Add dealing with debian 11

* ADD: add dockerfile for debian11
* FIX: fix crontab file not found on debian11 blank
* Add workflow for debian11
* FIX: fix debian version func to manage debian11
* Add dealing with unsupported version and distro
* Add 99.99 check that check if distro version is supported
* Use global var for debian major and distro

fix #26
This commit is contained in:
Thibault Ayanides
2021-02-08 13:54:24 +01:00
committed by GitHub
parent 449c695415
commit 6ae05f3fa2
24 changed files with 266 additions and 39 deletions

View File

@ -0,0 +1,21 @@
FROM debian:bullseye
LABEL vendor="OVH"
LABEL project="debian-cis"
LABEL url="https://github.com/ovh/debian-cis"
LABEL description="This image is used to run tests"
RUN groupadd -g 500 secaudit && useradd -u 500 -g 500 -s /bin/bash secaudit && install -m 700 -o secaudit -g secaudit -d /home/secaudit
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y openssh-server sudo syslog-ng net-tools auditd cron
COPY --chown=500:500 . /opt/debian-cis/
COPY debian/default /etc/default/cis-hardening
RUN sed -i 's#cis-hardening#debian-cis#' /etc/default/cis-hardening
COPY cisharden.sudoers /etc/sudoers.d/secaudit
RUN sed -i 's#cisharden#secaudit#' /etc/sudoers.d/secaudit
ENTRYPOINT ["/opt/debian-cis/tests/launch_tests.sh"]

View File

@ -10,6 +10,8 @@ test_audit() {
local test_user="testcrontabduser"
local test_file="/etc/crontab"
touch "$test_file"
describe Tests purposely failing
chmod 777 "$test_file"
register_test retvalshouldbe 1

View File

@ -10,6 +10,8 @@ test_audit() {
local test_user="testcrontabuser"
local test_file="/etc/cron.hourly"
touch "$test_file"
describe Tests purposely failing
chmod 777 "$test_file"
register_test retvalshouldbe 1

View File

@ -10,6 +10,8 @@ test_audit() {
local test_user="testcrontabuser"
local test_file="/etc/cron.daily"
touch "$test_file"
describe Tests purposely failing
chmod 777 "$test_file"
register_test retvalshouldbe 1

View File

@ -10,6 +10,8 @@ test_audit() {
local test_user="testcrontabuser"
local test_file="/etc/cron.weekly"
touch "$test_file"
describe Tests purposely failing
chmod 777 "$test_file"
register_test retvalshouldbe 1

View File

@ -10,6 +10,8 @@ test_audit() {
local test_user="testcrontabuser"
local test_file="/etc/cron.monthly"
touch "$test_file"
describe Tests purposely failing
chmod 777 "$test_file"
register_test retvalshouldbe 1

View File

@ -0,0 +1,16 @@
# shellcheck shell=bash
# run-shellcheck
test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
##################################################################
# For this test, we only check that it runs properly on a blank #
# host, and we check root/sudo consistency. But, we don't test #
# the apply function because it can't be automated or it is very #
# long to test and not very useful. #
##################################################################
}