mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-21 18:23:42 +02:00
Add dealing with debian 11
* ADD: add dockerfile for debian11 * FIX: fix crontab file not found on debian11 blank * Add workflow for debian11 * FIX: fix debian version func to manage debian11 * Add dealing with unsupported version and distro * Add 99.99 check that check if distro version is supported * Use global var for debian major and distro fix #26
This commit is contained in:

committed by
GitHub

parent
449c695415
commit
6ae05f3fa2
21
tests/docker/Dockerfile.debian11
Normal file
21
tests/docker/Dockerfile.debian11
Normal file
@ -0,0 +1,21 @@
|
||||
FROM debian:bullseye
|
||||
|
||||
LABEL vendor="OVH"
|
||||
LABEL project="debian-cis"
|
||||
LABEL url="https://github.com/ovh/debian-cis"
|
||||
LABEL description="This image is used to run tests"
|
||||
|
||||
RUN groupadd -g 500 secaudit && useradd -u 500 -g 500 -s /bin/bash secaudit && install -m 700 -o secaudit -g secaudit -d /home/secaudit
|
||||
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server sudo syslog-ng net-tools auditd cron
|
||||
|
||||
COPY --chown=500:500 . /opt/debian-cis/
|
||||
|
||||
COPY debian/default /etc/default/cis-hardening
|
||||
RUN sed -i 's#cis-hardening#debian-cis#' /etc/default/cis-hardening
|
||||
|
||||
COPY cisharden.sudoers /etc/sudoers.d/secaudit
|
||||
RUN sed -i 's#cisharden#secaudit#' /etc/sudoers.d/secaudit
|
||||
|
||||
|
||||
ENTRYPOINT ["/opt/debian-cis/tests/launch_tests.sh"]
|
@ -10,6 +10,8 @@ test_audit() {
|
||||
local test_user="testcrontabduser"
|
||||
local test_file="/etc/crontab"
|
||||
|
||||
touch "$test_file"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
|
@ -10,6 +10,8 @@ test_audit() {
|
||||
local test_user="testcrontabuser"
|
||||
local test_file="/etc/cron.hourly"
|
||||
|
||||
touch "$test_file"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
|
@ -10,6 +10,8 @@ test_audit() {
|
||||
local test_user="testcrontabuser"
|
||||
local test_file="/etc/cron.daily"
|
||||
|
||||
touch "$test_file"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
|
@ -10,6 +10,8 @@ test_audit() {
|
||||
local test_user="testcrontabuser"
|
||||
local test_file="/etc/cron.weekly"
|
||||
|
||||
touch "$test_file"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
|
@ -10,6 +10,8 @@ test_audit() {
|
||||
local test_user="testcrontabuser"
|
||||
local test_file="/etc/cron.monthly"
|
||||
|
||||
touch "$test_file"
|
||||
|
||||
describe Tests purposely failing
|
||||
chmod 777 "$test_file"
|
||||
register_test retvalshouldbe 1
|
||||
|
16
tests/hardening/99.99_check_distribution.sh
Normal file
16
tests/hardening/99.99_check_distribution.sh
Normal file
@ -0,0 +1,16 @@
|
||||
# shellcheck shell=bash
|
||||
# run-shellcheck
|
||||
test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
##################################################################
|
||||
# For this test, we only check that it runs properly on a blank #
|
||||
# host, and we check root/sudo consistency. But, we don't test #
|
||||
# the apply function because it can't be automated or it is very #
|
||||
# long to test and not very useful. #
|
||||
##################################################################
|
||||
}
|
Reference in New Issue
Block a user