Replace CIS_ROOT_DIR by a more flexible system (#204)

* Replace CIS_ROOT_DIR by a more flexible system

* Try to adapt the logic change to the functional tests

tests/hardening/99.5.2.4_ssh_keys_from.sh

@@ -2,11 +2,11 @@
 # run-shellcheck
 test_audit() {
     # shellcheck disable=2154
-    echo 'EXCEPTION_USER="root"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
+    echo 'EXCEPTION_USER="root"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
 
     skip_tests
     # shellcheck disable=2154
-    run genconf /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run genconf "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     useradd -s /bin/bash jeantestuser
     describe Running on blank host
@@ -16,19 +16,19 @@ test_audit() {
     register_test contain "[INFO] User jeantestuser has a valid shell"
     register_test contain "[INFO] User jeantestuser has no home directory"
     # shellcheck disable=2154
-    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     mkdir -p /home/secaudit/.ssh
     touch /home/secaudit/.ssh/authorized_keys2
     describe empty authorized keys file
     register_test retvalshouldbe 0
-    run emptyauthkey /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run emptyauthkey "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     ssh-keygen -N "" -t ed25519 -f /tmp/key1
     cat /tmp/key1.pub >>/home/secaudit/.ssh/authorized_keys2
     describe Key without from field
     register_test retvalshouldbe 1
-    run keynofrom /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run keynofrom "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     {
         echo -n 'from="127.0.0.1" '
@@ -36,26 +36,26 @@ test_audit() {
     } >/home/secaudit/.ssh/authorized_keys2
     describe Key with from, no ip check
     register_test retvalshouldbe 0
-    run keyfrom /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run keyfrom "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     # shellcheck disable=2016
-    echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
+    echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
     {
         echo -n 'from="10.0.1.2" '
         cat /tmp/key1.pub
     } >>/home/secaudit/.ssh/authorized_keys2
     describe Key with from, filled allowed IPs, one bad ip
     register_test retvalshouldbe 1
-    run badfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run badfromip "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     # shellcheck disable=2016
-    echo 'ALLOWED_IPS="$ALLOWED_IPS 10.0.1.2"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
+    echo 'ALLOWED_IPS="$ALLOWED_IPS 10.0.1.2"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
     describe Key with from, filled allowed IPs, all IPs allowed
     register_test retvalshouldbe 0
-    run allwdfromip /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run allwdfromip "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     # shellcheck disable=2016
-    echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1,10.2.3.1"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
+    echo 'ALLOWED_IPS="$ALLOWED_IPS 127.0.0.1,10.2.3.1"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
     {
         echo -n 'from="10.0.1.2",command="echo bla" '
         cat /tmp/key1.pub
@@ -64,14 +64,14 @@ test_audit() {
     } >>/home/secaudit/.ssh/authorized_keys2
     describe Key with from and command options
     register_test retvalshouldbe 0
-    run keyfromcommand /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run keyfromcommand "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     useradd -s /bin/bash -m jeantest2
     # shellcheck disable=2016
-    echo 'USERS_TO_CHECK="jeantest2 secaudit"' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
+    echo 'USERS_TO_CHECK="jeantest2 secaudit"' >>"${CIS_CONF_DIR}/conf.d/${script}.cfg"
     describe Check only specified user
     register_test retvalshouldbe 0
-    run checkuser /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+    run checkuser "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
 
     # Cleanup
     userdel jeantestuser