From 5ea053a5023094f572ec495c5d3fc2bd86901ae0 Mon Sep 17 00:00:00 2001 From: Thibault Ayanides Date: Tue, 27 Oct 2020 11:04:55 +0100 Subject: [PATCH] IMP(6.2.12,6.2.13): add purposely failing tests --- .../hardening/6.2.12_find_user_netrc_files.sh | 13 ++++++++++- .../6.2.13_set_perm_on_user_netrc.sh | 23 ++++++++++++++++++- 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/tests/hardening/6.2.12_find_user_netrc_files.sh b/tests/hardening/6.2.12_find_user_netrc_files.sh index b333419..29252bc 100644 --- a/tests/hardening/6.2.12_find_user_netrc_files.sh +++ b/tests/hardening/6.2.12_find_user_netrc_files.sh @@ -6,5 +6,16 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + local test_user="testnetrcuser" + local test_file=".netrc" + + describe Tests purposely failing + useradd --create-home $test_user + touch /home/$test_user/$test_file + register_test retvalshouldbe 1 + register_test contain "$test_file present" + run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # cleanup + userdel -r $test_user } diff --git a/tests/hardening/6.2.13_set_perm_on_user_netrc.sh b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh index b333419..3717e22 100644 --- a/tests/hardening/6.2.13_set_perm_on_user_netrc.sh +++ b/tests/hardening/6.2.13_set_perm_on_user_netrc.sh @@ -6,5 +6,26 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + local test_user="testnetrcuser" + local test_file=".netrc" + + describe Tests purposely failing + useradd --create-home $test_user + touch /home/$test_user/$test_file + chmod 777 /home/$test_user/$test_file + register_test retvalshouldbe 1 + register_test contain "permissions were not set to" + run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + describe correcting situation + sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg + /opt/debian-cis/bin/hardening/"${script}".sh --apply || true + + describe Checking resolved state + register_test retvalshouldbe 0 + register_test contain "$test_file has correct permissions" + run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # cleanup + userdel -r $test_user }