mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-22 02:33:42 +02:00
Replace CIS_ROOT_DIR by a more flexible system (#204)
* Replace CIS_ROOT_DIR by a more flexible system * Try to adapt the logic change to the functional tests
This commit is contained in:
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
|
||||
##################################################################
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
|
||||
##################################################################
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
|
||||
##################################################################
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
|
||||
##################################################################
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
|
||||
##################################################################
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
|
||||
##################################################################
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
|
||||
##################################################################
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
|
||||
##################################################################
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -4,19 +4,19 @@ test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 0
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
ln -s /dev/shm /run/shm
|
||||
|
||||
describe Partition symlink
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
echo "dummy entry" >>/etc/fstab
|
||||
|
||||
describe Fstab with a real entry to match runtime partitions
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# Cleanup
|
||||
rm /run/shm
|
||||
|
@ -4,19 +4,19 @@ test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 0
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
ln -s /dev/shm /run/shm
|
||||
|
||||
describe Partition symlink
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
echo "dummy entry" >>/etc/fstab
|
||||
|
||||
describe Fstab with a real entry to match runtime partitions
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# Cleanup
|
||||
rm /run/shm
|
||||
|
@ -4,19 +4,19 @@ test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 0
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
ln -s /dev/shm /run/shm
|
||||
|
||||
describe Partition symlink
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
echo "dummy entry" >>/etc/fstab
|
||||
|
||||
describe Fstab with a real entry to match runtime partitions
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# Cleanup
|
||||
rm /run/shm
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -3,9 +3,9 @@
|
||||
test_audit() {
|
||||
describe Running void to generate the conf file that will later be edited
|
||||
# shellcheck disable=2154
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh || true
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" || true
|
||||
# shellcheck disable=2016
|
||||
echo 'EXCEPTIONS="$EXCEPTIONS /home/secaudit/exception"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
echo 'EXCEPTIONS="$EXCEPTIONS /home/secaudit/exception"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
mkdir /home/secaudit/exception
|
||||
chmod 777 /home/secaudit/exception
|
||||
|
||||
@ -13,7 +13,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "All world writable directories have a sticky bit"
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe Tests purposely failing
|
||||
local targetdir="/home/secaudit/world_writable_folder"
|
||||
@ -21,21 +21,21 @@ test_audit() {
|
||||
chmod 777 "$targetdir"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some world writable directories are not on sticky bit mode"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe Tests failing with find ignore flag
|
||||
echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "Some world writable directories are not on sticky bit mode"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "All world writable directories have a sticky bit"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,14 +5,14 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "sudo is installed"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
}
|
||||
|
@ -5,14 +5,14 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "Defaults use_pty found in sudoers file"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
}
|
||||
|
@ -5,14 +5,14 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "Defaults log file found in sudoers file"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -4,12 +4,12 @@ test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 1
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" || true
|
||||
|
||||
describe Checking auto resolved state
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
}
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
fi
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
fi
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
fi
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
fi
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -8,7 +8,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
fi
|
||||
|
@ -8,15 +8,15 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "is installed"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -8,15 +8,15 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "are configured"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -8,15 +8,15 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "No profiles are unconfined"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -8,15 +8,15 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "No profiles are unconfined"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
local test_user="motd-user"
|
||||
local test_file="/etc/motd"
|
||||
@ -14,28 +14,28 @@ test_audit() {
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "has correct permissions"
|
||||
register_test contain "has correct ownership"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel "$test_user"
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
local test_user="issue-user"
|
||||
local test_file="/etc/issue"
|
||||
@ -14,28 +14,28 @@ test_audit() {
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "has correct permissions"
|
||||
register_test contain "has correct ownership"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel "$test_user"
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
local test_user="issue-net-user"
|
||||
local test_file="/etc/issue.net"
|
||||
@ -14,28 +14,28 @@ test_audit() {
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "permissions were not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Tests purposely failing
|
||||
useradd "$test_user"
|
||||
chown "$test_user":"$test_user" "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "ownership was not set to"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "has correct permissions"
|
||||
register_test contain "has correct ownership"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# Cleanup
|
||||
userdel "$test_user"
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 1
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe Correcting situation
|
||||
apt-get update
|
||||
@ -15,5 +15,5 @@ test_audit() {
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "Time synchronization is available through"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -14,16 +14,16 @@ test_audit() {
|
||||
sysctl -w net.ipv6.conf.all.disable_ipv6=0 2>/dev/null
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "net.ipv6.conf.all.disable_ipv6 was not set to 1"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "correctly set to 1"
|
||||
register_test contain "net.ipv6.conf.all.disable_ipv6 correctly set to 0"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -14,16 +14,16 @@ test_audit() {
|
||||
sysctl -w net.ipv4.conf.all.send_redirects=1 2>/dev/null
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "net.ipv4.conf.all.send_redirects was not set to 0"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "correctly set to 0"
|
||||
register_test contain "net.ipv4.conf.all.send_redirects correctly set to 0"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -14,16 +14,16 @@ test_audit() {
|
||||
sysctl -w net.ipv4.ip_forward=1 2>/dev/null
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "net.ipv4.ip_forward was not set to 0"
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "correctly set to 0"
|
||||
register_test contain "net.ipv4.ip_forward correctly set to 0"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -18,11 +18,11 @@ test_audit() {
|
||||
register_test contain "net.ipv6.conf.all.accept_source_route was not set to 0"
|
||||
register_test contain "net.ipv6.conf.default.accept_source was not set to 0"
|
||||
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
@ -31,6 +31,6 @@ test_audit() {
|
||||
register_test contain "net.ipv4.conf.default.accept_source_route correctly set to 0"
|
||||
register_test contain "net.ipv6.conf.all.accept_source_route correctly set to 0"
|
||||
register_test contain "net.ipv6.conf.default.accept_source correctly set to 0"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -18,11 +18,11 @@ test_audit() {
|
||||
register_test contain "net.ipv6.conf.all.accept_redirects was not set to 0"
|
||||
register_test contain "net.ipv6.conf.default.accept_redirects was not set to 0"
|
||||
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
@ -31,6 +31,6 @@ test_audit() {
|
||||
register_test contain "net.ipv4.conf.default.accept_redirects correctly set to 0"
|
||||
register_test contain "net.ipv6.conf.all.accept_redirects correctly set to 0"
|
||||
register_test contain "net.ipv6.conf.default.accept_redirects correctly set to 0"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -16,17 +16,17 @@ test_audit() {
|
||||
register_test contain "net.ipv4.conf.all.secure_redirects was not set to 0"
|
||||
register_test contain "net.ipv4.conf.default.secure_redirects=0 was not set to 0"
|
||||
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "correctly set to 0"
|
||||
register_test contain "net.ipv4.conf.all.secure_redirects correctly set to 0"
|
||||
register_test contain "net.ipv4.conf.default.secure_redirects correctly set to 0"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -16,17 +16,17 @@ test_audit() {
|
||||
register_test contain "net.ipv4.conf.all.log_martians was not set to 1"
|
||||
register_test contain "net.ipv4.conf.default.log_martians was not set to 1"
|
||||
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "correctly set to 1"
|
||||
register_test contain "net.ipv4.conf.all.log_martians correctly set to 1"
|
||||
register_test contain " net.ipv4.conf.default.log_martians correctly set to 1"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -15,16 +15,16 @@ test_audit() {
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "net.ipv4.icmp_echo_ignore_broadcasts was not set to 1"
|
||||
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "correctly set to 1"
|
||||
register_test contain "net.ipv4.icmp_echo_ignore_broadcasts correctly set to 1"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
@ -5,7 +5,7 @@ test_audit() {
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
if [ -f "/.dockerenv" ]; then
|
||||
skip "SKIPPED on docker"
|
||||
@ -15,16 +15,16 @@ test_audit() {
|
||||
register_test retvalshouldbe 1
|
||||
register_test contain "net.ipv4.icmp_ignore_bogus_error_responses was not set to 1"
|
||||
|
||||
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run noncompliant "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
|
||||
describe correcting situation
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||
sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
|
||||
"${CIS_CHECKS_DIR}/${script}.sh" --apply || true
|
||||
|
||||
describe Checking resolved state
|
||||
register_test retvalshouldbe 0
|
||||
register_test contain "correctly set to 0"
|
||||
register_test contain "net.ipv4.icmp_ignore_bogus_error_responses correctly set to 0"
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
run resolved "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
|
||||
fi
|
||||
}
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user