elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-06-24 11:34:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Replace CIS_ROOT_DIR by a more flexible system (#204)

Browse Source 
* Replace CIS_ROOT_DIR by a more flexible system

* Try to adapt the logic change to the functional tests
This commit is contained in:
P-EB
2023-09-25 14:24:01 +02:00
committed by GitHub
parent 5370ec2ef6
commit 32886d3a3d
493 changed files with 2060 additions and 2056 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
tests/hardening/99.5.4.5.2_acc_shadow_sha512.sh
View File

@ -6,20 +6,20 @@ test_audit() {
register_test contain "There is no password in /etc/shadow"
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
cp -a /etc/shadow /tmp/shadow.bak
sed -i 's/secaudit:!/secaudit:mypassword/' /etc/shadow
describe Fail: Found unsecure password
register_test retvalshouldbe 1
register_test contain "User secaudit has a password that is not SHA512 hashed"
run unsecpasswd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run unsecpasswd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
sed -i 's/secaudit:mypassword/secaudit:!!/' /etc/shadow
describe Fail: Found disabled password
register_test retvalshouldbe 0
register_test contain "User secaudit has a disabled password"
run lockedpasswd /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run lockedpasswd "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
mv /tmp/shadow.bak /etc/shadow
chpasswd -c SHA512 <<EOF
@ -28,7 +28,7 @@ EOF
describe Pass: Found properly hashed password
register_test retvalshouldbe 0
register_test contain "User secaudit has suitable SHA512 hashed password"
run sha512pass /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run sha512pass "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
chpasswd -c SHA512 -s 1000 <<EOF
secaudit:mypassword
@ -36,5 +36,5 @@ EOF
describe Pass: Found properly hashed password with custom round number
register_test retvalshouldbe 0
register_test contain "User secaudit has suitable SHA512 hashed password"
run sha512pass /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
run sha512pass "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
}