forcedstatus" = "createconfig" ]; then - debug "$CIS_ROOT_DIR/etc/conf.d/$SCRIPT_NAME.cfg has been created" + debug "${CIS_CONF_DIR}/conf.d/$SCRIPT_NAME.cfg has been created" exit 0 fi # shellcheck source=/dev/null -[ -r "$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg ] && . "$CIS_ROOT_DIR"/etc/conf.d/"$SCRIPT_NAME".cfg +[ -r "${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg ] && . "${CIS_CONF_DIR}"/conf.d/"$SCRIPT_NAME".cfg # Now check configured value for status, and potential cmdline parameter if [ "$forcedstatus" = "auditall" ]; then diff --git a/src/skel b/src/skel index 74dd5ba..595bbe3 100644 --- a/src/skel +++ b/src/skel @@ -32,18 +32,18 @@ if [ -r /etc/default/cis-hardening ]; then # shellcheck source=../../debian/default . /etc/default/cis-hardening fi -if [ -z "$CIS_ROOT_DIR" ]; then +if [ -z "${CIS_LIB_DIR}" ]; then echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment." - echo "Cannot source CIS_ROOT_DIR variable, aborting." + echo "Cannot source CIS_LIB_DIR variable, aborting." exit 128 fi # Main function, will call the proper functions given the configuration (audit, enabled, disabled) -if [ -r "$CIS_ROOT_DIR"/lib/main.sh ]; then +if [ -r "${CIS_LIB_DIR}"/main.sh ]; then # shellcheck source=../../lib/main.sh - . "$CIS_ROOT_DIR"/lib/main.sh + . "${CIS_LIB_DIR}"/main.sh else - echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening" + echo "Cannot find main.sh, have you correctly defined your root directory? Current value is ${CIS_LIB_DIR} in /etc/default/cis-hardening" exit 128 fi diff --git a/tests/hardening/1.1.1.1_disable_freevxfs.sh b/tests/hardening/1.1.1.1_disable_freevxfs.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/1.1.1.1_disable_freevxfs.sh +++ b/tests/hardening/1.1.1.1_disable_freevxfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.2_disable_jffs2.sh b/tests/hardening/1.1.1.2_disable_jffs2.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/1.1.1.2_disable_jffs2.sh +++ b/tests/hardening/1.1.1.2_disable_jffs2.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.3_disable_hfs.sh b/tests/hardening/1.1.1.3_disable_hfs.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/1.1.1.3_disable_hfs.sh +++ b/tests/hardening/1.1.1.3_disable_hfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.4_disable_hfsplus.sh b/tests/hardening/1.1.1.4_disable_hfsplus.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/1.1.1.4_disable_hfsplus.sh +++ b/tests/hardening/1.1.1.4_disable_hfsplus.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.5_disable_squashfs.sh b/tests/hardening/1.1.1.5_disable_squashfs.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/1.1.1.5_disable_squashfs.sh +++ b/tests/hardening/1.1.1.5_disable_squashfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.6_disable_udf.sh b/tests/hardening/1.1.1.6_disable_udf.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/1.1.1.6_disable_udf.sh +++ b/tests/hardening/1.1.1.6_disable_udf.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.7_restrict_fat.sh b/tests/hardening/1.1.1.7_restrict_fat.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/1.1.1.7_restrict_fat.sh +++ b/tests/hardening/1.1.1.7_restrict_fat.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.1.8_disable_cramfs.sh b/tests/hardening/1.1.1.8_disable_cramfs.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/1.1.1.8_disable_cramfs.sh +++ b/tests/hardening/1.1.1.8_disable_cramfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/1.1.10_var_tmp_noexec.sh b/tests/hardening/1.1.10_var_tmp_noexec.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.10_var_tmp_noexec.sh +++ b/tests/hardening/1.1.10_var_tmp_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.11.1_var_log_noexec.sh b/tests/hardening/1.1.11.1_var_log_noexec.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.11.1_var_log_noexec.sh +++ b/tests/hardening/1.1.11.1_var_log_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.11.2_var_log_nosuid.sh b/tests/hardening/1.1.11.2_var_log_nosuid.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.11.2_var_log_nosuid.sh +++ b/tests/hardening/1.1.11.2_var_log_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.11.3_var_log_nodev.sh b/tests/hardening/1.1.11.3_var_log_nodev.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.11.3_var_log_nodev.sh +++ b/tests/hardening/1.1.11.3_var_log_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.11_var_log_partition.sh b/tests/hardening/1.1.11_var_log_partition.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.11_var_log_partition.sh +++ b/tests/hardening/1.1.11_var_log_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.12.1_var_log_audit_noexec.sh b/tests/hardening/1.1.12.1_var_log_audit_noexec.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.12.1_var_log_audit_noexec.sh +++ b/tests/hardening/1.1.12.1_var_log_audit_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.12.2_var_log_audit_nosuid.sh b/tests/hardening/1.1.12.2_var_log_audit_nosuid.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.12.2_var_log_audit_nosuid.sh +++ b/tests/hardening/1.1.12.2_var_log_audit_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.12.3_var_log_audit_nodev.sh b/tests/hardening/1.1.12.3_var_log_audit_nodev.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.12.3_var_log_audit_nodev.sh +++ b/tests/hardening/1.1.12.3_var_log_audit_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.12_var_log_audit_partition.sh b/tests/hardening/1.1.12_var_log_audit_partition.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.12_var_log_audit_partition.sh +++ b/tests/hardening/1.1.12_var_log_audit_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.13_home_partition.sh b/tests/hardening/1.1.13_home_partition.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.13_home_partition.sh +++ b/tests/hardening/1.1.13_home_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.14.1_home_nosuid.sh b/tests/hardening/1.1.14.1_home_nosuid.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.14.1_home_nosuid.sh +++ b/tests/hardening/1.1.14.1_home_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.14_home_nodev.sh b/tests/hardening/1.1.14_home_nodev.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.14_home_nodev.sh +++ b/tests/hardening/1.1.14_home_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.15_run_shm_nodev.sh b/tests/hardening/1.1.15_run_shm_nodev.sh index 59edddb..6106ad3 100644 --- a/tests/hardening/1.1.15_run_shm_nodev.sh +++ b/tests/hardening/1.1.15_run_shm_nodev.sh @@ -4,19 +4,19 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ln -s /dev/shm /run/shm describe Partition symlink register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "dummy entry" >>/etc/fstab describe Fstab with a real entry to match runtime partitions register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup rm /run/shm diff --git a/tests/hardening/1.1.16_run_shm_nosuid.sh b/tests/hardening/1.1.16_run_shm_nosuid.sh index 59edddb..6106ad3 100644 --- a/tests/hardening/1.1.16_run_shm_nosuid.sh +++ b/tests/hardening/1.1.16_run_shm_nosuid.sh @@ -4,19 +4,19 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ln -s /dev/shm /run/shm describe Partition symlink register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "dummy entry" >>/etc/fstab describe Fstab with a real entry to match runtime partitions register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup rm /run/shm diff --git a/tests/hardening/1.1.17_run_shm_noexec.sh b/tests/hardening/1.1.17_run_shm_noexec.sh index 59edddb..6106ad3 100644 --- a/tests/hardening/1.1.17_run_shm_noexec.sh +++ b/tests/hardening/1.1.17_run_shm_noexec.sh @@ -4,19 +4,19 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ln -s /dev/shm /run/shm describe Partition symlink register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "dummy entry" >>/etc/fstab describe Fstab with a real entry to match runtime partitions register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup rm /run/shm diff --git a/tests/hardening/1.1.18_removable_device_nodev.sh b/tests/hardening/1.1.18_removable_device_nodev.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.18_removable_device_nodev.sh +++ b/tests/hardening/1.1.18_removable_device_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.19_removable_device_nosuid.sh b/tests/hardening/1.1.19_removable_device_nosuid.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.19_removable_device_nosuid.sh +++ b/tests/hardening/1.1.19_removable_device_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.20_removable_device_noexec.sh b/tests/hardening/1.1.20_removable_device_noexec.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.20_removable_device_noexec.sh +++ b/tests/hardening/1.1.20_removable_device_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh b/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh index 601fe15..cda95d2 100644 --- a/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh +++ b/tests/hardening/1.1.21_sticky_bit_world_writable_folder.sh @@ -3,9 +3,9 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS /home/secaudit/exception"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS /home/secaudit/exception"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" mkdir /home/secaudit/exception chmod 777 /home/secaudit/exception @@ -13,7 +13,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "All world writable directories have a sticky bit" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetdir="/home/secaudit/world_writable_folder" @@ -21,21 +21,21 @@ test_audit() { chmod 777 "$targetdir" register_test retvalshouldbe 1 register_test contain "Some world writable directories are not on sticky bit mode" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some world writable directories are not on sticky bit mode" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All world writable directories have a sticky bit" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.1.22_disable_automounting.sh b/tests/hardening/1.1.22_disable_automounting.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.22_disable_automounting.sh +++ b/tests/hardening/1.1.22_disable_automounting.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.23_disable_usb_storage.sh b/tests/hardening/1.1.23_disable_usb_storage.sh index a576fcb..eb94204 100644 --- a/tests/hardening/1.1.23_disable_usb_storage.sh +++ b/tests/hardening/1.1.23_disable_usb_storage.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.2_tmp_partition.sh b/tests/hardening/1.1.2_tmp_partition.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.2_tmp_partition.sh +++ b/tests/hardening/1.1.2_tmp_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.3_tmp_nodev.sh b/tests/hardening/1.1.3_tmp_nodev.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.3_tmp_nodev.sh +++ b/tests/hardening/1.1.3_tmp_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.4_tmp_nosuid.sh b/tests/hardening/1.1.4_tmp_nosuid.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.4_tmp_nosuid.sh +++ b/tests/hardening/1.1.4_tmp_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.5_tmp_noexec.sh b/tests/hardening/1.1.5_tmp_noexec.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.5_tmp_noexec.sh +++ b/tests/hardening/1.1.5_tmp_noexec.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.6.1_var_nodev.sh b/tests/hardening/1.1.6.1_var_nodev.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.6.1_var_nodev.sh +++ b/tests/hardening/1.1.6.1_var_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.6.2_var_nosuid.sh b/tests/hardening/1.1.6.2_var_nosuid.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.6.2_var_nosuid.sh +++ b/tests/hardening/1.1.6.2_var_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.6_var_partition.sh b/tests/hardening/1.1.6_var_partition.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.6_var_partition.sh +++ b/tests/hardening/1.1.6_var_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.7_var_tmp_partition.sh b/tests/hardening/1.1.7_var_tmp_partition.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.7_var_tmp_partition.sh +++ b/tests/hardening/1.1.7_var_tmp_partition.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.8_var_tmp_nodev.sh b/tests/hardening/1.1.8_var_tmp_nodev.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.8_var_tmp_nodev.sh +++ b/tests/hardening/1.1.8_var_tmp_nodev.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.1.9_var_tmp_nosuid.sh b/tests/hardening/1.1.9_var_tmp_nosuid.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.1.9_var_tmp_nosuid.sh +++ b/tests/hardening/1.1.9_var_tmp_nosuid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.3.1_install_sudo.sh b/tests/hardening/1.3.1_install_sudo.sh index 38538e1..27b4b81 100644 --- a/tests/hardening/1.3.1_install_sudo.sh +++ b/tests/hardening/1.3.1_install_sudo.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "sudo is installed" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.3.2_pty_sudo.sh b/tests/hardening/1.3.2_pty_sudo.sh index 2827308..25d3649 100644 --- a/tests/hardening/1.3.2_pty_sudo.sh +++ b/tests/hardening/1.3.2_pty_sudo.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Defaults use_pty found in sudoers file" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.3.3_logfile_sudo.sh b/tests/hardening/1.3.3_logfile_sudo.sh index 033e80c..4eb653a 100644 --- a/tests/hardening/1.3.3_logfile_sudo.sh +++ b/tests/hardening/1.3.3_logfile_sudo.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Defaults log file found in sudoers file" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.4.1_install_tripwire.sh b/tests/hardening/1.4.1_install_tripwire.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.4.1_install_tripwire.sh +++ b/tests/hardening/1.4.1_install_tripwire.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.4.2_tripwire_cron.sh b/tests/hardening/1.4.2_tripwire_cron.sh index d21be3d..6cf550e 100644 --- a/tests/hardening/1.4.2_tripwire_cron.sh +++ b/tests/hardening/1.4.2_tripwire_cron.sh @@ -4,12 +4,12 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 1 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking auto resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/1.5.1_bootloader_ownership.sh b/tests/hardening/1.5.1_bootloader_ownership.sh index af007f7..f92d5f1 100644 --- a/tests/hardening/1.5.1_bootloader_ownership.sh +++ b/tests/hardening/1.5.1_bootloader_ownership.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.5.2_bootloader_password.sh b/tests/hardening/1.5.2_bootloader_password.sh index af007f7..f92d5f1 100644 --- a/tests/hardening/1.5.2_bootloader_password.sh +++ b/tests/hardening/1.5.2_bootloader_password.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.5.3_root_password.sh b/tests/hardening/1.5.3_root_password.sh index af007f7..f92d5f1 100644 --- a/tests/hardening/1.5.3_root_password.sh +++ b/tests/hardening/1.5.3_root_password.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.6.1_enable_nx_support.sh b/tests/hardening/1.6.1_enable_nx_support.sh index af007f7..f92d5f1 100644 --- a/tests/hardening/1.6.1_enable_nx_support.sh +++ b/tests/hardening/1.6.1_enable_nx_support.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.6.2_enable_randomized_vm_placement.sh b/tests/hardening/1.6.2_enable_randomized_vm_placement.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.6.2_enable_randomized_vm_placement.sh +++ b/tests/hardening/1.6.2_enable_randomized_vm_placement.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.6.3.1_disable_apport.sh b/tests/hardening/1.6.3.1_disable_apport.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.6.3.1_disable_apport.sh +++ b/tests/hardening/1.6.3.1_disable_apport.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.6.3_disable_prelink.sh b/tests/hardening/1.6.3_disable_prelink.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.6.3_disable_prelink.sh +++ b/tests/hardening/1.6.3_disable_prelink.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/1.6.4_restrict_core_dumps.sh b/tests/hardening/1.6.4_restrict_core_dumps.sh index 43c5299..a269894 100644 --- a/tests/hardening/1.6.4_restrict_core_dumps.sh +++ b/tests/hardening/1.6.4_restrict_core_dumps.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/1.7.1.1_install_apparmor.sh b/tests/hardening/1.7.1.1_install_apparmor.sh index 818f94a..2447dbf 100644 --- a/tests/hardening/1.7.1.1_install_apparmor.sh +++ b/tests/hardening/1.7.1.1_install_apparmor.sh @@ -8,15 +8,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "is installed" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/1.7.1.2_enable_apparmor.sh b/tests/hardening/1.7.1.2_enable_apparmor.sh index 2d3c584..19e24a1 100644 --- a/tests/hardening/1.7.1.2_enable_apparmor.sh +++ b/tests/hardening/1.7.1.2_enable_apparmor.sh @@ -8,15 +8,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "are configured" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh b/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh index 6f9b730..5f7d28e 100644 --- a/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh +++ b/tests/hardening/1.7.1.3_enforce_or_complain_apparmor.sh @@ -8,15 +8,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No profiles are unconfined" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/1.7.1.4_enforcing_apparmor.sh b/tests/hardening/1.7.1.4_enforcing_apparmor.sh index 6f9b730..5f7d28e 100644 --- a/tests/hardening/1.7.1.4_enforcing_apparmor.sh +++ b/tests/hardening/1.7.1.4_enforcing_apparmor.sh @@ -8,15 +8,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No profiles are unconfined" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/1.8.1.1_remove_os_info_motd.sh b/tests/hardening/1.8.1.1_remove_os_info_motd.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/1.8.1.1_remove_os_info_motd.sh +++ b/tests/hardening/1.8.1.1_remove_os_info_motd.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/1.8.1.2_remove_os_info_issue.sh b/tests/hardening/1.8.1.2_remove_os_info_issue.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/1.8.1.2_remove_os_info_issue.sh +++ b/tests/hardening/1.8.1.2_remove_os_info_issue.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/1.8.1.3_remove_os_info_issue_net.sh b/tests/hardening/1.8.1.3_remove_os_info_issue_net.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/1.8.1.3_remove_os_info_issue_net.sh +++ b/tests/hardening/1.8.1.3_remove_os_info_issue_net.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/1.8.1.4_motd_perms.sh b/tests/hardening/1.8.1.4_motd_perms.sh index 7b0cf63..ebfc47b 100644 --- a/tests/hardening/1.8.1.4_motd_perms.sh +++ b/tests/hardening/1.8.1.4_motd_perms.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="motd-user" local test_file="/etc/motd" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/1.8.1.5_etc_issue_perms.sh b/tests/hardening/1.8.1.5_etc_issue_perms.sh index 4ad468c..a5745a0 100644 --- a/tests/hardening/1.8.1.5_etc_issue_perms.sh +++ b/tests/hardening/1.8.1.5_etc_issue_perms.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="issue-user" local test_file="/etc/issue" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/1.8.1.6_etc_issue_net_perms.sh b/tests/hardening/1.8.1.6_etc_issue_net_perms.sh index d1e0c6f..ba9b6f0 100644 --- a/tests/hardening/1.8.1.6_etc_issue_net_perms.sh +++ b/tests/hardening/1.8.1.6_etc_issue_net_perms.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="issue-net-user" local test_file="/etc/issue.net" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/1.8.2_graphical_warning_banners.sh b/tests/hardening/1.8.2_graphical_warning_banners.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/1.8.2_graphical_warning_banners.sh +++ b/tests/hardening/1.8.2_graphical_warning_banners.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/1.9_install_updates.sh b/tests/hardening/1.9_install_updates.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/1.9_install_updates.sh +++ b/tests/hardening/1.9_install_updates.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.1.1_disable_xinetd.sh b/tests/hardening/2.1.1_disable_xinetd.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.1.1_disable_xinetd.sh +++ b/tests/hardening/2.1.1_disable_xinetd.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.1.1_use_time_sync.sh b/tests/hardening/2.2.1.1_use_time_sync.sh index 6c32584..dc32b03 100644 --- a/tests/hardening/2.2.1.1_use_time_sync.sh +++ b/tests/hardening/2.2.1.1_use_time_sync.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 1 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation apt-get update @@ -15,5 +15,5 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Time synchronization is available through" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh b/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh +++ b/tests/hardening/2.2.1.2_configure_systemd-timesyncd.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.1.3_configure_chrony.sh b/tests/hardening/2.2.1.3_configure_chrony.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/2.2.1.3_configure_chrony.sh +++ b/tests/hardening/2.2.1.3_configure_chrony.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.1.4_configure_ntp.sh b/tests/hardening/2.2.1.4_configure_ntp.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/2.2.1.4_configure_ntp.sh +++ b/tests/hardening/2.2.1.4_configure_ntp.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.10_disable_http_server.sh b/tests/hardening/2.2.10_disable_http_server.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.10_disable_http_server.sh +++ b/tests/hardening/2.2.10_disable_http_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.11_disable_imap_pop.sh b/tests/hardening/2.2.11_disable_imap_pop.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.11_disable_imap_pop.sh +++ b/tests/hardening/2.2.11_disable_imap_pop.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.12_disable_samba.sh b/tests/hardening/2.2.12_disable_samba.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.12_disable_samba.sh +++ b/tests/hardening/2.2.12_disable_samba.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.13_disable_http_proxy.sh b/tests/hardening/2.2.13_disable_http_proxy.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.13_disable_http_proxy.sh +++ b/tests/hardening/2.2.13_disable_http_proxy.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.14_disable_snmp_server.sh b/tests/hardening/2.2.14_disable_snmp_server.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.14_disable_snmp_server.sh +++ b/tests/hardening/2.2.14_disable_snmp_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.15_mta_localhost.sh b/tests/hardening/2.2.15_mta_localhost.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/2.2.15_mta_localhost.sh +++ b/tests/hardening/2.2.15_mta_localhost.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.16_disable_rsync.sh b/tests/hardening/2.2.16_disable_rsync.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/2.2.16_disable_rsync.sh +++ b/tests/hardening/2.2.16_disable_rsync.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/2.2.17_disable_nis.sh b/tests/hardening/2.2.17_disable_nis.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.17_disable_nis.sh +++ b/tests/hardening/2.2.17_disable_nis.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.2_disable_xwindow_system.sh b/tests/hardening/2.2.2_disable_xwindow_system.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.2_disable_xwindow_system.sh +++ b/tests/hardening/2.2.2_disable_xwindow_system.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.3_disable_avahi_server.sh b/tests/hardening/2.2.3_disable_avahi_server.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.3_disable_avahi_server.sh +++ b/tests/hardening/2.2.3_disable_avahi_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.4_disable_print_server.sh b/tests/hardening/2.2.4_disable_print_server.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.4_disable_print_server.sh +++ b/tests/hardening/2.2.4_disable_print_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.5_disable_dhcp.sh b/tests/hardening/2.2.5_disable_dhcp.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.5_disable_dhcp.sh +++ b/tests/hardening/2.2.5_disable_dhcp.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.6_disable_ldap.sh b/tests/hardening/2.2.6_disable_ldap.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.6_disable_ldap.sh +++ b/tests/hardening/2.2.6_disable_ldap.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.7_disable_nfs_rpc.sh b/tests/hardening/2.2.7_disable_nfs_rpc.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.7_disable_nfs_rpc.sh +++ b/tests/hardening/2.2.7_disable_nfs_rpc.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.8_disable_dns_server.sh b/tests/hardening/2.2.8_disable_dns_server.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.8_disable_dns_server.sh +++ b/tests/hardening/2.2.8_disable_dns_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.2.9_disable_ftp.sh b/tests/hardening/2.2.9_disable_ftp.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.2.9_disable_ftp.sh +++ b/tests/hardening/2.2.9_disable_ftp.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.1_disable_nis.sh b/tests/hardening/2.3.1_disable_nis.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.3.1_disable_nis.sh +++ b/tests/hardening/2.3.1_disable_nis.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.2_disable_rsh_client.sh b/tests/hardening/2.3.2_disable_rsh_client.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.3.2_disable_rsh_client.sh +++ b/tests/hardening/2.3.2_disable_rsh_client.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.3_disable_talk_client.sh b/tests/hardening/2.3.3_disable_talk_client.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.3.3_disable_talk_client.sh +++ b/tests/hardening/2.3.3_disable_talk_client.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.4_disable_telnet_client.sh b/tests/hardening/2.3.4_disable_telnet_client.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.3.4_disable_telnet_client.sh +++ b/tests/hardening/2.3.4_disable_telnet_client.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/2.3.5_disable_ldap_client.sh b/tests/hardening/2.3.5_disable_ldap_client.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/2.3.5_disable_ldap_client.sh +++ b/tests/hardening/2.3.5_disable_ldap_client.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/3.1.1_disable_ipv6.sh b/tests/hardening/3.1.1_disable_ipv6.sh index 78c6caf..bce0735 100644 --- a/tests/hardening/3.1.1_disable_ipv6.sh +++ b/tests/hardening/3.1.1_disable_ipv6.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -14,16 +14,16 @@ test_audit() { sysctl -w net.ipv6.conf.all.disable_ipv6=0 2>/dev/null register_test retvalshouldbe 1 register_test contain "net.ipv6.conf.all.disable_ipv6 was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv6.conf.all.disable_ipv6 correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.1.2_disable_wireless.sh b/tests/hardening/3.1.2_disable_wireless.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/3.1.2_disable_wireless.sh +++ b/tests/hardening/3.1.2_disable_wireless.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/3.2.1_disable_send_packet_redirects.sh b/tests/hardening/3.2.1_disable_send_packet_redirects.sh index 9c90955..30b5ff5 100644 --- a/tests/hardening/3.2.1_disable_send_packet_redirects.sh +++ b/tests/hardening/3.2.1_disable_send_packet_redirects.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -14,16 +14,16 @@ test_audit() { sysctl -w net.ipv4.conf.all.send_redirects=1 2>/dev/null register_test retvalshouldbe 1 register_test contain "net.ipv4.conf.all.send_redirects was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv4.conf.all.send_redirects correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.2.2_disable_ip_forwarding.sh b/tests/hardening/3.2.2_disable_ip_forwarding.sh index c308095..a4e3af0 100644 --- a/tests/hardening/3.2.2_disable_ip_forwarding.sh +++ b/tests/hardening/3.2.2_disable_ip_forwarding.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -14,16 +14,16 @@ test_audit() { sysctl -w net.ipv4.ip_forward=1 2>/dev/null register_test retvalshouldbe 1 register_test contain "net.ipv4.ip_forward was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv4.ip_forward correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.1_disable_source_routed_packets.sh b/tests/hardening/3.3.1_disable_source_routed_packets.sh index ba30f84..22d560c 100644 --- a/tests/hardening/3.3.1_disable_source_routed_packets.sh +++ b/tests/hardening/3.3.1_disable_source_routed_packets.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -18,11 +18,11 @@ test_audit() { register_test contain "net.ipv6.conf.all.accept_source_route was not set to 0" register_test contain "net.ipv6.conf.default.accept_source was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 @@ -31,6 +31,6 @@ test_audit() { register_test contain "net.ipv4.conf.default.accept_source_route correctly set to 0" register_test contain "net.ipv6.conf.all.accept_source_route correctly set to 0" register_test contain "net.ipv6.conf.default.accept_source correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.2_disable_icmp_redirect.sh b/tests/hardening/3.3.2_disable_icmp_redirect.sh index c83cbaa..141de9a 100644 --- a/tests/hardening/3.3.2_disable_icmp_redirect.sh +++ b/tests/hardening/3.3.2_disable_icmp_redirect.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -18,11 +18,11 @@ test_audit() { register_test contain "net.ipv6.conf.all.accept_redirects was not set to 0" register_test contain "net.ipv6.conf.default.accept_redirects was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 @@ -31,6 +31,6 @@ test_audit() { register_test contain "net.ipv4.conf.default.accept_redirects correctly set to 0" register_test contain "net.ipv6.conf.all.accept_redirects correctly set to 0" register_test contain "net.ipv6.conf.default.accept_redirects correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.3_disable_secure_icmp_redirect.sh b/tests/hardening/3.3.3_disable_secure_icmp_redirect.sh index 688137a..ad0428e 100644 --- a/tests/hardening/3.3.3_disable_secure_icmp_redirect.sh +++ b/tests/hardening/3.3.3_disable_secure_icmp_redirect.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -16,17 +16,17 @@ test_audit() { register_test contain "net.ipv4.conf.all.secure_redirects was not set to 0" register_test contain "net.ipv4.conf.default.secure_redirects=0 was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv4.conf.all.secure_redirects correctly set to 0" register_test contain "net.ipv4.conf.default.secure_redirects correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.4_log_martian_packets.sh b/tests/hardening/3.3.4_log_martian_packets.sh index 4dbbafe..ed1c4e0 100644 --- a/tests/hardening/3.3.4_log_martian_packets.sh +++ b/tests/hardening/3.3.4_log_martian_packets.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -16,17 +16,17 @@ test_audit() { register_test contain "net.ipv4.conf.all.log_martians was not set to 1" register_test contain "net.ipv4.conf.default.log_martians was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv4.conf.all.log_martians correctly set to 1" register_test contain " net.ipv4.conf.default.log_martians correctly set to 1" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.5_ignore_broadcast_requests.sh b/tests/hardening/3.3.5_ignore_broadcast_requests.sh index a88ac4a..cf68080 100644 --- a/tests/hardening/3.3.5_ignore_broadcast_requests.sh +++ b/tests/hardening/3.3.5_ignore_broadcast_requests.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -15,16 +15,16 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "net.ipv4.icmp_echo_ignore_broadcasts was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv4.icmp_echo_ignore_broadcasts correctly set to 1" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.6_enable_bad_error_message_protection.sh b/tests/hardening/3.3.6_enable_bad_error_message_protection.sh index 1aa17eb..d08f59e 100644 --- a/tests/hardening/3.3.6_enable_bad_error_message_protection.sh +++ b/tests/hardening/3.3.6_enable_bad_error_message_protection.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -15,16 +15,16 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "net.ipv4.icmp_ignore_bogus_error_responses was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv4.icmp_ignore_bogus_error_responses correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.7_enable_source_route_validation.sh b/tests/hardening/3.3.7_enable_source_route_validation.sh index 16c04d7..254d060 100644 --- a/tests/hardening/3.3.7_enable_source_route_validation.sh +++ b/tests/hardening/3.3.7_enable_source_route_validation.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -16,17 +16,17 @@ test_audit() { register_test contain "net.ipv4.conf.all.rp_filter was not set to 1" register_test contain "net.ipv4.conf.default.rp_filter was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv4.conf.all.rp_filter correctly set to 1" register_test contain "net.ipv4.conf.default.rp_filter correctly set to 1" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.8_enable_tcp_syn_cookies.sh b/tests/hardening/3.3.8_enable_tcp_syn_cookies.sh index a45c03d..7561c20 100644 --- a/tests/hardening/3.3.8_enable_tcp_syn_cookies.sh +++ b/tests/hardening/3.3.8_enable_tcp_syn_cookies.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -15,17 +15,17 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "net.ipv4.tcp_syncookies was not set to 1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 1" register_test contain "net.ipv4.tcp_syncookies correctly set to 1" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh b/tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh index f424d6e..24740e7 100644 --- a/tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh +++ b/tests/hardening/3.3.9_disable_ipv6_router_advertisement.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all if [ -f "/.dockerenv" ]; then skip "SKIPPED on docker" @@ -16,17 +16,17 @@ test_audit() { register_test contain " net.ipv6.conf.all.accept_ra was not set to 0" register_test contain "net.ipv6.conf.default.accept_ra was not set to 0" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "correctly set to 0" register_test contain "net.ipv6.conf.all.accept_ra correctly set to 0" register_test contain "net.ipv6.conf.default.accept_ra correctly set to 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi } diff --git a/tests/hardening/3.4.1_disable_dccp.sh b/tests/hardening/3.4.1_disable_dccp.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/3.4.1_disable_dccp.sh +++ b/tests/hardening/3.4.1_disable_dccp.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/3.4.2_disable_sctp.sh b/tests/hardening/3.4.2_disable_sctp.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/3.4.2_disable_sctp.sh +++ b/tests/hardening/3.4.2_disable_sctp.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/3.4.3_disable_rds.sh b/tests/hardening/3.4.3_disable_rds.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/3.4.3_disable_rds.sh +++ b/tests/hardening/3.4.3_disable_rds.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/3.4.4_disable_tipc.sh b/tests/hardening/3.4.4_disable_tipc.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/3.4.4_disable_tipc.sh +++ b/tests/hardening/3.4.4_disable_tipc.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/3.5.1.1_enable_firewall.sh b/tests/hardening/3.5.1.1_enable_firewall.sh index 02985c7..74aab48 100644 --- a/tests/hardening/3.5.1.1_enable_firewall.sh +++ b/tests/hardening/3.5.1.1_enable_firewall.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 1 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation apt-get update @@ -14,6 +14,6 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "provides firewalling feature" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh b/tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh index 81d5b79..1a74fc0 100644 --- a/tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh +++ b/tests/hardening/3.5.4.1.1_net_fw_default_policy_drop.sh @@ -5,6 +5,6 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # Do not run any check, iptables do not work in a docker - #run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + #run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/4.1.1.1_install_auditd.sh b/tests/hardening/4.1.1.1_install_auditd.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/4.1.1.1_install_auditd.sh +++ b/tests/hardening/4.1.1.1_install_auditd.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/4.1.1.2_enable_auditd.sh b/tests/hardening/4.1.1.2_enable_auditd.sh index a88d6cc..421b1ce 100644 --- a/tests/hardening/4.1.1.2_enable_auditd.sh +++ b/tests/hardening/4.1.1.2_enable_auditd.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] auditd is enabled" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.1.3_audit_bootloader.sh b/tests/hardening/4.1.1.3_audit_bootloader.sh index af007f7..f92d5f1 100644 --- a/tests/hardening/4.1.1.3_audit_bootloader.sh +++ b/tests/hardening/4.1.1.3_audit_bootloader.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/4.1.1.4_audit_backlog_limit.sh b/tests/hardening/4.1.1.4_audit_backlog_limit.sh index af007f7..f92d5f1 100644 --- a/tests/hardening/4.1.1.4_audit_backlog_limit.sh +++ b/tests/hardening/4.1.1.4_audit_backlog_limit.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/4.1.10_record_failed_access_file.sh b/tests/hardening/4.1.10_record_failed_access_file.sh index 75adaaf..f42bbc4 100644 --- a/tests/hardening/4.1.10_record_failed_access_file.sh +++ b/tests/hardening/4.1.10_record_failed_access_file.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -18,5 +18,5 @@ test_audit() { register_test contain "[ OK ] -a always,exit -F arch=b64 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S creat -S open -S openat -S truncate -S ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -k access is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.11_record_privileged_commands.sh b/tests/hardening/4.1.11_record_privileged_commands.sh index f189e40..c3780e8 100644 --- a/tests/hardening/4.1.11_record_privileged_commands.sh +++ b/tests/hardening/4.1.11_record_privileged_commands.sh @@ -5,13 +5,13 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.12_record_successful_mount.sh b/tests/hardening/4.1.12_record_successful_mount.sh index 60fb561..de682bf 100644 --- a/tests/hardening/4.1.12_record_successful_mount.sh +++ b/tests/hardening/4.1.12_record_successful_mount.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=4294967295 -k mounts is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.13_record_file_deletions.sh b/tests/hardening/4.1.13_record_file_deletions.sh index 0d0abde..43e0895 100644 --- a/tests/hardening/4.1.13_record_file_deletions.sh +++ b/tests/hardening/4.1.13_record_file_deletions.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.14_record_sudoers_edit.sh b/tests/hardening/4.1.14_record_sudoers_edit.sh index 6507a58..c454b25 100644 --- a/tests/hardening/4.1.14_record_sudoers_edit.sh +++ b/tests/hardening/4.1.14_record_sudoers_edit.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /etc/sudoers -p wa -k sudoers is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/sudoers.d/ -p wa -k sudoers is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.15_record_sudo_usage.sh b/tests/hardening/4.1.15_record_sudo_usage.sh index 5846675..aab6ea3 100644 --- a/tests/hardening/4.1.15_record_sudo_usage.sh +++ b/tests/hardening/4.1.15_record_sudo_usage.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /var/log/auth.log -p wa -k sudoaction is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.16_record_kernel_modules.sh b/tests/hardening/4.1.16_record_kernel_modules.sh index d8fdd8b..208384d 100644 --- a/tests/hardening/4.1.16_record_kernel_modules.sh +++ b/tests/hardening/4.1.16_record_kernel_modules.sh @@ -5,16 +5,16 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /sbin/rmmod -p x -k modules is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /sbin/modprobe -p x -k modules is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b64 -S init_module -S delete_module -k modules is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.17_freeze_auditd_conf.sh b/tests/hardening/4.1.17_freeze_auditd_conf.sh index 037dcc6..1a92075 100644 --- a/tests/hardening/4.1.17_freeze_auditd_conf.sh +++ b/tests/hardening/4.1.17_freeze_auditd_conf.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -e 2 is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.2.1_audit_log_storage.sh b/tests/hardening/4.1.2.1_audit_log_storage.sh index f6927c9..8aaab9f 100644 --- a/tests/hardening/4.1.2.1_audit_log_storage.sh +++ b/tests/hardening/4.1.2.1_audit_log_storage.sh @@ -7,14 +7,14 @@ test_audit() { mkdir -p /etc/audit touch /etc/audit/auditd.conf # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] max_log_file is present in /etc/audit/auditd.conf" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.2.2_halt_when_audit_log_full.sh b/tests/hardening/4.1.2.2_halt_when_audit_log_full.sh index 2ca9174..0021ebc 100644 --- a/tests/hardening/4.1.2.2_halt_when_audit_log_full.sh +++ b/tests/hardening/4.1.2.2_halt_when_audit_log_full.sh @@ -7,18 +7,18 @@ test_audit() { mkdir -p /etc/audit touch /etc/audit/auditd.conf # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" # to avoid error during auditd installation in 4.1.1.2, only necessary during tests - sed -i "s/OPTIONS='/OPTIONS='space_left=100 admin_space_left=50 /" /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i "s/OPTIONS='/OPTIONS='space_left=100 admin_space_left=50 /" "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^space_left_action[[:space:]]*=[[:space:]]*email is present in /etc/audit/auditd.conf" register_test contain "[ OK ] ^action_mail_acct[[:space:]]*=[[:space:]]*root is present in /etc/audit/auditd.conf" register_test contain "[ OK ] ^admin_space_left_action[[:space:]]*=[[:space:]]*halt is present in /etc/audit/auditd.conf" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.2.3_keep_all_audit_logs.sh b/tests/hardening/4.1.2.3_keep_all_audit_logs.sh index b85adcb..e96d367 100644 --- a/tests/hardening/4.1.2.3_keep_all_audit_logs.sh +++ b/tests/hardening/4.1.2.3_keep_all_audit_logs.sh @@ -7,14 +7,14 @@ test_audit() { mkdir -p /etc/audit touch /etc/audit/auditd.conf # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^max_log_file_action[[:space:]]*=[[:space:]]*keep_logs is present in /etc/audit/auditd.conf" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.3_record_date_time_edit.sh b/tests/hardening/4.1.3_record_date_time_edit.sh index 9f197a3..ae9273c 100644 --- a/tests/hardening/4.1.3_record_date_time_edit.sh +++ b/tests/hardening/4.1.3_record_date_time_edit.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -18,5 +18,5 @@ test_audit() { register_test contain "[ OK ] -a always,exit -F arch=b64 -S clock_settime -k time-change is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S clock_settime -k time-change is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/localtime -p wa -k time-change is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.4_record_user_group_edit.sh b/tests/hardening/4.1.4_record_user_group_edit.sh index a3d95e1..3076e40 100644 --- a/tests/hardening/4.1.4_record_user_group_edit.sh +++ b/tests/hardening/4.1.4_record_user_group_edit.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -18,5 +18,5 @@ test_audit() { register_test contain "[ OK ] -w /etc/gshadow -p wa -k identity is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/shadow -p wa -k identity is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/security/opasswd -p wa -k identity is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.5_record_network_edit.sh b/tests/hardening/4.1.5_record_network_edit.sh index 87a9bb8..3a42335 100644 --- a/tests/hardening/4.1.5_record_network_edit.sh +++ b/tests/hardening/4.1.5_record_network_edit.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -19,6 +19,6 @@ test_audit() { register_test contain "[ OK ] -w /etc/issue.net -p wa -k system-locale is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/hosts -p wa -k system-locale is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /etc/network -p wa -k system-locale is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.6_record_mac_edit.sh b/tests/hardening/4.1.6_record_mac_edit.sh index fad193f..b7b937a 100644 --- a/tests/hardening/4.1.6_record_mac_edit.sh +++ b/tests/hardening/4.1.6_record_mac_edit.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /etc/selinux/ -p wa -k MAC-policy is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.7_record_login_logout.sh b/tests/hardening/4.1.7_record_login_logout.sh index 66def85..ae59d62 100644 --- a/tests/hardening/4.1.7_record_login_logout.sh +++ b/tests/hardening/4.1.7_record_login_logout.sh @@ -5,16 +5,16 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /var/log/faillog -p wa -k logins is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /var/log/lastlog -p wa -k logins is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /var/log/tallylog -p wa -k logins is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.8_record_session_init.sh b/tests/hardening/4.1.8_record_session_init.sh index 5526bea..5e4310b 100644 --- a/tests/hardening/4.1.8_record_session_init.sh +++ b/tests/hardening/4.1.8_record_session_init.sh @@ -5,16 +5,16 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] -w /var/run/utmp -p wa -k session is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /var/log/wtmp -p wa -k session is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -w /var/log/btmp -p wa -k session is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.1.9_record_dac_edit.sh b/tests/hardening/4.1.9_record_dac_edit.sh index c2362a4..6f132b6 100644 --- a/tests/hardening/4.1.9_record_dac_edit.sh +++ b/tests/hardening/4.1.9_record_dac_edit.sh @@ -5,11 +5,11 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -19,5 +19,5 @@ test_audit() { register_test contain "[ OK ] -a always,exit -F arch=b32 -S chown -S fchown -S fchownat -S lchown -F auid>=1000 -F auid!=4294967295 -k perm_mod is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b64 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod is present in /etc/audit/rules.d/audit.rules" register_test contain "[ OK ] -a always,exit -F arch=b32 -S setxattr -S lsetxattr -S fsetxattr -S removexattr -S lremovexattr -S fremovexattr -F auid>=1000 -F auid!=4294967295 -k perm_mod is present in /etc/audit/rules.d/audit.rules" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/4.2.1.1_install_syslog-ng.sh b/tests/hardening/4.2.1.1_install_syslog-ng.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/4.2.1.1_install_syslog-ng.sh +++ b/tests/hardening/4.2.1.1_install_syslog-ng.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/4.2.1.2_enable_syslog-ng.sh b/tests/hardening/4.2.1.2_enable_syslog-ng.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/4.2.1.2_enable_syslog-ng.sh +++ b/tests/hardening/4.2.1.2_enable_syslog-ng.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/4.2.1.3_configure_syslog-ng.sh b/tests/hardening/4.2.1.3_configure_syslog-ng.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/4.2.1.3_configure_syslog-ng.sh +++ b/tests/hardening/4.2.1.3_configure_syslog-ng.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh b/tests/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh +++ b/tests/hardening/4.2.1.4_syslog_ng_logfiles_perm.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/4.2.1.5_syslog-ng_remote_host.sh b/tests/hardening/4.2.1.5_syslog-ng_remote_host.sh index 2159707..d4b9614 100644 --- a/tests/hardening/4.2.1.5_syslog-ng_remote_host.sh +++ b/tests/hardening/4.2.1.5_syslog-ng_remote_host.sh @@ -5,7 +5,7 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 1 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp -a /etc/syslog-ng/syslog-ng.conf /tmp/syslog-ng.conf.bak @@ -14,7 +14,7 @@ test_audit() { describe Checking one line conf register_test retvalshouldbe 0 - run oneline /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run oneline "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp -a /tmp/syslog-ng.conf.bak /etc/syslog-ng/syslog-ng.conf cat >>/etc/syslog-ng/syslog-ng.conf </etc/logrotate.conf register_test retvalshouldbe 1 register_test contain "Logrotate permissions are not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Logrotate permissions are well configured" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.1.1_enable_cron.sh b/tests/hardening/5.1.1_enable_cron.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/5.1.1_enable_cron.sh +++ b/tests/hardening/5.1.1_enable_cron.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/5.1.2_crontab_perm_ownership.sh b/tests/hardening/5.1.2_crontab_perm_ownership.sh index 15b29a9..f5d8aaa 100644 --- a/tests/hardening/5.1.2_crontab_perm_ownership.sh +++ b/tests/hardening/5.1.2_crontab_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabduser" local test_file="/etc/crontab" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh b/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh index 89959d2..bb5cced 100644 --- a/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh +++ b/tests/hardening/5.1.3_cron_hourly_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.hourly" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.4_cron_daily_perm_ownership.sh b/tests/hardening/5.1.4_cron_daily_perm_ownership.sh index f476bff..26a934b 100644 --- a/tests/hardening/5.1.4_cron_daily_perm_ownership.sh +++ b/tests/hardening/5.1.4_cron_daily_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.daily" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh b/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh index cae0433..f334e49 100644 --- a/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh +++ b/tests/hardening/5.1.5_cron_weekly_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.weekly" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh b/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh index 8eb0488..113a9f7 100644 --- a/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh +++ b/tests/hardening/5.1.6_cron_monthly_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.monthly" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.7_cron_d_perm_ownership.sh b/tests/hardening/5.1.7_cron_d_perm_ownership.sh index c8fc1e4..b995548 100644 --- a/tests/hardening/5.1.7_cron_d_perm_ownership.sh +++ b/tests/hardening/5.1.7_cron_d_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabuser" local test_file="/etc/cron.d" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.1.8_cron_users.sh b/tests/hardening/5.1.8_cron_users.sh index d54abc5..2aca757 100644 --- a/tests/hardening/5.1.8_cron_users.sh +++ b/tests/hardening/5.1.8_cron_users.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testcrontabduser" @@ -14,11 +14,11 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "/etc/cron.deny exists" register_test contain "/etc/at.deny exists" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true touch /etc/cron.allow /etc/at.allow describe Tests purposely failing @@ -28,12 +28,12 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "/etc/cron.allow ownership was not set to" register_test contain "/etc/at.allow ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all userdel "$test_user" describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" @@ -42,12 +42,12 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "/etc/cron.allow permissions were not set to" register_test contain "/etc/at.allow permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all userdel "$test_user" describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 @@ -55,6 +55,6 @@ test_audit() { register_test contain "/etc/cron.allow has correct ownership" register_test contain "/etc/at.allow has correct permissions" register_test contain "/etc/at.allow has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.10_disable_root_login.sh b/tests/hardening/5.2.10_disable_root_login.sh index 0e523e6..0070772 100644 --- a/tests/hardening/5.2.10_disable_root_login.sh +++ b/tests/hardening/5.2.10_disable_root_login.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitRootLogin[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh b/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh index 06313d9..33b7aa0 100644 --- a/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh +++ b/tests/hardening/5.2.11_disable_sshd_permitemptypasswords.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitEmptyPasswords[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.12_disable_sshd_setenv.sh b/tests/hardening/5.2.12_disable_sshd_setenv.sh index bd2e5d6..09b6026 100644 --- a/tests/hardening/5.2.12_disable_sshd_setenv.sh +++ b/tests/hardening/5.2.12_disable_sshd_setenv.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PermitUserEnvironment[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.13_sshd_ciphers.sh b/tests/hardening/5.2.13_sshd_ciphers.sh index 3a5030b..0777ebf 100644 --- a/tests/hardening/5.2.13_sshd_ciphers.sh +++ b/tests/hardening/5.2.13_sshd_ciphers.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^Ciphers[[:space:]]*chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.14_ssh_cry_mac.sh b/tests/hardening/5.2.14_ssh_cry_mac.sh index 585282d..30e97ae 100644 --- a/tests/hardening/5.2.14_ssh_cry_mac.sh +++ b/tests/hardening/5.2.14_ssh_cry_mac.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^MACs[[:space:]]*hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.15_ssh_cry_kex.sh b/tests/hardening/5.2.15_ssh_cry_kex.sh index aa33d69..e20448e 100644 --- a/tests/hardening/5.2.15_ssh_cry_kex.sh +++ b/tests/hardening/5.2.15_ssh_cry_kex.sh @@ -5,25 +5,25 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true cp -a /etc/ssh/sshd_config /tmp/sshd_config.bak describe Change case of config line sed -i 's/\(KexAlgorithms\)/\U\1/' /etc/ssh/sshd_config register_test retvalshouldbe 0 - run uppercase /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run uppercase "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mv /tmp/sshd_config.bak /etc/ssh/sshd_config describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.16_sshd_idle_timeout.sh b/tests/hardening/5.2.16_sshd_idle_timeout.sh index efc3877..8242622 100644 --- a/tests/hardening/5.2.16_sshd_idle_timeout.sh +++ b/tests/hardening/5.2.16_sshd_idle_timeout.sh @@ -5,19 +5,19 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^ClientAliveInterval[[:space:]]*300 is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^ClientAliveCountMax[[:space:]]*0 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.17_sshd_login_grace_time.sh b/tests/hardening/5.2.17_sshd_login_grace_time.sh index 5b326ba..66616ac 100644 --- a/tests/hardening/5.2.17_sshd_login_grace_time.sh +++ b/tests/hardening/5.2.17_sshd_login_grace_time.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^LoginGraceTime[[:space:]]*60 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.18_sshd_limit_access.sh b/tests/hardening/5.2.18_sshd_limit_access.sh index d22306b..debeb86 100644 --- a/tests/hardening/5.2.18_sshd_limit_access.sh +++ b/tests/hardening/5.2.18_sshd_limit_access.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -21,5 +21,5 @@ test_audit() { register_test contain "^AllowGroups[[:space:]]** is present in /etc/ssh/sshd_config" register_test contain "^DenyUsers[[:space:]]*nobody is present in /etc/ssh/sshd_config" register_test contain "^DenyGroups[[:space:]]*nobody is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.19_ssh_banner.sh b/tests/hardening/5.2.19_ssh_banner.sh index 98ecc01..9d5b6ce 100644 --- a/tests/hardening/5.2.19_ssh_banner.sh +++ b/tests/hardening/5.2.19_ssh_banner.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^Banner[[:space:]]* is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh b/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh index ad6d2f9..a4fb07c 100644 --- a/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh +++ b/tests/hardening/5.2.1_sshd_conf_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testsshduser" local test_file="/etc/ssh/sshd_config" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.2.20_enable_ssh_pam.sh b/tests/hardening/5.2.20_enable_ssh_pam.sh index ae7e949..f2bb810 100644 --- a/tests/hardening/5.2.20_enable_ssh_pam.sh +++ b/tests/hardening/5.2.20_enable_ssh_pam.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^usepam[[:space:]]*yes is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh b/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh index 7214c2a..fe0d360 100644 --- a/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh +++ b/tests/hardening/5.2.21_disable_ssh_allow_tcp_forwarding.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^AllowTCPForwarding[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.22_configure_ssh_max_startups.sh b/tests/hardening/5.2.22_configure_ssh_max_startups.sh index 0ac4f2f..be8886f 100644 --- a/tests/hardening/5.2.22_configure_ssh_max_startups.sh +++ b/tests/hardening/5.2.22_configure_ssh_max_startups.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^maxstartups[[:space:]]*10:30:60 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.23_limit_ssh_max_sessions.sh b/tests/hardening/5.2.23_limit_ssh_max_sessions.sh index 08b1443..848ff7b 100644 --- a/tests/hardening/5.2.23_limit_ssh_max_sessions.sh +++ b/tests/hardening/5.2.23_limit_ssh_max_sessions.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "maxsessions 1" >>/etc/ssh/sshd_config describe Running restrictive register_test retvalshouldbe 0 register_test contain "[ OK ] 1 is lower than recommended 10" - run restrictive /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run restrictive "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # delete last line sed -i '$ d' /etc/ssh/sshd_config @@ -21,18 +21,18 @@ test_audit() { describe Running too permissive register_test retvalshouldbe 1 register_test contain "[ KO ] 15 is higher than recommended 10" - run permissive /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run permissive "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^maxsessions[[:space:]]*10 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh b/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh index 531453b..b4530c5 100644 --- a/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh +++ b/tests/hardening/5.2.2_ssh_host_private_keys_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testsshduser" local test_file="/etc/ssh/ssh_host_test_key" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "SSH private keys in /etc/ssh have correct permissions" register_test contain "SSH private keys in /etc/ssh have correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh b/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh index 338794e..4d63b70 100644 --- a/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh +++ b/tests/hardening/5.2.3_ssh_host_public_keys_perm_ownership.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testsshduser" local test_file="/etc/ssh/ssh_host_test_key.pub" @@ -16,28 +16,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "SSH public keys in /etc/ssh have correct permissions" register_test contain "SSH public keys in /etc/ssh have correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/5.2.4_sshd_protocol.sh b/tests/hardening/5.2.4_sshd_protocol.sh index 7705983..25affb8 100644 --- a/tests/hardening/5.2.4_sshd_protocol.sh +++ b/tests/hardening/5.2.4_sshd_protocol.sh @@ -5,19 +5,19 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^Protocol[[:space:]]*2 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.5_sshd_loglevel.sh b/tests/hardening/5.2.5_sshd_loglevel.sh index 8bb2f88..205abd4 100644 --- a/tests/hardening/5.2.5_sshd_loglevel.sh +++ b/tests/hardening/5.2.5_sshd_loglevel.sh @@ -5,24 +5,24 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all - echo "OPTIONS='LogLevel=DEBUG'" >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo "OPTIONS='LogLevel=DEBUG'" >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" sed -i 's/LogLevel VERBOSE/LogLevel DEBUG/' /etc/ssh/sshd_config describe Checking custom conf register_test retvalshouldbe 0 - run customconf /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run customconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.6_disable_x11_forwarding.sh b/tests/hardening/5.2.6_disable_x11_forwarding.sh index 6fdb78e..b19b513 100644 --- a/tests/hardening/5.2.6_disable_x11_forwarding.sh +++ b/tests/hardening/5.2.6_disable_x11_forwarding.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^X11Forwarding[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.7_sshd_maxauthtries.sh b/tests/hardening/5.2.7_sshd_maxauthtries.sh index 4361481..66194da 100644 --- a/tests/hardening/5.2.7_sshd_maxauthtries.sh +++ b/tests/hardening/5.2.7_sshd_maxauthtries.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "MaxAuthTries 2" >>/etc/ssh/sshd_config describe Running restrictive register_test retvalshouldbe 0 register_test contain "[ OK ] 2 is lower than recommended 4" - run restrictive /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run restrictive "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # delete last line sed -i '$ d' /etc/ssh/sshd_config @@ -21,18 +21,18 @@ test_audit() { describe Running too permissive register_test retvalshouldbe 1 register_test contain "[ KO ] 6 is higher than recommended 4" - run permissive /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run permissive "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^MaxAuthTries[[:space:]]*4 is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh b/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh index 8550ec9..959e4ea 100644 --- a/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh +++ b/tests/hardening/5.2.8_enable_sshd_ignorerhosts.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^IgnoreRhosts[[:space:]]*yes is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh b/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh index 34782d6..ebb2c14 100644 --- a/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh +++ b/tests/hardening/5.2.9_disable_sshd_hostbasedauthentication.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^HostbasedAuthentication[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.3.1_enable_pwquality.sh b/tests/hardening/5.3.1_enable_pwquality.sh index e07785a..4bfdb89 100644 --- a/tests/hardening/5.3.1_enable_pwquality.sh +++ b/tests/hardening/5.3.1_enable_pwquality.sh @@ -9,11 +9,11 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "libpam-pwquality is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -23,5 +23,5 @@ test_audit() { register_test contain "[ OK ] ^ucredit[[:space:]]+=[[:space:]]+-1 is present in /etc/security/pwquality.conf" register_test contain "[ OK ] ^ocredit[[:space:]]+=[[:space:]]+-1 is present in /etc/security/pwquality.conf" register_test contain "[ OK ] ^lcredit[[:space:]]+=[[:space:]]+-1 is present in /etc/security/pwquality.con" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.3.2_enable_lockout_failed_password.sh b/tests/hardening/5.3.2_enable_lockout_failed_password.sh index 1ef7755..5f279e9 100644 --- a/tests/hardening/5.3.2_enable_lockout_failed_password.sh +++ b/tests/hardening/5.3.2_enable_lockout_failed_password.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^auth[[:space:]]*required[[:space:]]*pam_((tally[2]?)|(faillock))\.so is present in /etc/pam.d/common-auth" register_test contain "[ OK ] pam_((tally[2]?)|(faillock))\.so is present in /etc/pam.d/common-account" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.3.3_limit_password_reuse.sh b/tests/hardening/5.3.3_limit_password_reuse.sh index 08606a2..2eeaef6 100644 --- a/tests/hardening/5.3.3_limit_password_reuse.sh +++ b/tests/hardening/5.3.3_limit_password_reuse.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^password.*remember is present in /etc/pam.d/common-password" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.3.4_acc_pam_sha512.sh b/tests/hardening/5.3.4_acc_pam_sha512.sh index e7e167f..f8c7dea 100644 --- a/tests/hardening/5.3.4_acc_pam_sha512.sh +++ b/tests/hardening/5.3.4_acc_pam_sha512.sh @@ -5,5 +5,5 @@ test_audit() { register_test retvalshouldbe 0 register_test contain REGEX "[ OK ] .*(sha512|yescrypt) is present in /etc/pam.d/common-password" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.1.1_set_password_exp_days.sh b/tests/hardening/5.4.1.1_set_password_exp_days.sh index bd0903e..b31aa58 100644 --- a/tests/hardening/5.4.1.1_set_password_exp_days.sh +++ b/tests/hardening/5.4.1.1_set_password_exp_days.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PASS_MAX_DAYS[[:space:]]*90 is present in /etc/login.defs" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.1.2_set_password_min_days_change.sh b/tests/hardening/5.4.1.2_set_password_min_days_change.sh index 31cf936..e5e5183 100644 --- a/tests/hardening/5.4.1.2_set_password_min_days_change.sh +++ b/tests/hardening/5.4.1.2_set_password_min_days_change.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PASS_MIN_DAYS[[:space:]]*7 is present in /etc/login.defs" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.1.3_set_password_exp_warning_days.sh b/tests/hardening/5.4.1.3_set_password_exp_warning_days.sh index 65aafce..2b0379b 100644 --- a/tests/hardening/5.4.1.3_set_password_exp_warning_days.sh +++ b/tests/hardening/5.4.1.3_set_password_exp_warning_days.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^PASS_WARN_AGE[[:space:]]*7 is present in /etc/login.defs" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.1.4_lock_inactive_user_account.sh b/tests/hardening/5.4.1.4_lock_inactive_user_account.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/5.4.1.4_lock_inactive_user_account.sh +++ b/tests/hardening/5.4.1.4_lock_inactive_user_account.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/5.4.1.5_last_password_change_past.sh b/tests/hardening/5.4.1.5_last_password_change_past.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/5.4.1.5_last_password_change_past.sh +++ b/tests/hardening/5.4.1.5_last_password_change_past.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/5.4.2_disable_system_accounts.sh b/tests/hardening/5.4.2_disable_system_accounts.sh index ffdff82..c621696 100644 --- a/tests/hardening/5.4.2_disable_system_accounts.sh +++ b/tests/hardening/5.4.2_disable_system_accounts.sh @@ -6,15 +6,15 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 1 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mv /tmp/passwd.bak /etc/passwd } diff --git a/tests/hardening/5.4.3_default_root_group.sh b/tests/hardening/5.4.3_default_root_group.sh index 118d213..119e489 100644 --- a/tests/hardening/5.4.3_default_root_group.sh +++ b/tests/hardening/5.4.3_default_root_group.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all usermod -g 1 root describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] Root group has GID 0" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.4_default_umask.sh b/tests/hardening/5.4.4_default_umask.sh index e5466e8..f5539ba 100644 --- a/tests/hardening/5.4.4_default_umask.sh +++ b/tests/hardening/5.4.4_default_umask.sh @@ -5,13 +5,13 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/5.4.5_default_timeout.sh b/tests/hardening/5.4.5_default_timeout.sh index 6868a51..4fbe651 100644 --- a/tests/hardening/5.4.5_default_timeout.sh +++ b/tests/hardening/5.4.5_default_timeout.sh @@ -5,13 +5,13 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo "TMOUT=600" >/etc/profile.d/CIS_99.1_timeout.sh describe compliant register_test retvalshouldbe 0 - run compliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run compliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests diff --git a/tests/hardening/5.5_secure_tty.sh b/tests/hardening/5.5_secure_tty.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/5.5_secure_tty.sh +++ b/tests/hardening/5.5_secure_tty.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/5.6_restrict_su.sh b/tests/hardening/5.6_restrict_su.sh index 0b67092..0b9cdc2 100644 --- a/tests/hardening/5.6_restrict_su.sh +++ b/tests/hardening/5.6_restrict_su.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^auth[[:space:]]*required[[:space:]]*pam_wheel.so is present in /etc/pam.d/su" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.10_find_world_writable_file.sh b/tests/hardening/6.1.10_find_world_writable_file.sh index 8f237ed..6de33fd 100644 --- a/tests/hardening/6.1.10_find_world_writable_file.sh +++ b/tests/hardening/6.1.10_find_world_writable_file.sh @@ -3,9 +3,9 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/thisfileisignored.*|^/dev/.*"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/thisfileisignored.*|^/dev/.*"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" touch /home/secaudit/thisfileisignored chmod 777 /home/secaudit/thisfileisignored @@ -13,7 +13,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "No world writable files found" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/worldwritable" @@ -21,21 +21,21 @@ test_audit() { chmod 777 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some world writable files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some world writable files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No world writable files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.11_find_unowned_files.sh b/tests/hardening/6.1.11_find_unowned_files.sh index 6f36824..5480388 100644 --- a/tests/hardening/6.1.11_find_unowned_files.sh +++ b/tests/hardening/6.1.11_find_unowned_files.sh @@ -3,9 +3,9 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/6.1.11/.*"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/6.1.11/.*"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" mkdir /home/secaudit/6.1.11/ touch /home/secaudit/6.1.11/test chown 1200 /home/secaudit/6.1.11/test @@ -14,7 +14,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "No unowned files found" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/unowned" @@ -22,20 +22,20 @@ test_audit() { chown 1200 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some unowned files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some unowned files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No unowned files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.12_find_ungrouped_files.sh b/tests/hardening/6.1.12_find_ungrouped_files.sh index c6a80d0..6747c45 100644 --- a/tests/hardening/6.1.12_find_ungrouped_files.sh +++ b/tests/hardening/6.1.12_find_ungrouped_files.sh @@ -3,9 +3,9 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/6.1.12/.*"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCLUDED="$EXCLUDED ^/home/secaudit/6.1.12/.*"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" mkdir /home/secaudit/6.1.12/ touch /home/secaudit/6.1.12/test chown 1200:1200 /home/secaudit/6.1.12/test @@ -14,7 +14,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "No ungrouped files found" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/ungrouped" @@ -22,20 +22,20 @@ test_audit() { chown 1200:1200 "$targetfile" register_test retvalshouldbe 1 register_test contain "Some ungrouped files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some ungrouped files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No ungrouped files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.13_find_suid_files.sh b/tests/hardening/6.1.13_find_suid_files.sh index ec34b70..0d377e2 100644 --- a/tests/hardening/6.1.13_find_suid_files.sh +++ b/tests/hardening/6.1.13_find_suid_files.sh @@ -3,14 +3,14 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/sbin/exim4 /bin/fusermount /usr/lib/eject/dmcrypt-get-device /usr/bin/pkexec /usr/lib/policykit-1/polkit-agent-helper-1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS /usr/lib/dbus-1.0/dbus-daemon-launch-helper /usr/sbin/exim4 /bin/fusermount /usr/lib/eject/dmcrypt-get-device /usr/bin/pkexec /usr/lib/policykit-1/polkit-agent-helper-1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Running on blank host register_test retvalshouldbe 0 dismiss_count_for_test - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/suid_file" @@ -19,13 +19,13 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "Some suid files are present" register_test contain "$targetfile" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some suid files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation chmod 700 $targetfile @@ -33,5 +33,5 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No unknown suid files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.14_find_sgid_files.sh b/tests/hardening/6.1.14_find_sgid_files.sh index 380442b..799b7bc 100644 --- a/tests/hardening/6.1.14_find_sgid_files.sh +++ b/tests/hardening/6.1.14_find_sgid_files.sh @@ -3,15 +3,15 @@ test_audit() { describe Running void to generate the conf file that will later be edited # shellcheck disable=2154 - /opt/debian-cis/bin/hardening/"${script}".sh || true + "${CIS_CHECKS_DIR}/${script}.sh" || true # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS /usr/bin/dotlock.mailutils /usr/lib/x86_64-linux-gnu/utempter/utempter"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS /usr/bin/dotlock.mailutils /usr/lib/x86_64-linux-gnu/utempter/utempter"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Running on blank host register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing local targetfile="/home/secaudit/sgid_file" @@ -20,13 +20,13 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "Some sgid files are present" register_test contain "$targetfile" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests failing with find ignore flag - echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" register_test retvalshouldbe 1 register_test contain "Some sgid files are present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation chmod 700 $targetfile @@ -34,5 +34,5 @@ test_audit() { describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No unknown sgid files found" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.1.2_etc_passwd_permissions.sh b/tests/hardening/6.1.2_etc_passwd_permissions.sh index fa50333..18c91c6 100644 --- a/tests/hardening/6.1.2_etc_passwd_permissions.sh +++ b/tests/hardening/6.1.2_etc_passwd_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcpasswduser" local test_file="/etc/passwd" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.3_etc_gshadow-_permissions.sh b/tests/hardening/6.1.3_etc_gshadow-_permissions.sh index 1beadf0..29dff78 100644 --- a/tests/hardening/6.1.3_etc_gshadow-_permissions.sh +++ b/tests/hardening/6.1.3_etc_gshadow-_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgshadow-user" local test_file="/etc/gshadow-" @@ -14,34 +14,34 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Missing File should be OK as well rm "$test_file" register_test retvalshouldbe 0 register_test contain "does not exist" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.4_etc_shadow_permissions.sh b/tests/hardening/6.1.4_etc_shadow_permissions.sh index aefbd50..c592ced 100644 --- a/tests/hardening/6.1.4_etc_shadow_permissions.sh +++ b/tests/hardening/6.1.4_etc_shadow_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcshadowuser" local test_file="/etc/shadow" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.5_etc_group_permissions.sh b/tests/hardening/6.1.5_etc_group_permissions.sh index 6195f11..1eb6b1c 100644 --- a/tests/hardening/6.1.5_etc_group_permissions.sh +++ b/tests/hardening/6.1.5_etc_group_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgroupuser" local test_file="/etc/group" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.6_etc_passwd-_permissions.sh b/tests/hardening/6.1.6_etc_passwd-_permissions.sh index d613e63..10da318 100644 --- a/tests/hardening/6.1.6_etc_passwd-_permissions.sh +++ b/tests/hardening/6.1.6_etc_passwd-_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcpasswd-user" local test_file="/etc/passwd-" @@ -15,40 +15,40 @@ test_audit() { chown root:root "$test_file" register_test retvalshouldbe 0 register_test contain "has correct permissions" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Missing File should be OK as well rm "$test_file" register_test retvalshouldbe 0 register_test contain "does not exist" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.7_etc_shadow-_permissions.sh b/tests/hardening/6.1.7_etc_shadow-_permissions.sh index 04cf193..cd14fe9 100644 --- a/tests/hardening/6.1.7_etc_shadow-_permissions.sh +++ b/tests/hardening/6.1.7_etc_shadow-_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcshadow-user" local test_file="/etc/shadow-" @@ -15,40 +15,40 @@ test_audit() { chown root:shadow "$test_file" register_test retvalshouldbe 0 register_test contain "has correct permissions" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Missing File should be OK as well rm "$test_file" register_test retvalshouldbe 0 register_test contain "does not exist" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.8_etc_group-_permissions.sh b/tests/hardening/6.1.8_etc_group-_permissions.sh index 1d4ea8d..7f27a37 100644 --- a/tests/hardening/6.1.8_etc_group-_permissions.sh +++ b/tests/hardening/6.1.8_etc_group-_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgroup--user" local test_file="/etc/group-" @@ -15,40 +15,40 @@ test_audit() { chown root:root "$test_file" register_test retvalshouldbe 0 register_test contain "has correct permissions" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Missing File should be OK as well rm "$test_file" register_test retvalshouldbe 0 register_test contain "does not exist" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.1.9_etc_gshadow_permissions.sh b/tests/hardening/6.1.9_etc_gshadow_permissions.sh index 9abc6d9..a7f46e6 100644 --- a/tests/hardening/6.1.9_etc_gshadow_permissions.sh +++ b/tests/hardening/6.1.9_etc_gshadow_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgshadowuser" local test_file="/etc/gshadow" @@ -14,28 +14,28 @@ test_audit() { chmod 777 "$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Tests purposely failing useradd "$test_user" chown "$test_user":"$test_user" "$test_file" register_test retvalshouldbe 1 register_test contain "ownership was not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "has correct permissions" register_test contain "has correct ownership" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.10_check_user_dot_file_perm.sh b/tests/hardening/6.2.10_check_user_dot_file_perm.sh index a74a3c6..a27361a 100644 --- a/tests/hardening/6.2.10_check_user_dot_file_perm.sh +++ b/tests/hardening/6.2.10_check_user_dot_file_perm.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testdotuser" local test_file=".test" @@ -17,16 +17,16 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "Group Write permission set on FILE" register_test contain "Other Write permission set on FILE" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "Dot file permission in users directories are correct" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.11_find_user_forward_files.sh b/tests/hardening/6.2.11_find_user_forward_files.sh index 47eb581..cf95893 100644 --- a/tests/hardening/6.2.11_find_user_forward_files.sh +++ b/tests/hardening/6.2.11_find_user_forward_files.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testforwarduser" local test_file=".forward" @@ -15,7 +15,7 @@ test_audit() { touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.12_find_user_netrc_files.sh b/tests/hardening/6.2.12_find_user_netrc_files.sh index 1dce9c8..07b3ed1 100644 --- a/tests/hardening/6.2.12_find_user_netrc_files.sh +++ b/tests/hardening/6.2.12_find_user_netrc_files.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testnetrcuser" local test_file=".netrc" @@ -15,7 +15,7 @@ test_audit() { touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.13_set_perm_on_user_netrc.sh b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh index b559652..bf428b2 100644 --- a/tests/hardening/6.2.13_set_perm_on_user_netrc.sh +++ b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testnetrcuser" local test_file=".netrc" @@ -16,16 +16,16 @@ test_audit() { chmod 777 "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "permissions were not set to" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "$test_file has correct permissions" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.14_find_user_rhosts_files.sh b/tests/hardening/6.2.14_find_user_rhosts_files.sh index c1aa772..c1ee40e 100644 --- a/tests/hardening/6.2.14_find_user_rhosts_files.sh +++ b/tests/hardening/6.2.14_find_user_rhosts_files.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testrhostsuser" local test_file=".rhosts" @@ -15,7 +15,7 @@ test_audit() { touch "/home/$test_user/$test_file" register_test retvalshouldbe 1 register_test contain "$test_file present" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh b/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh index 6e26efe..80ebf14 100644 --- a/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh +++ b/tests/hardening/6.2.15_find_passwd_group_inconsistencies.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testpasswdgroupuser" local dir="/etc/passwd" @@ -14,7 +14,7 @@ test_audit() { echo "$test_user:x:1100:1100::/home/$test_user:" >>"$dir" register_test retvalshouldbe 1 register_test contain "is referenced by /etc/passwd but does not exist in /etc/group" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.16_check_duplicate_uid.sh b/tests/hardening/6.2.16_check_duplicate_uid.sh index dcd3318..c0af43f 100644 --- a/tests/hardening/6.2.16_check_duplicate_uid.sh +++ b/tests/hardening/6.2.16_check_duplicate_uid.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] No duplicate UIDs" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all useradd -u 1001 usertest1 useradd -o -u 1001 usertest2 @@ -14,15 +14,15 @@ test_audit() { describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "[ KO ] Duplicate UID (1001): usertest1 usertest2" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS 1001"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS 1001"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Adding exceptions register_test retvalshouldbe 0 register_test contain "[ OK ] No duplicate UIDs apart from configured exceptions: (1001): usertest1 usertest2" - run exception /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run exception "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel usertest1 diff --git a/tests/hardening/6.2.17_check_duplicate_gid.sh b/tests/hardening/6.2.17_check_duplicate_gid.sh index 62f05c7..174500d 100644 --- a/tests/hardening/6.2.17_check_duplicate_gid.sh +++ b/tests/hardening/6.2.17_check_duplicate_gid.sh @@ -5,14 +5,14 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all groupadd -f -g 120 grouptest groupadd -fo -g 120 grouptest2 describe Duplicated groups register_test retvalshouldbe 1 - run duplicated /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run duplicated "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup groupdel grouptest @@ -20,6 +20,6 @@ test_audit() { describe Compliant state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/6.2.18_check_duplicate_username.sh b/tests/hardening/6.2.18_check_duplicate_username.sh index 89c036e..9a1fdec 100644 --- a/tests/hardening/6.2.18_check_duplicate_username.sh +++ b/tests/hardening/6.2.18_check_duplicate_username.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testduplicateuser" local dir="/etc/passwd" @@ -16,7 +16,7 @@ test_audit() { echo "$temp" >>"$dir" register_test retvalshouldbe 1 register_test contain "Duplicate username" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup sed -i '$ d' "$dir" diff --git a/tests/hardening/6.2.19_check_duplicate_groupname.sh b/tests/hardening/6.2.19_check_duplicate_groupname.sh index 3664076..4d8b3f5 100644 --- a/tests/hardening/6.2.19_check_duplicate_groupname.sh +++ b/tests/hardening/6.2.19_check_duplicate_groupname.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_group="testduplicategroup" local dir="/etc/group" @@ -16,7 +16,7 @@ test_audit() { echo "$temp" >>"$dir" register_test retvalshouldbe 1 register_test contain "Duplicate group" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup sed -i '$ d' "$dir" diff --git a/tests/hardening/6.2.1_remove_empty_password_field.sh b/tests/hardening/6.2.1_remove_empty_password_field.sh index d33bbeb..3079e2d 100644 --- a/tests/hardening/6.2.1_remove_empty_password_field.sh +++ b/tests/hardening/6.2.1_remove_empty_password_field.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testemptypassworduser" @@ -14,16 +14,16 @@ test_audit() { sed -i "s/$test_user:\!/$test_user:/" /etc/shadow register_test retvalshouldbe 1 register_test contain "Some accounts have an empty password" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All accounts have a password" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.20_shadow_group_empty.sh b/tests/hardening/6.2.20_shadow_group_empty.sh index 7eff49c..33958c8 100644 --- a/tests/hardening/6.2.20_shadow_group_empty.sh +++ b/tests/hardening/6.2.20_shadow_group_empty.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testshadowuser" @@ -14,14 +14,14 @@ test_audit() { usermod -aG shadow "$test_user" register_test retvalshouldbe 1 register_test contain "Some users belong to shadow group" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all userdel "$test_user" describe Tests purposely failing useradd --no-user-group -g shadow "$test_user" register_test retvalshouldbe 1 register_test contain "Some users have shadow id as their primary group" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all userdel "$test_user" } diff --git a/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh b/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh index ce25f3d..91eab39 100644 --- a/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh +++ b/tests/hardening/6.2.2_remove_legacy_passwd_entries.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcpasswduser" @@ -14,16 +14,16 @@ test_audit() { sed -i "s/$test_user:x/+:$test_user:x/" /etc/passwd register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy password entry" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All accounts have a valid password entry format" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup groupdel $test_user diff --git a/tests/hardening/6.2.3_users_homedir_exist.sh b/tests/hardening/6.2.3_users_homedir_exist.sh index 4e41040..c13d900 100644 --- a/tests/hardening/6.2.3_users_homedir_exist.sh +++ b/tests/hardening/6.2.3_users_homedir_exist.sh @@ -4,14 +4,14 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="userwithouthome" useradd "$test_user" describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "does not exist." - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.4_remove_legacy_shadow_entries.sh b/tests/hardening/6.2.4_remove_legacy_shadow_entries.sh index 78c95b6..b352a95 100644 --- a/tests/hardening/6.2.4_remove_legacy_shadow_entries.sh +++ b/tests/hardening/6.2.4_remove_legacy_shadow_entries.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcshadowusr" @@ -14,16 +14,16 @@ test_audit() { sed -i "s/$test_user:/+:$test_user:/" /etc/shadow register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy password entry" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All accounts have a valid password entry format" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.5_remove_legacy_group_entries.sh b/tests/hardening/6.2.5_remove_legacy_group_entries.sh index ea8ed39..c25d8db 100644 --- a/tests/hardening/6.2.5_remove_legacy_group_entries.sh +++ b/tests/hardening/6.2.5_remove_legacy_group_entries.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testetcgroupuser" @@ -14,16 +14,16 @@ test_audit() { sed -i "s/$test_user:x/+:$test_user:x/" /etc/group register_test retvalshouldbe 1 register_test contain "Some accounts have a legacy group entry" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "All accounts have a valid group entry format" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel "$test_user" diff --git a/tests/hardening/6.2.6_find_0_uid_non_root_account.sh b/tests/hardening/6.2.6_find_0_uid_non_root_account.sh index a54b7de..e95a0ca 100644 --- a/tests/hardening/6.2.6_find_0_uid_non_root_account.sh +++ b/tests/hardening/6.2.6_find_0_uid_non_root_account.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "[ OK ] No account with uid 0 appart from root" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all useradd -o -u 0 usertest1 @@ -13,15 +13,15 @@ test_audit() { describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "[ KO ] Some accounts have uid 0: usertest1" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'EXCEPTIONS="$EXCEPTIONS usertest1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTIONS="$EXCEPTIONS usertest1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Adding exceptions register_test retvalshouldbe 0 register_test contain "[ OK ] No account with uid 0 appart from root and configured exceptions: usertest1" - run exception /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run exception "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel -f usertest1 diff --git a/tests/hardening/6.2.7_sanitize_root_path.sh b/tests/hardening/6.2.7_sanitize_root_path.sh index d357492..6869a37 100644 --- a/tests/hardening/6.2.7_sanitize_root_path.sh +++ b/tests/hardening/6.2.7_sanitize_root_path.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local dir="/test" local test_user="userrootpathtest" @@ -13,23 +13,23 @@ test_audit() { describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "Empty Directory in PATH (::)" - run noncompliant path="$PATH::" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH::" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "Trailing : in PATH" - run noncompliant path="$PATH:" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing register_test retvalshouldbe 1 register_test contain "PATH contains ." - run noncompliant path="$PATH:." /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:." "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Tests purposely failing mkdir -m 770 "$dir" register_test retvalshouldbe 1 register_test contain "Group Write permission set on directory $dir" - run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:$dir" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # clean rmdir "$dir" @@ -37,7 +37,7 @@ test_audit() { mkdir -m 707 "$dir" register_test retvalshouldbe 1 register_test contain "Other Write permission set on directory $dir" - run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:$dir" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # clean rmdir "$dir" @@ -47,7 +47,7 @@ test_audit() { chown "$test_user":"$test_user" "$dir" register_test retvalshouldbe 1 register_test contain "$dir is not owned by root" - run noncompliant path="$PATH:$dir" /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant path="$PATH:$dir" "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # clean rmdir "$dir" userdel "$test_user" diff --git a/tests/hardening/6.2.8_check_user_dir_perm.sh b/tests/hardening/6.2.8_check_user_dir_perm.sh index da09e25..72b695c 100644 --- a/tests/hardening/6.2.8_check_user_dir_perm.sh +++ b/tests/hardening/6.2.8_check_user_dir_perm.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testhomepermuser" @@ -18,16 +18,16 @@ test_audit() { register_test contain "Other Write permission set on directory" register_test contain "Other Execute permission set on directory" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" --apply || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "No incorrect permissions on home directories" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # cleanup userdel -r "$test_user" diff --git a/tests/hardening/6.2.9_users_homedir_ownership.sh b/tests/hardening/6.2.9_users_homedir_ownership.sh index f0e52d3..fe07f54 100644 --- a/tests/hardening/6.2.9_users_homedir_ownership.sh +++ b/tests/hardening/6.2.9_users_homedir_ownership.sh @@ -4,7 +4,7 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all local test_user="testhomeuser" @@ -13,14 +13,14 @@ test_audit() { chown root:root /home/"$test_user" register_test retvalshouldbe 1 register_test contain "[ KO ] The home directory (/home/$test_user) of user testhomeuser is owned by root" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe correcting situation - echo "EXCEPTIONS=\"/home/$test_user:$test_user:root\"" >/opt/debian-cis/etc/conf.d/"${script}".cfg + echo "EXCEPTIONS=\"/home/$test_user:$test_user:root\"" >"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Checking resolved state register_test retvalshouldbe 0 - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup rm -rf "/home/${test_user:?}" diff --git a/tests/hardening/99.1.1.1_disable_cramfs.sh b/tests/hardening/99.1.1.1_disable_cramfs.sh index 5195a49..23e8ccd 100644 --- a/tests/hardening/99.1.1.1_disable_cramfs.sh +++ b/tests/hardening/99.1.1.1_disable_cramfs.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all fi ################################################################## diff --git a/tests/hardening/99.1.1.23_disable_usb_devices.sh b/tests/hardening/99.1.1.23_disable_usb_devices.sh index 69db7fe..5e9f107 100644 --- a/tests/hardening/99.1.1.23_disable_usb_devices.sh +++ b/tests/hardening/99.1.1.23_disable_usb_devices.sh @@ -11,13 +11,13 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all echo 'ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"' >/etc/udev/rules.d/10-CIS_99.2_usb_devices.sh describe compliant register_test retvalshouldbe 0 - run compliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run compliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests diff --git a/tests/hardening/99.1.3_acc_sudoers_no_all.sh b/tests/hardening/99.1.3_acc_sudoers_no_all.sh index b0f47c2..785c2d8 100644 --- a/tests/hardening/99.1.3_acc_sudoers_no_all.sh +++ b/tests/hardening/99.1.3_acc_sudoers_no_all.sh @@ -2,16 +2,16 @@ # run-shellcheck test_audit() { # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'EXCEPT="$EXCEPT debian"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPT="$EXCEPT debian"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Running on blank host register_test retvalshouldbe 0 dismiss_count_for_test register_test contain "There is no carte-blanche sudo permission in" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Proceed to operation that will end up to a non compliant system useradd -s /bin/bash jeantestuser @@ -19,14 +19,14 @@ test_audit() { describe Fail: Not compliant system register_test retvalshouldbe 1 register_test contain "[ KO ] jeantestuser ALL = (ALL) NOPASSWD:ALL is present in /etc/sudoers.d/jeantestuser" - run userallcmd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run userallcmd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'EXCEPT="$EXCEPT debian jeantestuser"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPT="$EXCEPT debian jeantestuser"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Adding jeantestuser to exceptions register_test retvalshouldbe 0 register_test contain "[ OK ] jeantestuser ALL = (ALL) NOPASSWD:ALL is present in /etc/sudoers.d/jeantestuser but was EXCUSED because jeantestuser is part of exceptions" - run userexcept /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run userexcept "${CIS_CHECKS_DIR}/${script}.sh" --audit-all rm -f /etc/sudoers.d/jeantestuser userdel jeantestuser diff --git a/tests/hardening/99.2.2_disable_telnet_server.sh b/tests/hardening/99.2.2_disable_telnet_server.sh index a5243cb..4ad9ef8 100644 --- a/tests/hardening/99.2.2_disable_telnet_server.sh +++ b/tests/hardening/99.2.2_disable_telnet_server.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ################################################################## # For this test, we only check that it runs properly on a blank # diff --git a/tests/hardening/99.3.3.1_install_tcp_wrapper.sh b/tests/hardening/99.3.3.1_install_tcp_wrapper.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/99.3.3.1_install_tcp_wrapper.sh +++ b/tests/hardening/99.3.3.1_install_tcp_wrapper.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.3.3.2_hosts_allow.sh b/tests/hardening/99.3.3.2_hosts_allow.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/99.3.3.2_hosts_allow.sh +++ b/tests/hardening/99.3.3.2_hosts_allow.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.3.3.3_hosts_deny.sh b/tests/hardening/99.3.3.3_hosts_deny.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/99.3.3.3_hosts_deny.sh +++ b/tests/hardening/99.3.3.3_hosts_deny.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.3.3.4_hosts_allow_permissions.sh b/tests/hardening/99.3.3.4_hosts_allow_permissions.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/99.3.3.4_hosts_allow_permissions.sh +++ b/tests/hardening/99.3.3.4_hosts_allow_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.3.3.5_hosts_deny_permissions.sh b/tests/hardening/99.3.3.5_hosts_deny_permissions.sh index f85b20d..5bb5d86 100644 --- a/tests/hardening/99.3.3.5_hosts_deny_permissions.sh +++ b/tests/hardening/99.3.3.5_hosts_deny_permissions.sh @@ -5,7 +5,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests } diff --git a/tests/hardening/99.4.0_enable_auditd_kernel.sh b/tests/hardening/99.4.0_enable_auditd_kernel.sh index af007f7..f92d5f1 100644 --- a/tests/hardening/99.4.0_enable_auditd_kernel.sh +++ b/tests/hardening/99.4.0_enable_auditd_kernel.sh @@ -8,7 +8,7 @@ test_audit() { register_test retvalshouldbe 0 dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # TODO fill comprehensive tests fi diff --git a/tests/hardening/99.5.2.1_ssh_auth_pubk_only.sh b/tests/hardening/99.5.2.1_ssh_auth_pubk_only.sh index 54bede0..27ca134 100644 --- a/tests/hardening/99.5.2.1_ssh_auth_pubk_only.sh +++ b/tests/hardening/99.5.2.1_ssh_auth_pubk_only.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -25,5 +25,5 @@ test_audit() { register_test contain "[ OK ] ^HostbasedAuthentication[[:space:]]+no is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^GSSAPIAuthentication[[:space:]]+no is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^GSSAPIKeyExchange[[:space:]]+no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.2_ssh_cry_rekey.sh b/tests/hardening/99.5.2.2_ssh_cry_rekey.sh index 62b8308..5e73d99 100644 --- a/tests/hardening/99.5.2.2_ssh_cry_rekey.sh +++ b/tests/hardening/99.5.2.2_ssh_cry_rekey.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^RekeyLimit[[:space:]]*512M\s+6h is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.3_ssh_disable_features.sh b/tests/hardening/99.5.2.3_ssh_disable_features.sh index 14188a0..fd835f4 100644 --- a/tests/hardening/99.5.2.3_ssh_disable_features.sh +++ b/tests/hardening/99.5.2.3_ssh_disable_features.sh @@ -5,15 +5,15 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 @@ -24,5 +24,5 @@ test_audit() { " register_test contain "[ OK ] ^PermitUserRC[[:space:]]*no is present in /etc/ssh/sshd_config" register_test contain "[ OK ] ^GatewayPorts[[:space:]]*no is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.4_ssh_keys_from.sh b/tests/hardening/99.5.2.4_ssh_keys_from.sh index ec2b111..4da2290 100644 --- a/tests/hardening/99.5.2.4_ssh_keys_from.sh +++ b/tests/hardening/99.5.2.4_ssh_keys_from.sh @@ -2,11 +2,11 @@ # run-shellcheck test_audit() { # shellcheck disable=2154 - echo 'EXCEPTION_USER="root"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'EXCEPTION_USER="root"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" skip_tests # shellcheck disable=2154 - run genconf /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run genconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all useradd -s /bin/bash jeantestuser describe Running on blank host @@ -16,19 +16,19 @@ test_audit() { register_test contain "[INFO] User jeantestuser has a valid shell" register_test contain "[INFO] User jeantestuser has no home directory" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mkdir -p /home/secaudit/.ssh touch /home/secaudit/.ssh/authorized_keys2 describe empty authorized keys file register_test retvalshouldbe 0 - run emptyauthkey /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run emptyauthkey "${CIS_CHECKS_DIR}/${script}.sh" --audit-all ssh-keygen -N "" -t ed25519 -f /tmp/key1 cat /tmp/key1.pub >>/home/secaudit/.ssh/authorized_keys2 describe Key without from field register_test retvalshouldbe 1 - run keynofrom /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run keynofrom "${CIS_CHECKS_DIR}/${script}.sh" --audit-all { echo -n 'from="127.0.0.1" ' @@ -36,26 +36,26 @@ test_audit() { } >/home/secaudit/.ssh/authorized_keys2 describe Key with from, no ip check register_test retvalshouldbe 0 - run keyfrom /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run keyfrom "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" { echo -n 'from="10.0.1.2" ' cat /tmp/key1.pub } >>/home/secaudit/.ssh/authorized_keys2 describe Key with from, filled allowed IPs, one bad ip register_test retvalshouldbe 1 - run badfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run badfromip "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'ALLOWED_IPS="$ALLOWED_IPS 10.0.1.2"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'ALLOWED_IPS="$ALLOWED_IPS 10.0.1.2"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Key with from, filled allowed IPs, all IPs allowed register_test retvalshouldbe 0 - run allwdfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run allwdfromip "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # shellcheck disable=2016 - echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1,10.2.3.1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1,10.2.3.1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" { echo -n 'from="10.0.1.2",command="echo bla" ' cat /tmp/key1.pub @@ -64,14 +64,14 @@ test_audit() { } >>/home/secaudit/.ssh/authorized_keys2 describe Key with from and command options register_test retvalshouldbe 0 - run keyfromcommand /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run keyfromcommand "${CIS_CHECKS_DIR}/${script}.sh" --audit-all useradd -s /bin/bash -m jeantest2 # shellcheck disable=2016 - echo 'USERS_TO_CHECK="jeantest2 secaudit"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg + echo 'USERS_TO_CHECK="jeantest2 secaudit"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg" describe Check only specified user register_test retvalshouldbe 0 - run checkuser /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run checkuser "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Cleanup userdel jeantestuser diff --git a/tests/hardening/99.5.2.5_ssh_strict_modes.sh b/tests/hardening/99.5.2.5_ssh_strict_modes.sh index e10dc0c..1607897 100644 --- a/tests/hardening/99.5.2.5_ssh_strict_modes.sh +++ b/tests/hardening/99.5.2.5_ssh_strict_modes.sh @@ -6,18 +6,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^StrictModes[[:space:]]*yes is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.6_ssh_sys_accept_env.sh b/tests/hardening/99.5.2.6_ssh_sys_accept_env.sh index 03d219d..5783774 100644 --- a/tests/hardening/99.5.2.6_ssh_sys_accept_env.sh +++ b/tests/hardening/99.5.2.6_ssh_sys_accept_env.sh @@ -5,25 +5,25 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all # Proceed to operation that will end up to a non compliant system describe Tests purposely failing sed -ri 's/^\s*AcceptEnv\s+LANG LC_\*//' /etc/ssh/sshd_config register_test retvalshouldbe 1 register_test contain "[ KO ] ^\s*AcceptEnv\s+LANG LC_\* is not present in /etc/ssh/sshd_config" - run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^\s*AcceptEnv\s+LANG LC_\* is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.7_ssh_sys_no_legacy.sh b/tests/hardening/99.5.2.7_ssh_sys_no_legacy.sh index 7aabbf4..31cb611 100644 --- a/tests/hardening/99.5.2.7_ssh_sys_no_legacy.sh +++ b/tests/hardening/99.5.2.7_ssh_sys_no_legacy.sh @@ -4,5 +4,5 @@ test_audit() { describe Running on blank host register_test retvalshouldbe 0 # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.2.8_ssh_sys_sandbox.sh b/tests/hardening/99.5.2.8_ssh_sys_sandbox.sh index 398724d..060934d 100644 --- a/tests/hardening/99.5.2.8_ssh_sys_sandbox.sh +++ b/tests/hardening/99.5.2.8_ssh_sys_sandbox.sh @@ -5,18 +5,18 @@ test_audit() { register_test retvalshouldbe 1 register_test contain "openssh-server is installed" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation # `apply` performs a service reload after each change in the config file # the service needs to be started for the reload to succeed service ssh start # if the audit script provides "apply" option, enable and run it - sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state register_test retvalshouldbe 0 register_test contain "[ OK ] ^UsePrivilegeSeparation[[:space:]]*sandbox is present in /etc/ssh/sshd_config" - run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh b/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh index 80bfe07..b5ce731 100644 --- a/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh +++ b/tests/hardening/99.5.4.5.1_acc_logindefs_sha512.sh @@ -5,34 +5,34 @@ test_audit() { register_test retvalshouldbe 0 register_test contain "ENCRYPT_METHOD SHA512 is present in /etc/login.defs" # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp /etc/login.defs /tmp/login.defs.bak describe Line as comment sed -i 's/\(ENCRYPT_METHOD SHA512\)/# \1/' /etc/login.defs register_test retvalshouldbe 1 register_test contain "SHA512 is not present" - run commented /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run commented "${CIS_CHECKS_DIR}/${script}.sh" --audit-all rm /etc/login.defs describe Fail: missing conf file register_test retvalshouldbe 1 register_test contain "/etc/login.defs is not readable" - run missconffile /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run missconffile "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp /tmp/login.defs.bak /etc/login.defs sed -ir 's/ENCRYPT_METHOD[[:space:]]\+SHA512/ENCRYPT_METHOD MD5/' /etc/login.defs describe Fail: wrong hash function configuration register_test retvalshouldbe 1 register_test contain "SHA512 is not present" - run wrongconf /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run wrongconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all describe Correcting situation - sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg - /opt/debian-cis/bin/hardening/"${script}".sh || true + sed -i 's/disabled/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg" + "${CIS_CHECKS_DIR}/${script}.sh" || true describe Checking resolved state mv /tmp/login.defs.bak /etc/login.defs register_test retvalshouldbe 0 - run sha512pass /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run sha512pass "${CIS_CHECKS_DIR}/${script}.sh" --audit-all } diff --git a/tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh b/tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh index 25e176a..9b24047 100644 --- a/tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh +++ b/tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh @@ -6,20 +6,20 @@ test_audit() { register_test contain "There is no password in /etc/shadow" dismiss_count_for_test # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all cp -a /etc/shadow /tmp/shadow.bak sed -i 's/secaudit:!/secaudit:mypassword/' /etc/shadow describe Fail: Found unsecure password register_test retvalshouldbe 1 register_test contain "User secaudit has a password that is not SHA512 hashed" - run unsecpasswd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run unsecpasswd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all sed -i 's/secaudit:mypassword/secaudit:!!/' /etc/shadow describe Fail: Found disabled password register_test retvalshouldbe 0 register_test contain "User secaudit has a disabled password" - run lockedpasswd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + run lockedpasswd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all mv /tmp/shadow.bak /etc/shadow chpasswd -c SHA512 <