mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-25 23:11:24 +01:00
FIX(3.1.1): fix unbound variable issue
This commit is contained in:
parent
03c8e25ff3
commit
3c7a03445c
@ -22,7 +22,7 @@ SYSCTL_EXP_RESULT=0
|
|||||||
audit () {
|
audit () {
|
||||||
for SYSCTL_PARAM in $SYSCTL_PARAMS; do
|
for SYSCTL_PARAM in $SYSCTL_PARAMS; do
|
||||||
does_sysctl_param_exists "net.ipv6"
|
does_sysctl_param_exists "net.ipv6"
|
||||||
if [ $FNRET = 0 ] || [[ ! $SYSCTL_VALUES =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
|
if [ $FNRET = 0 ] || [[ ! $SYSCTL_PARAM =~ .*ipv6.* ]]; then # IPv6 is enabled or SYSCTL_VALUES doesn't contain ipv6
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
crit "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT"
|
||||||
@ -37,6 +37,7 @@ audit () {
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply () {
|
apply () {
|
||||||
|
for SYSCTL_PARAM in $SYSCTL_PARAMS; do
|
||||||
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
has_sysctl_param_expected_result $SYSCTL_PARAM $SYSCTL_EXP_RESULT
|
||||||
if [ $FNRET != 0 ]; then
|
if [ $FNRET != 0 ]; then
|
||||||
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
warn "$SYSCTL_PARAM was not set to $SYSCTL_EXP_RESULT -- Fixing"
|
||||||
@ -47,6 +48,7 @@ apply () {
|
|||||||
else
|
else
|
||||||
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
ok "$SYSCTL_PARAM correctly set to $SYSCTL_EXP_RESULT"
|
||||||
fi
|
fi
|
||||||
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
|
@ -6,5 +6,23 @@ test_audit() {
|
|||||||
# shellcheck disable=2154
|
# shellcheck disable=2154
|
||||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
# TODO fill comprehensive tests
|
if [ -f "/.dockerenv" ]; then
|
||||||
|
skip "SKIPPED on docker"
|
||||||
|
else
|
||||||
|
describe Tests purposely failing
|
||||||
|
sysctl -w net.ipv4.ip_forward=1 2>/dev/null
|
||||||
|
register_test retvalshouldbe 1
|
||||||
|
register_test contain "net.ipv4.ip_forward was not set to 0"
|
||||||
|
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
describe correcting situation
|
||||||
|
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||||
|
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
|
||||||
|
|
||||||
|
describe Checking resolved state
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "correctly set to 0"
|
||||||
|
register_test contain "net.ipv4.ip_forward correctly set to 0"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user