Replace CIS_ROOT_DIR by a more flexible system (#204)

* Replace CIS_ROOT_DIR by a more flexible system

* Try to adapt the logic change to the functional tests
This commit is contained in:
P-EB
2023-09-25 14:24:01 +02:00
committed by GitHub
parent 5370ec2ef6
commit 32886d3a3d
493 changed files with 2060 additions and 2056 deletions

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -4,19 +4,19 @@ test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
ln -s /dev/shm /run/shm
describe Partition symlink
register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
echo "dummy entry" >>/etc/fstab
describe Fstab with a real entry to match runtime partitions
register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# Cleanup
rm /run/shm

View File

@ -4,19 +4,19 @@ test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
ln -s /dev/shm /run/shm
describe Partition symlink
register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
echo "dummy entry" >>/etc/fstab
describe Fstab with a real entry to match runtime partitions
register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# Cleanup
rm /run/shm

View File

@ -4,19 +4,19 @@ test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
ln -s /dev/shm /run/shm
describe Partition symlink
register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
echo "dummy entry" >>/etc/fstab
describe Fstab with a real entry to match runtime partitions
register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# Cleanup
rm /run/shm

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -3,9 +3,9 @@
test_audit() {
describe Running void to generate the conf file that will later be edited
# shellcheck disable=2154
/opt/debian-cis/bin/hardening/"${script}".sh || true
"${CIS_CHECKS_DIR}/${script}.sh" || true
# shellcheck disable=2016
echo 'EXCEPTIONS="$EXCEPTIONS /home/secaudit/exception"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
echo 'EXCEPTIONS="$EXCEPTIONS /home/secaudit/exception"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
mkdir /home/secaudit/exception
chmod 777 /home/secaudit/exception
@ -13,7 +13,7 @@ test_audit() {
register_test retvalshouldbe 0
register_test contain "All world writable directories have a sticky bit"
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe Tests purposely failing
local targetdir="/home/secaudit/world_writable_folder"
@ -21,21 +21,21 @@ test_audit() {
chmod 777 "$targetdir"
register_test retvalshouldbe 1
register_test contain "Some world writable directories are not on sticky bit mode"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe Tests failing with find ignore flag
echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
register_test retvalshouldbe 1
register_test contain "Some world writable directories are not on sticky bit mode"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "All world writable directories have a sticky bit"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,14 +5,14 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "sudo is installed"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
}

View File

@ -5,14 +5,14 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "Defaults use_pty found in sudoers file"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
}

View File

@ -5,14 +5,14 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "Defaults log file found in sudoers file"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -4,12 +4,12 @@ test_audit() {
describe Running on blank host
register_test retvalshouldbe 1
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" || true
describe Checking auto resolved state
register_test retvalshouldbe 0
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
}

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
fi

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
fi

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
fi

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
fi

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -8,7 +8,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
fi

View File

@ -8,15 +8,15 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "is installed"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -8,15 +8,15 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "are configured"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -8,15 +8,15 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "No profiles are unconfined"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -8,15 +8,15 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "No profiles are unconfined"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
local test_user="motd-user"
local test_file="/etc/motd"
@ -14,28 +14,28 @@ test_audit() {
chmod 777 "$test_file"
register_test retvalshouldbe 1
register_test contain "permissions were not set to"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Tests purposely failing
useradd "$test_user"
chown "$test_user":"$test_user" "$test_file"
register_test retvalshouldbe 1
register_test contain "ownership was not set to"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "has correct permissions"
register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# Cleanup
userdel "$test_user"

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
local test_user="issue-user"
local test_file="/etc/issue"
@ -14,28 +14,28 @@ test_audit() {
chmod 777 "$test_file"
register_test retvalshouldbe 1
register_test contain "permissions were not set to"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Tests purposely failing
useradd "$test_user"
chown "$test_user":"$test_user" "$test_file"
register_test retvalshouldbe 1
register_test contain "ownership was not set to"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "has correct permissions"
register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# Cleanup
userdel "$test_user"

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
local test_user="issue-net-user"
local test_file="/etc/issue.net"
@ -14,28 +14,28 @@ test_audit() {
chmod 777 "$test_file"
register_test retvalshouldbe 1
register_test contain "permissions were not set to"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Tests purposely failing
useradd "$test_user"
chown "$test_user":"$test_user" "$test_file"
register_test retvalshouldbe 1
register_test contain "ownership was not set to"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "has correct permissions"
register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# Cleanup
userdel "$test_user"

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 1
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe Correcting situation
apt-get update
@ -15,5 +15,5 @@ test_audit() {
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "Time synchronization is available through"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -14,16 +14,16 @@ test_audit() {
sysctl -w net.ipv6.conf.all.disable_ipv6=0 2>/dev/null
register_test retvalshouldbe 1
register_test contain "net.ipv6.conf.all.disable_ipv6 was not set to 1"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "correctly set to 1"
register_test contain "net.ipv6.conf.all.disable_ipv6 correctly set to 0"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
# TODO fill comprehensive tests
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -14,16 +14,16 @@ test_audit() {
sysctl -w net.ipv4.conf.all.send_redirects=1 2>/dev/null
register_test retvalshouldbe 1
register_test contain "net.ipv4.conf.all.send_redirects was not set to 0"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "correctly set to 0"
register_test contain "net.ipv4.conf.all.send_redirects correctly set to 0"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -14,16 +14,16 @@ test_audit() {
sysctl -w net.ipv4.ip_forward=1 2>/dev/null
register_test retvalshouldbe 1
register_test contain "net.ipv4.ip_forward was not set to 0"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "correctly set to 0"
register_test contain "net.ipv4.ip_forward correctly set to 0"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -18,11 +18,11 @@ test_audit() {
register_test contain "net.ipv6.conf.all.accept_source_route was not set to 0"
register_test contain "net.ipv6.conf.default.accept_source was not set to 0"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
@ -31,6 +31,6 @@ test_audit() {
register_test contain "net.ipv4.conf.default.accept_source_route correctly set to 0"
register_test contain "net.ipv6.conf.all.accept_source_route correctly set to 0"
register_test contain "net.ipv6.conf.default.accept_source correctly set to 0"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -18,11 +18,11 @@ test_audit() {
register_test contain "net.ipv6.conf.all.accept_redirects was not set to 0"
register_test contain "net.ipv6.conf.default.accept_redirects was not set to 0"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
@ -31,6 +31,6 @@ test_audit() {
register_test contain "net.ipv4.conf.default.accept_redirects correctly set to 0"
register_test contain "net.ipv6.conf.all.accept_redirects correctly set to 0"
register_test contain "net.ipv6.conf.default.accept_redirects correctly set to 0"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -16,17 +16,17 @@ test_audit() {
register_test contain "net.ipv4.conf.all.secure_redirects was not set to 0"
register_test contain "net.ipv4.conf.default.secure_redirects=0 was not set to 0"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "correctly set to 0"
register_test contain "net.ipv4.conf.all.secure_redirects correctly set to 0"
register_test contain "net.ipv4.conf.default.secure_redirects correctly set to 0"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -16,17 +16,17 @@ test_audit() {
register_test contain "net.ipv4.conf.all.log_martians was not set to 1"
register_test contain "net.ipv4.conf.default.log_martians was not set to 1"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "correctly set to 1"
register_test contain "net.ipv4.conf.all.log_martians correctly set to 1"
register_test contain " net.ipv4.conf.default.log_martians correctly set to 1"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -15,16 +15,16 @@ test_audit() {
register_test retvalshouldbe 1
register_test contain "net.ipv4.icmp_echo_ignore_broadcasts was not set to 1"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "correctly set to 1"
register_test contain "net.ipv4.icmp_echo_ignore_broadcasts correctly set to 1"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

View File

@ -5,7 +5,7 @@ test_audit() {
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
if [ -f "/.dockerenv" ]; then
skip "SKIPPED on docker"
@ -15,16 +15,16 @@ test_audit() {
register_test retvalshouldbe 1
register_test contain "net.ipv4.icmp_ignore_bogus_error_responses was not set to 1"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "correctly set to 0"
register_test contain "net.ipv4.icmp_ignore_bogus_error_responses correctly set to 0"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
fi
}

Some files were not shown because too many files have changed in this diff Show More