feat: add FIND_IGNORE_NOSUCHFILE_ERR flag (#159)

This flag can be used to prevent find-related checks to fail because one part of filesystem disappear (ie. ephemeral directories or files)
2025-06-24 11:34:35 +02:00 · 2022-07-04 14:29:25 +02:00
parent ea8334d516
commit 371c23cd52
12 changed files with 86 additions and 0 deletions
--- a/tests/hardening/6.1.14_find_sgid_files.sh
+++ b/tests/hardening/6.1.14_find_sgid_files.sh
@ -22,6 +22,12 @@ test_audit() {
    register_test contain "$targetfile"
    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all

+    describe Tests failing with find ignore flag
+    echo 'FIND_IGNORE_NOSUCHFILE_ERR=true' >>/opt/debian-cis/etc/conf.d/"${script}".cfg
+    register_test retvalshouldbe 1
+    register_test contain "Some sgid files are present"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
    describe correcting situation
    chmod 700 $targetfile