From 6afed4eedbc169851edc174c3f30f8806325397d Mon Sep 17 00:00:00 2001 From: Charles Herlin Date: Thu, 14 Feb 2019 18:10:46 +0100 Subject: [PATCH] Add test stub for all audit checks, to tests root/sudo consistency --- tests/hardening/1.1_install_updates.sh | 10 ++++++++++ tests/hardening/10.1.1_set_password_exp_days.sh | 10 ++++++++++ tests/hardening/10.1.2_set_password_min_days_change.sh | 10 ++++++++++ .../hardening/10.1.3_set_password_exp_warning_days.sh | 10 ++++++++++ tests/hardening/10.2_disable_system_accounts.sh | 10 ++++++++++ tests/hardening/10.3_default_root_group.sh | 10 ++++++++++ tests/hardening/10.4_default_umask.sh | 10 ++++++++++ tests/hardening/10.5_lock_inactive_user_account.sh | 10 ++++++++++ tests/hardening/11.1_warning_banners.sh | 10 ++++++++++ tests/hardening/11.2_remove_os_info_warning_banners.sh | 10 ++++++++++ tests/hardening/11.3_graphical_warning_banners.sh | 10 ++++++++++ tests/hardening/12.1_etc_passwd_permissions.sh | 10 ++++++++++ tests/hardening/12.2_etc_shadow_permissions.sh | 10 ++++++++++ tests/hardening/12.3_etc_group_permissions.sh | 10 ++++++++++ tests/hardening/12.4_etc_passwd_ownership.sh | 10 ++++++++++ tests/hardening/12.5_etc_shadow_ownership.sh | 10 ++++++++++ tests/hardening/12.6_etc_group_ownership.sh | 10 ++++++++++ .../13.11_find_passwd_group_inconsistencies.sh | 10 ++++++++++ tests/hardening/13.12_users_valid_homedir.sh | 10 ++++++++++ tests/hardening/13.13_check_user_homedir_ownership.sh | 10 ++++++++++ tests/hardening/13.15_check_duplicate_gid.sh | 10 ++++++++++ tests/hardening/13.16_check_duplicate_username.sh | 10 ++++++++++ tests/hardening/13.17_check_duplicate_groupname.sh | 10 ++++++++++ tests/hardening/13.18_find_user_netrc_files.sh | 10 ++++++++++ tests/hardening/13.19_find_user_forward_files.sh | 10 ++++++++++ tests/hardening/13.1_remove_empty_password_field.sh | 10 ++++++++++ tests/hardening/13.20_shadow_group_empty.sh | 10 ++++++++++ tests/hardening/13.2_remove_legacy_passwd_entries.sh | 10 ++++++++++ tests/hardening/13.3_remove_legacy_shadow_entries.sh | 10 ++++++++++ tests/hardening/13.4_remove_legacy_group_entries.sh | 10 ++++++++++ tests/hardening/13.6_sanitize_root_path.sh | 10 ++++++++++ tests/hardening/13.7_check_user_dir_perm.sh | 10 ++++++++++ tests/hardening/13.8_check_user_dot_file_perm.sh | 10 ++++++++++ tests/hardening/13.9_set_perm_on_user_netrc.sh | 10 ++++++++++ tests/hardening/2.10_home_nodev.sh | 10 ++++++++++ tests/hardening/2.11_removable_device_nodev.sh | 10 ++++++++++ tests/hardening/2.12_removable_device_noexec.sh | 10 ++++++++++ tests/hardening/2.13_removable_device_nosuid.sh | 10 ++++++++++ tests/hardening/2.14_run_shm_nodev.sh | 10 ++++++++++ tests/hardening/2.15_run_shm_nosuid.sh | 10 ++++++++++ tests/hardening/2.16_run_shm_noexec.sh | 10 ++++++++++ tests/hardening/2.18_disable_cramfs.sh | 10 ++++++++++ tests/hardening/2.19_disable_freevxfs.sh | 10 ++++++++++ tests/hardening/2.1_tmp_partition.sh | 10 ++++++++++ tests/hardening/2.20_disable_jffs2.sh | 10 ++++++++++ tests/hardening/2.21_disable_hfs.sh | 10 ++++++++++ tests/hardening/2.22_disable_hfsplus.sh | 10 ++++++++++ tests/hardening/2.23_disable_squashfs.sh | 10 ++++++++++ tests/hardening/2.24_disable_udf.sh | 10 ++++++++++ tests/hardening/2.25_disable_automounting.sh | 10 ++++++++++ tests/hardening/2.2_tmp_nodev.sh | 10 ++++++++++ tests/hardening/2.3_tmp_nosuid.sh | 10 ++++++++++ tests/hardening/2.4_tmp_noexec.sh | 10 ++++++++++ tests/hardening/2.5_var_partition.sh | 10 ++++++++++ tests/hardening/2.6.1_var_tmp_partition.sh | 10 ++++++++++ tests/hardening/2.6.2_var_tmp_nodev.sh | 10 ++++++++++ tests/hardening/2.6.3_var_tmp_nosuid.sh | 10 ++++++++++ tests/hardening/2.6.4_var_tmp_noexec.sh | 10 ++++++++++ tests/hardening/2.7_var_log_partition.sh | 10 ++++++++++ tests/hardening/2.8_var_log_audit_partition.sh | 10 ++++++++++ tests/hardening/2.9_home_partition.sh | 10 ++++++++++ tests/hardening/3.1_bootloader_ownership.sh | 10 ++++++++++ tests/hardening/3.2_bootloader_permissions.sh | 10 ++++++++++ tests/hardening/3.3_bootloader_password.sh | 10 ++++++++++ tests/hardening/3.4_root_password.sh | 10 ++++++++++ tests/hardening/4.1_restrict_core_dumps.sh | 10 ++++++++++ tests/hardening/4.2_enable_nx_support.sh | 10 ++++++++++ tests/hardening/4.3_enable_randomized_vm_placement.sh | 10 ++++++++++ tests/hardening/4.4_disable_prelink.sh | 10 ++++++++++ tests/hardening/4.5_enable_apparmor.sh | 10 ++++++++++ tests/hardening/5.1.1_disable_nis.sh | 10 ++++++++++ tests/hardening/5.1.2_disable_rsh.sh | 10 ++++++++++ tests/hardening/5.1.3_disable_rsh_client.sh | 10 ++++++++++ tests/hardening/5.1.4_disable_talk.sh | 10 ++++++++++ tests/hardening/5.1.5_disable_talk_client.sh | 10 ++++++++++ tests/hardening/5.1.6_disable_telnet_server.sh | 10 ++++++++++ tests/hardening/5.1.7_disable_tftp_server.sh | 10 ++++++++++ tests/hardening/5.1.8_disable_inetd.sh | 10 ++++++++++ tests/hardening/5.2_disable_chargen.sh | 10 ++++++++++ tests/hardening/5.3_disable_daytime.sh | 10 ++++++++++ tests/hardening/5.4_disable_echo.sh | 10 ++++++++++ tests/hardening/5.5_disable_discard.sh | 10 ++++++++++ tests/hardening/5.6_disable_time.sh | 10 ++++++++++ tests/hardening/6.10_disable_http_server.sh | 10 ++++++++++ tests/hardening/6.11_disable_imap_pop.sh | 10 ++++++++++ tests/hardening/6.12_disable_samba.sh | 10 ++++++++++ tests/hardening/6.13_disable_http_proxy.sh | 10 ++++++++++ tests/hardening/6.14_disable_snmp_server.sh | 10 ++++++++++ tests/hardening/6.15_mta_localhost.sh | 10 ++++++++++ tests/hardening/6.16_disable_rsync.sh | 10 ++++++++++ tests/hardening/6.1_disable_xwindow_system.sh | 10 ++++++++++ tests/hardening/6.2_disable_avahi_server.sh | 10 ++++++++++ tests/hardening/6.3_disable_print_server.sh | 10 ++++++++++ tests/hardening/6.4_disable_dhcp.sh | 10 ++++++++++ tests/hardening/6.5_configure_ntp.sh | 10 ++++++++++ tests/hardening/6.6_disable_ldap.sh | 10 ++++++++++ tests/hardening/6.7_disable_nfs_rpc.sh | 10 ++++++++++ tests/hardening/6.8_disable_dns_server.sh | 10 ++++++++++ tests/hardening/6.9_disable_ftp.sh | 10 ++++++++++ tests/hardening/7.1.1_disable_ip_forwarding.sh | 10 ++++++++++ tests/hardening/7.1.2_disable_send_packet_redirects.sh | 10 ++++++++++ tests/hardening/7.2.1_disable_source_routed_packets.sh | 10 ++++++++++ tests/hardening/7.2.2_disable_icmp_redirect.sh | 10 ++++++++++ tests/hardening/7.2.3_disable_secure_icmp_redirect.sh | 10 ++++++++++ tests/hardening/7.2.4_log_martian_packets.sh | 10 ++++++++++ tests/hardening/7.2.5_ignore_broadcast_requests.sh | 10 ++++++++++ .../7.2.6_enable_bad_error_message_protection.sh | 10 ++++++++++ .../hardening/7.2.7_enable_source_route_validation.sh | 10 ++++++++++ tests/hardening/7.2.8_enable_tcp_syn_cookies.sh | 10 ++++++++++ .../7.3.1_disable_ipv6_router_advertisement.sh | 10 ++++++++++ tests/hardening/7.3.2_disable_ipv6_redirect.sh | 10 ++++++++++ tests/hardening/7.3.3_disable_ipv6.sh | 10 ++++++++++ tests/hardening/7.4.1_install_tcp_wrapper.sh | 10 ++++++++++ tests/hardening/7.4.2_hosts_allow.sh | 10 ++++++++++ tests/hardening/7.4.3_hosts_allow_permissions.sh | 10 ++++++++++ tests/hardening/7.4.4_hosts_deny.sh | 10 ++++++++++ tests/hardening/7.4.5_hosts_deny_permissions.sh | 10 ++++++++++ tests/hardening/7.5.1_disable_dccp.sh | 10 ++++++++++ tests/hardening/7.5.2_disable_sctp.sh | 10 ++++++++++ tests/hardening/7.5.3_disable_rds.sh | 10 ++++++++++ tests/hardening/7.5.4_disable_tipc.sh | 10 ++++++++++ tests/hardening/7.6_disable_wireless.sh | 10 ++++++++++ tests/hardening/7.7_enable_firewall.sh | 10 ++++++++++ tests/hardening/8.0_enable_auditd_kernel.sh | 10 ++++++++++ tests/hardening/8.1.1.1_audit_log_storage.sh | 10 ++++++++++ tests/hardening/8.1.1.2_halt_when_audit_log_full.sh | 10 ++++++++++ tests/hardening/8.1.1.3_keep_all_audit_logs.sh | 10 ++++++++++ tests/hardening/8.1.10_record_dac_edit.sh | 10 ++++++++++ tests/hardening/8.1.11_record_failed_access_file.sh | 10 ++++++++++ tests/hardening/8.1.12_record_privileged_commands.sh | 10 ++++++++++ tests/hardening/8.1.13_record_successful_mount.sh | 10 ++++++++++ tests/hardening/8.1.14_record_file_deletions.sh | 10 ++++++++++ tests/hardening/8.1.15_record_sudoers_edit.sh | 10 ++++++++++ tests/hardening/8.1.16_record_sudo_usage.sh | 10 ++++++++++ tests/hardening/8.1.17_record_kernel_modules.sh | 10 ++++++++++ tests/hardening/8.1.18_freeze_auditd_conf.sh | 10 ++++++++++ tests/hardening/8.1.2_enable_auditd.sh | 10 ++++++++++ tests/hardening/8.1.3_audit_bootloader.sh | 10 ++++++++++ tests/hardening/8.1.4_record_date_time_edit.sh | 10 ++++++++++ tests/hardening/8.1.5_record_user_group_edit.sh | 10 ++++++++++ tests/hardening/8.1.6_record_network_edit.sh | 10 ++++++++++ tests/hardening/8.1.7_record_mac_edit.sh | 10 ++++++++++ tests/hardening/8.1.8_record_login_logout.sh | 10 ++++++++++ tests/hardening/8.1.9_record_session_init.sh | 10 ++++++++++ tests/hardening/8.2.1_install_syslog-ng.sh | 10 ++++++++++ tests/hardening/8.2.2_enable_syslog-ng.sh | 10 ++++++++++ tests/hardening/8.2.3_configure_syslog-ng.sh | 10 ++++++++++ tests/hardening/8.2.4_set_logfile_perm.sh | 10 ++++++++++ tests/hardening/8.2.5_syslog-ng_remote_host.sh | 10 ++++++++++ tests/hardening/8.2.6_remote_syslog-ng_acl.sh | 10 ++++++++++ tests/hardening/8.3.1_install_tripwire.sh | 10 ++++++++++ tests/hardening/8.3.2_tripwire_cron.sh | 10 ++++++++++ tests/hardening/8.4_configure_logrotate.sh | 10 ++++++++++ tests/hardening/9.1.1_enable_cron.sh | 10 ++++++++++ tests/hardening/9.1.2_crontab_perm_ownership.sh | 10 ++++++++++ tests/hardening/9.1.3_cron_hourly_perm_ownership.sh | 10 ++++++++++ tests/hardening/9.1.4_cron_daily_perm_ownership.sh | 10 ++++++++++ tests/hardening/9.1.5_cron_weekly_perm_ownership.sh | 10 ++++++++++ tests/hardening/9.1.6_cron_monthly_perm_ownership.sh | 10 ++++++++++ tests/hardening/9.1.7_cron_d_perm_ownership.sh | 10 ++++++++++ tests/hardening/9.1.8_cron_users.sh | 10 ++++++++++ tests/hardening/9.2.1_enable_cracklib.sh | 10 ++++++++++ .../hardening/9.2.2_enable_lockout_failed_password.sh | 10 ++++++++++ tests/hardening/9.2.3_limit_password_reuse.sh | 10 ++++++++++ tests/hardening/9.3.10_disable_sshd_setenv.sh | 10 ++++++++++ tests/hardening/9.3.11_sshd_ciphers.sh | 10 ++++++++++ tests/hardening/9.3.12_sshd_idle_timeout.sh | 10 ++++++++++ tests/hardening/9.3.13_sshd_limit_access.sh | 10 ++++++++++ tests/hardening/9.3.14_ssh_banner.sh | 10 ++++++++++ tests/hardening/9.3.1_sshd_protocol.sh | 10 ++++++++++ tests/hardening/9.3.2_sshd_loglevel.sh | 10 ++++++++++ tests/hardening/9.3.3_sshd_conf_perm_ownership.sh | 10 ++++++++++ tests/hardening/9.3.4_disable_x11_forwarding.sh | 10 ++++++++++ tests/hardening/9.3.5_sshd_maxauthtries.sh | 10 ++++++++++ tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh | 10 ++++++++++ .../9.3.7_disable_sshd_hostbasedauthentication.sh | 10 ++++++++++ tests/hardening/9.3.8_disable_root_login.sh | 10 ++++++++++ .../9.3.9_disable_sshd_permitemptypasswords.sh | 10 ++++++++++ tests/hardening/9.4_secure_tty.sh | 10 ++++++++++ tests/hardening/9.5_restrict_su.sh | 10 ++++++++++ tests/hardening/99.1_timeout_tty.sh | 10 ++++++++++ tests/hardening/99.4_net_fw_default_policy_drop.sh | 10 ++++++++++ 182 files changed, 1820 insertions(+) create mode 100644 tests/hardening/1.1_install_updates.sh create mode 100644 tests/hardening/10.1.1_set_password_exp_days.sh create mode 100644 tests/hardening/10.1.2_set_password_min_days_change.sh create mode 100644 tests/hardening/10.1.3_set_password_exp_warning_days.sh create mode 100644 tests/hardening/10.2_disable_system_accounts.sh create mode 100644 tests/hardening/10.3_default_root_group.sh create mode 100644 tests/hardening/10.4_default_umask.sh create mode 100644 tests/hardening/10.5_lock_inactive_user_account.sh create mode 100644 tests/hardening/11.1_warning_banners.sh create mode 100644 tests/hardening/11.2_remove_os_info_warning_banners.sh create mode 100644 tests/hardening/11.3_graphical_warning_banners.sh create mode 100644 tests/hardening/12.1_etc_passwd_permissions.sh create mode 100644 tests/hardening/12.2_etc_shadow_permissions.sh create mode 100644 tests/hardening/12.3_etc_group_permissions.sh create mode 100644 tests/hardening/12.4_etc_passwd_ownership.sh create mode 100644 tests/hardening/12.5_etc_shadow_ownership.sh create mode 100644 tests/hardening/12.6_etc_group_ownership.sh create mode 100644 tests/hardening/13.11_find_passwd_group_inconsistencies.sh create mode 100644 tests/hardening/13.12_users_valid_homedir.sh create mode 100644 tests/hardening/13.13_check_user_homedir_ownership.sh create mode 100644 tests/hardening/13.15_check_duplicate_gid.sh create mode 100644 tests/hardening/13.16_check_duplicate_username.sh create mode 100644 tests/hardening/13.17_check_duplicate_groupname.sh create mode 100644 tests/hardening/13.18_find_user_netrc_files.sh create mode 100644 tests/hardening/13.19_find_user_forward_files.sh create mode 100644 tests/hardening/13.1_remove_empty_password_field.sh create mode 100644 tests/hardening/13.20_shadow_group_empty.sh create mode 100644 tests/hardening/13.2_remove_legacy_passwd_entries.sh create mode 100644 tests/hardening/13.3_remove_legacy_shadow_entries.sh create mode 100644 tests/hardening/13.4_remove_legacy_group_entries.sh create mode 100644 tests/hardening/13.6_sanitize_root_path.sh create mode 100644 tests/hardening/13.7_check_user_dir_perm.sh create mode 100644 tests/hardening/13.8_check_user_dot_file_perm.sh create mode 100644 tests/hardening/13.9_set_perm_on_user_netrc.sh create mode 100644 tests/hardening/2.10_home_nodev.sh create mode 100644 tests/hardening/2.11_removable_device_nodev.sh create mode 100644 tests/hardening/2.12_removable_device_noexec.sh create mode 100644 tests/hardening/2.13_removable_device_nosuid.sh create mode 100644 tests/hardening/2.14_run_shm_nodev.sh create mode 100644 tests/hardening/2.15_run_shm_nosuid.sh create mode 100644 tests/hardening/2.16_run_shm_noexec.sh create mode 100644 tests/hardening/2.18_disable_cramfs.sh create mode 100644 tests/hardening/2.19_disable_freevxfs.sh create mode 100644 tests/hardening/2.1_tmp_partition.sh create mode 100644 tests/hardening/2.20_disable_jffs2.sh create mode 100644 tests/hardening/2.21_disable_hfs.sh create mode 100644 tests/hardening/2.22_disable_hfsplus.sh create mode 100644 tests/hardening/2.23_disable_squashfs.sh create mode 100644 tests/hardening/2.24_disable_udf.sh create mode 100644 tests/hardening/2.25_disable_automounting.sh create mode 100644 tests/hardening/2.2_tmp_nodev.sh create mode 100644 tests/hardening/2.3_tmp_nosuid.sh create mode 100644 tests/hardening/2.4_tmp_noexec.sh create mode 100644 tests/hardening/2.5_var_partition.sh create mode 100644 tests/hardening/2.6.1_var_tmp_partition.sh create mode 100644 tests/hardening/2.6.2_var_tmp_nodev.sh create mode 100644 tests/hardening/2.6.3_var_tmp_nosuid.sh create mode 100644 tests/hardening/2.6.4_var_tmp_noexec.sh create mode 100644 tests/hardening/2.7_var_log_partition.sh create mode 100644 tests/hardening/2.8_var_log_audit_partition.sh create mode 100644 tests/hardening/2.9_home_partition.sh create mode 100644 tests/hardening/3.1_bootloader_ownership.sh create mode 100644 tests/hardening/3.2_bootloader_permissions.sh create mode 100644 tests/hardening/3.3_bootloader_password.sh create mode 100644 tests/hardening/3.4_root_password.sh create mode 100644 tests/hardening/4.1_restrict_core_dumps.sh create mode 100644 tests/hardening/4.2_enable_nx_support.sh create mode 100644 tests/hardening/4.3_enable_randomized_vm_placement.sh create mode 100644 tests/hardening/4.4_disable_prelink.sh create mode 100644 tests/hardening/4.5_enable_apparmor.sh create mode 100644 tests/hardening/5.1.1_disable_nis.sh create mode 100644 tests/hardening/5.1.2_disable_rsh.sh create mode 100644 tests/hardening/5.1.3_disable_rsh_client.sh create mode 100644 tests/hardening/5.1.4_disable_talk.sh create mode 100644 tests/hardening/5.1.5_disable_talk_client.sh create mode 100644 tests/hardening/5.1.6_disable_telnet_server.sh create mode 100644 tests/hardening/5.1.7_disable_tftp_server.sh create mode 100644 tests/hardening/5.1.8_disable_inetd.sh create mode 100644 tests/hardening/5.2_disable_chargen.sh create mode 100644 tests/hardening/5.3_disable_daytime.sh create mode 100644 tests/hardening/5.4_disable_echo.sh create mode 100644 tests/hardening/5.5_disable_discard.sh create mode 100644 tests/hardening/5.6_disable_time.sh create mode 100644 tests/hardening/6.10_disable_http_server.sh create mode 100644 tests/hardening/6.11_disable_imap_pop.sh create mode 100644 tests/hardening/6.12_disable_samba.sh create mode 100644 tests/hardening/6.13_disable_http_proxy.sh create mode 100644 tests/hardening/6.14_disable_snmp_server.sh create mode 100644 tests/hardening/6.15_mta_localhost.sh create mode 100644 tests/hardening/6.16_disable_rsync.sh create mode 100644 tests/hardening/6.1_disable_xwindow_system.sh create mode 100644 tests/hardening/6.2_disable_avahi_server.sh create mode 100644 tests/hardening/6.3_disable_print_server.sh create mode 100644 tests/hardening/6.4_disable_dhcp.sh create mode 100644 tests/hardening/6.5_configure_ntp.sh create mode 100644 tests/hardening/6.6_disable_ldap.sh create mode 100644 tests/hardening/6.7_disable_nfs_rpc.sh create mode 100644 tests/hardening/6.8_disable_dns_server.sh create mode 100644 tests/hardening/6.9_disable_ftp.sh create mode 100644 tests/hardening/7.1.1_disable_ip_forwarding.sh create mode 100644 tests/hardening/7.1.2_disable_send_packet_redirects.sh create mode 100644 tests/hardening/7.2.1_disable_source_routed_packets.sh create mode 100644 tests/hardening/7.2.2_disable_icmp_redirect.sh create mode 100644 tests/hardening/7.2.3_disable_secure_icmp_redirect.sh create mode 100644 tests/hardening/7.2.4_log_martian_packets.sh create mode 100644 tests/hardening/7.2.5_ignore_broadcast_requests.sh create mode 100644 tests/hardening/7.2.6_enable_bad_error_message_protection.sh create mode 100644 tests/hardening/7.2.7_enable_source_route_validation.sh create mode 100644 tests/hardening/7.2.8_enable_tcp_syn_cookies.sh create mode 100644 tests/hardening/7.3.1_disable_ipv6_router_advertisement.sh create mode 100644 tests/hardening/7.3.2_disable_ipv6_redirect.sh create mode 100644 tests/hardening/7.3.3_disable_ipv6.sh create mode 100644 tests/hardening/7.4.1_install_tcp_wrapper.sh create mode 100644 tests/hardening/7.4.2_hosts_allow.sh create mode 100644 tests/hardening/7.4.3_hosts_allow_permissions.sh create mode 100644 tests/hardening/7.4.4_hosts_deny.sh create mode 100644 tests/hardening/7.4.5_hosts_deny_permissions.sh create mode 100644 tests/hardening/7.5.1_disable_dccp.sh create mode 100644 tests/hardening/7.5.2_disable_sctp.sh create mode 100644 tests/hardening/7.5.3_disable_rds.sh create mode 100644 tests/hardening/7.5.4_disable_tipc.sh create mode 100644 tests/hardening/7.6_disable_wireless.sh create mode 100644 tests/hardening/7.7_enable_firewall.sh create mode 100644 tests/hardening/8.0_enable_auditd_kernel.sh create mode 100644 tests/hardening/8.1.1.1_audit_log_storage.sh create mode 100644 tests/hardening/8.1.1.2_halt_when_audit_log_full.sh create mode 100644 tests/hardening/8.1.1.3_keep_all_audit_logs.sh create mode 100644 tests/hardening/8.1.10_record_dac_edit.sh create mode 100644 tests/hardening/8.1.11_record_failed_access_file.sh create mode 100644 tests/hardening/8.1.12_record_privileged_commands.sh create mode 100644 tests/hardening/8.1.13_record_successful_mount.sh create mode 100644 tests/hardening/8.1.14_record_file_deletions.sh create mode 100644 tests/hardening/8.1.15_record_sudoers_edit.sh create mode 100644 tests/hardening/8.1.16_record_sudo_usage.sh create mode 100644 tests/hardening/8.1.17_record_kernel_modules.sh create mode 100644 tests/hardening/8.1.18_freeze_auditd_conf.sh create mode 100644 tests/hardening/8.1.2_enable_auditd.sh create mode 100644 tests/hardening/8.1.3_audit_bootloader.sh create mode 100644 tests/hardening/8.1.4_record_date_time_edit.sh create mode 100644 tests/hardening/8.1.5_record_user_group_edit.sh create mode 100644 tests/hardening/8.1.6_record_network_edit.sh create mode 100644 tests/hardening/8.1.7_record_mac_edit.sh create mode 100644 tests/hardening/8.1.8_record_login_logout.sh create mode 100644 tests/hardening/8.1.9_record_session_init.sh create mode 100644 tests/hardening/8.2.1_install_syslog-ng.sh create mode 100644 tests/hardening/8.2.2_enable_syslog-ng.sh create mode 100644 tests/hardening/8.2.3_configure_syslog-ng.sh create mode 100644 tests/hardening/8.2.4_set_logfile_perm.sh create mode 100644 tests/hardening/8.2.5_syslog-ng_remote_host.sh create mode 100644 tests/hardening/8.2.6_remote_syslog-ng_acl.sh create mode 100644 tests/hardening/8.3.1_install_tripwire.sh create mode 100644 tests/hardening/8.3.2_tripwire_cron.sh create mode 100644 tests/hardening/8.4_configure_logrotate.sh create mode 100644 tests/hardening/9.1.1_enable_cron.sh create mode 100644 tests/hardening/9.1.2_crontab_perm_ownership.sh create mode 100644 tests/hardening/9.1.3_cron_hourly_perm_ownership.sh create mode 100644 tests/hardening/9.1.4_cron_daily_perm_ownership.sh create mode 100644 tests/hardening/9.1.5_cron_weekly_perm_ownership.sh create mode 100644 tests/hardening/9.1.6_cron_monthly_perm_ownership.sh create mode 100644 tests/hardening/9.1.7_cron_d_perm_ownership.sh create mode 100644 tests/hardening/9.1.8_cron_users.sh create mode 100644 tests/hardening/9.2.1_enable_cracklib.sh create mode 100644 tests/hardening/9.2.2_enable_lockout_failed_password.sh create mode 100644 tests/hardening/9.2.3_limit_password_reuse.sh create mode 100644 tests/hardening/9.3.10_disable_sshd_setenv.sh create mode 100644 tests/hardening/9.3.11_sshd_ciphers.sh create mode 100644 tests/hardening/9.3.12_sshd_idle_timeout.sh create mode 100644 tests/hardening/9.3.13_sshd_limit_access.sh create mode 100644 tests/hardening/9.3.14_ssh_banner.sh create mode 100644 tests/hardening/9.3.1_sshd_protocol.sh create mode 100644 tests/hardening/9.3.2_sshd_loglevel.sh create mode 100644 tests/hardening/9.3.3_sshd_conf_perm_ownership.sh create mode 100644 tests/hardening/9.3.4_disable_x11_forwarding.sh create mode 100644 tests/hardening/9.3.5_sshd_maxauthtries.sh create mode 100644 tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh create mode 100644 tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh create mode 100644 tests/hardening/9.3.8_disable_root_login.sh create mode 100644 tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh create mode 100644 tests/hardening/9.4_secure_tty.sh create mode 100644 tests/hardening/9.5_restrict_su.sh create mode 100644 tests/hardening/99.1_timeout_tty.sh create mode 100644 tests/hardening/99.4_net_fw_default_policy_drop.sh diff --git a/tests/hardening/1.1_install_updates.sh b/tests/hardening/1.1_install_updates.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/1.1_install_updates.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/10.1.1_set_password_exp_days.sh b/tests/hardening/10.1.1_set_password_exp_days.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/10.1.1_set_password_exp_days.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/10.1.2_set_password_min_days_change.sh b/tests/hardening/10.1.2_set_password_min_days_change.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/10.1.2_set_password_min_days_change.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/10.1.3_set_password_exp_warning_days.sh b/tests/hardening/10.1.3_set_password_exp_warning_days.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/10.1.3_set_password_exp_warning_days.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/10.2_disable_system_accounts.sh b/tests/hardening/10.2_disable_system_accounts.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/10.2_disable_system_accounts.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/10.3_default_root_group.sh b/tests/hardening/10.3_default_root_group.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/10.3_default_root_group.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/10.4_default_umask.sh b/tests/hardening/10.4_default_umask.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/10.4_default_umask.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/10.5_lock_inactive_user_account.sh b/tests/hardening/10.5_lock_inactive_user_account.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/10.5_lock_inactive_user_account.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/11.1_warning_banners.sh b/tests/hardening/11.1_warning_banners.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/11.1_warning_banners.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/11.2_remove_os_info_warning_banners.sh b/tests/hardening/11.2_remove_os_info_warning_banners.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/11.2_remove_os_info_warning_banners.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/11.3_graphical_warning_banners.sh b/tests/hardening/11.3_graphical_warning_banners.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/11.3_graphical_warning_banners.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/12.1_etc_passwd_permissions.sh b/tests/hardening/12.1_etc_passwd_permissions.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/12.1_etc_passwd_permissions.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/12.2_etc_shadow_permissions.sh b/tests/hardening/12.2_etc_shadow_permissions.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/12.2_etc_shadow_permissions.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/12.3_etc_group_permissions.sh b/tests/hardening/12.3_etc_group_permissions.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/12.3_etc_group_permissions.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/12.4_etc_passwd_ownership.sh b/tests/hardening/12.4_etc_passwd_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/12.4_etc_passwd_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/12.5_etc_shadow_ownership.sh b/tests/hardening/12.5_etc_shadow_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/12.5_etc_shadow_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/12.6_etc_group_ownership.sh b/tests/hardening/12.6_etc_group_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/12.6_etc_group_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.11_find_passwd_group_inconsistencies.sh b/tests/hardening/13.11_find_passwd_group_inconsistencies.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.11_find_passwd_group_inconsistencies.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.12_users_valid_homedir.sh b/tests/hardening/13.12_users_valid_homedir.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.12_users_valid_homedir.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.13_check_user_homedir_ownership.sh b/tests/hardening/13.13_check_user_homedir_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.13_check_user_homedir_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.15_check_duplicate_gid.sh b/tests/hardening/13.15_check_duplicate_gid.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.15_check_duplicate_gid.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.16_check_duplicate_username.sh b/tests/hardening/13.16_check_duplicate_username.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.16_check_duplicate_username.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.17_check_duplicate_groupname.sh b/tests/hardening/13.17_check_duplicate_groupname.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.17_check_duplicate_groupname.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.18_find_user_netrc_files.sh b/tests/hardening/13.18_find_user_netrc_files.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.18_find_user_netrc_files.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.19_find_user_forward_files.sh b/tests/hardening/13.19_find_user_forward_files.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.19_find_user_forward_files.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.1_remove_empty_password_field.sh b/tests/hardening/13.1_remove_empty_password_field.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.1_remove_empty_password_field.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.20_shadow_group_empty.sh b/tests/hardening/13.20_shadow_group_empty.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.20_shadow_group_empty.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.2_remove_legacy_passwd_entries.sh b/tests/hardening/13.2_remove_legacy_passwd_entries.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.2_remove_legacy_passwd_entries.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.3_remove_legacy_shadow_entries.sh b/tests/hardening/13.3_remove_legacy_shadow_entries.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.3_remove_legacy_shadow_entries.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.4_remove_legacy_group_entries.sh b/tests/hardening/13.4_remove_legacy_group_entries.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.4_remove_legacy_group_entries.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.6_sanitize_root_path.sh b/tests/hardening/13.6_sanitize_root_path.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.6_sanitize_root_path.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.7_check_user_dir_perm.sh b/tests/hardening/13.7_check_user_dir_perm.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.7_check_user_dir_perm.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.8_check_user_dot_file_perm.sh b/tests/hardening/13.8_check_user_dot_file_perm.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.8_check_user_dot_file_perm.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/13.9_set_perm_on_user_netrc.sh b/tests/hardening/13.9_set_perm_on_user_netrc.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/13.9_set_perm_on_user_netrc.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.10_home_nodev.sh b/tests/hardening/2.10_home_nodev.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.10_home_nodev.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.11_removable_device_nodev.sh b/tests/hardening/2.11_removable_device_nodev.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.11_removable_device_nodev.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.12_removable_device_noexec.sh b/tests/hardening/2.12_removable_device_noexec.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.12_removable_device_noexec.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.13_removable_device_nosuid.sh b/tests/hardening/2.13_removable_device_nosuid.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.13_removable_device_nosuid.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.14_run_shm_nodev.sh b/tests/hardening/2.14_run_shm_nodev.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.14_run_shm_nodev.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.15_run_shm_nosuid.sh b/tests/hardening/2.15_run_shm_nosuid.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.15_run_shm_nosuid.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.16_run_shm_noexec.sh b/tests/hardening/2.16_run_shm_noexec.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.16_run_shm_noexec.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.18_disable_cramfs.sh b/tests/hardening/2.18_disable_cramfs.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.18_disable_cramfs.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.19_disable_freevxfs.sh b/tests/hardening/2.19_disable_freevxfs.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.19_disable_freevxfs.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.1_tmp_partition.sh b/tests/hardening/2.1_tmp_partition.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.1_tmp_partition.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.20_disable_jffs2.sh b/tests/hardening/2.20_disable_jffs2.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.20_disable_jffs2.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.21_disable_hfs.sh b/tests/hardening/2.21_disable_hfs.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.21_disable_hfs.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.22_disable_hfsplus.sh b/tests/hardening/2.22_disable_hfsplus.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.22_disable_hfsplus.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.23_disable_squashfs.sh b/tests/hardening/2.23_disable_squashfs.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.23_disable_squashfs.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.24_disable_udf.sh b/tests/hardening/2.24_disable_udf.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.24_disable_udf.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.25_disable_automounting.sh b/tests/hardening/2.25_disable_automounting.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.25_disable_automounting.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.2_tmp_nodev.sh b/tests/hardening/2.2_tmp_nodev.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.2_tmp_nodev.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.3_tmp_nosuid.sh b/tests/hardening/2.3_tmp_nosuid.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.3_tmp_nosuid.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.4_tmp_noexec.sh b/tests/hardening/2.4_tmp_noexec.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.4_tmp_noexec.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.5_var_partition.sh b/tests/hardening/2.5_var_partition.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.5_var_partition.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.6.1_var_tmp_partition.sh b/tests/hardening/2.6.1_var_tmp_partition.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.6.1_var_tmp_partition.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.6.2_var_tmp_nodev.sh b/tests/hardening/2.6.2_var_tmp_nodev.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.6.2_var_tmp_nodev.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.6.3_var_tmp_nosuid.sh b/tests/hardening/2.6.3_var_tmp_nosuid.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.6.3_var_tmp_nosuid.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.6.4_var_tmp_noexec.sh b/tests/hardening/2.6.4_var_tmp_noexec.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.6.4_var_tmp_noexec.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.7_var_log_partition.sh b/tests/hardening/2.7_var_log_partition.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.7_var_log_partition.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.8_var_log_audit_partition.sh b/tests/hardening/2.8_var_log_audit_partition.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.8_var_log_audit_partition.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/2.9_home_partition.sh b/tests/hardening/2.9_home_partition.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/2.9_home_partition.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/3.1_bootloader_ownership.sh b/tests/hardening/3.1_bootloader_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/3.1_bootloader_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/3.2_bootloader_permissions.sh b/tests/hardening/3.2_bootloader_permissions.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/3.2_bootloader_permissions.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/3.3_bootloader_password.sh b/tests/hardening/3.3_bootloader_password.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/3.3_bootloader_password.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/3.4_root_password.sh b/tests/hardening/3.4_root_password.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/3.4_root_password.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/4.1_restrict_core_dumps.sh b/tests/hardening/4.1_restrict_core_dumps.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/4.1_restrict_core_dumps.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/4.2_enable_nx_support.sh b/tests/hardening/4.2_enable_nx_support.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/4.2_enable_nx_support.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/4.3_enable_randomized_vm_placement.sh b/tests/hardening/4.3_enable_randomized_vm_placement.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/4.3_enable_randomized_vm_placement.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/4.4_disable_prelink.sh b/tests/hardening/4.4_disable_prelink.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/4.4_disable_prelink.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/4.5_enable_apparmor.sh b/tests/hardening/4.5_enable_apparmor.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/4.5_enable_apparmor.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.1.1_disable_nis.sh b/tests/hardening/5.1.1_disable_nis.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.1.1_disable_nis.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.1.2_disable_rsh.sh b/tests/hardening/5.1.2_disable_rsh.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.1.2_disable_rsh.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.1.3_disable_rsh_client.sh b/tests/hardening/5.1.3_disable_rsh_client.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.1.3_disable_rsh_client.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.1.4_disable_talk.sh b/tests/hardening/5.1.4_disable_talk.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.1.4_disable_talk.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.1.5_disable_talk_client.sh b/tests/hardening/5.1.5_disable_talk_client.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.1.5_disable_talk_client.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.1.6_disable_telnet_server.sh b/tests/hardening/5.1.6_disable_telnet_server.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.1.6_disable_telnet_server.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.1.7_disable_tftp_server.sh b/tests/hardening/5.1.7_disable_tftp_server.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.1.7_disable_tftp_server.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.1.8_disable_inetd.sh b/tests/hardening/5.1.8_disable_inetd.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.1.8_disable_inetd.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.2_disable_chargen.sh b/tests/hardening/5.2_disable_chargen.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.2_disable_chargen.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.3_disable_daytime.sh b/tests/hardening/5.3_disable_daytime.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.3_disable_daytime.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.4_disable_echo.sh b/tests/hardening/5.4_disable_echo.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.4_disable_echo.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.5_disable_discard.sh b/tests/hardening/5.5_disable_discard.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.5_disable_discard.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/5.6_disable_time.sh b/tests/hardening/5.6_disable_time.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/5.6_disable_time.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.10_disable_http_server.sh b/tests/hardening/6.10_disable_http_server.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.10_disable_http_server.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.11_disable_imap_pop.sh b/tests/hardening/6.11_disable_imap_pop.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.11_disable_imap_pop.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.12_disable_samba.sh b/tests/hardening/6.12_disable_samba.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.12_disable_samba.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.13_disable_http_proxy.sh b/tests/hardening/6.13_disable_http_proxy.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.13_disable_http_proxy.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.14_disable_snmp_server.sh b/tests/hardening/6.14_disable_snmp_server.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.14_disable_snmp_server.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.15_mta_localhost.sh b/tests/hardening/6.15_mta_localhost.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.15_mta_localhost.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.16_disable_rsync.sh b/tests/hardening/6.16_disable_rsync.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.16_disable_rsync.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.1_disable_xwindow_system.sh b/tests/hardening/6.1_disable_xwindow_system.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.1_disable_xwindow_system.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.2_disable_avahi_server.sh b/tests/hardening/6.2_disable_avahi_server.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.2_disable_avahi_server.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.3_disable_print_server.sh b/tests/hardening/6.3_disable_print_server.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.3_disable_print_server.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.4_disable_dhcp.sh b/tests/hardening/6.4_disable_dhcp.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.4_disable_dhcp.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.5_configure_ntp.sh b/tests/hardening/6.5_configure_ntp.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.5_configure_ntp.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.6_disable_ldap.sh b/tests/hardening/6.6_disable_ldap.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.6_disable_ldap.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.7_disable_nfs_rpc.sh b/tests/hardening/6.7_disable_nfs_rpc.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.7_disable_nfs_rpc.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.8_disable_dns_server.sh b/tests/hardening/6.8_disable_dns_server.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.8_disable_dns_server.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/6.9_disable_ftp.sh b/tests/hardening/6.9_disable_ftp.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/6.9_disable_ftp.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.1.1_disable_ip_forwarding.sh b/tests/hardening/7.1.1_disable_ip_forwarding.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.1.1_disable_ip_forwarding.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.1.2_disable_send_packet_redirects.sh b/tests/hardening/7.1.2_disable_send_packet_redirects.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.1.2_disable_send_packet_redirects.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.2.1_disable_source_routed_packets.sh b/tests/hardening/7.2.1_disable_source_routed_packets.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.2.1_disable_source_routed_packets.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.2.2_disable_icmp_redirect.sh b/tests/hardening/7.2.2_disable_icmp_redirect.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.2.2_disable_icmp_redirect.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.2.3_disable_secure_icmp_redirect.sh b/tests/hardening/7.2.3_disable_secure_icmp_redirect.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.2.3_disable_secure_icmp_redirect.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.2.4_log_martian_packets.sh b/tests/hardening/7.2.4_log_martian_packets.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.2.4_log_martian_packets.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.2.5_ignore_broadcast_requests.sh b/tests/hardening/7.2.5_ignore_broadcast_requests.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.2.5_ignore_broadcast_requests.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.2.6_enable_bad_error_message_protection.sh b/tests/hardening/7.2.6_enable_bad_error_message_protection.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.2.6_enable_bad_error_message_protection.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.2.7_enable_source_route_validation.sh b/tests/hardening/7.2.7_enable_source_route_validation.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.2.7_enable_source_route_validation.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.2.8_enable_tcp_syn_cookies.sh b/tests/hardening/7.2.8_enable_tcp_syn_cookies.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.2.8_enable_tcp_syn_cookies.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.3.1_disable_ipv6_router_advertisement.sh b/tests/hardening/7.3.1_disable_ipv6_router_advertisement.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.3.1_disable_ipv6_router_advertisement.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.3.2_disable_ipv6_redirect.sh b/tests/hardening/7.3.2_disable_ipv6_redirect.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.3.2_disable_ipv6_redirect.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.3.3_disable_ipv6.sh b/tests/hardening/7.3.3_disable_ipv6.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.3.3_disable_ipv6.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.4.1_install_tcp_wrapper.sh b/tests/hardening/7.4.1_install_tcp_wrapper.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.4.1_install_tcp_wrapper.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.4.2_hosts_allow.sh b/tests/hardening/7.4.2_hosts_allow.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.4.2_hosts_allow.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.4.3_hosts_allow_permissions.sh b/tests/hardening/7.4.3_hosts_allow_permissions.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.4.3_hosts_allow_permissions.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.4.4_hosts_deny.sh b/tests/hardening/7.4.4_hosts_deny.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.4.4_hosts_deny.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.4.5_hosts_deny_permissions.sh b/tests/hardening/7.4.5_hosts_deny_permissions.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.4.5_hosts_deny_permissions.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.5.1_disable_dccp.sh b/tests/hardening/7.5.1_disable_dccp.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.5.1_disable_dccp.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.5.2_disable_sctp.sh b/tests/hardening/7.5.2_disable_sctp.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.5.2_disable_sctp.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.5.3_disable_rds.sh b/tests/hardening/7.5.3_disable_rds.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.5.3_disable_rds.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.5.4_disable_tipc.sh b/tests/hardening/7.5.4_disable_tipc.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.5.4_disable_tipc.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.6_disable_wireless.sh b/tests/hardening/7.6_disable_wireless.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.6_disable_wireless.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/7.7_enable_firewall.sh b/tests/hardening/7.7_enable_firewall.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/7.7_enable_firewall.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.0_enable_auditd_kernel.sh b/tests/hardening/8.0_enable_auditd_kernel.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.0_enable_auditd_kernel.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.1.1_audit_log_storage.sh b/tests/hardening/8.1.1.1_audit_log_storage.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.1.1_audit_log_storage.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.1.2_halt_when_audit_log_full.sh b/tests/hardening/8.1.1.2_halt_when_audit_log_full.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.1.2_halt_when_audit_log_full.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.1.3_keep_all_audit_logs.sh b/tests/hardening/8.1.1.3_keep_all_audit_logs.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.1.3_keep_all_audit_logs.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.10_record_dac_edit.sh b/tests/hardening/8.1.10_record_dac_edit.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.10_record_dac_edit.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.11_record_failed_access_file.sh b/tests/hardening/8.1.11_record_failed_access_file.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.11_record_failed_access_file.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.12_record_privileged_commands.sh b/tests/hardening/8.1.12_record_privileged_commands.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.12_record_privileged_commands.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.13_record_successful_mount.sh b/tests/hardening/8.1.13_record_successful_mount.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.13_record_successful_mount.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.14_record_file_deletions.sh b/tests/hardening/8.1.14_record_file_deletions.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.14_record_file_deletions.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.15_record_sudoers_edit.sh b/tests/hardening/8.1.15_record_sudoers_edit.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.15_record_sudoers_edit.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.16_record_sudo_usage.sh b/tests/hardening/8.1.16_record_sudo_usage.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.16_record_sudo_usage.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.17_record_kernel_modules.sh b/tests/hardening/8.1.17_record_kernel_modules.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.17_record_kernel_modules.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.18_freeze_auditd_conf.sh b/tests/hardening/8.1.18_freeze_auditd_conf.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.18_freeze_auditd_conf.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.2_enable_auditd.sh b/tests/hardening/8.1.2_enable_auditd.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.2_enable_auditd.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.3_audit_bootloader.sh b/tests/hardening/8.1.3_audit_bootloader.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.3_audit_bootloader.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.4_record_date_time_edit.sh b/tests/hardening/8.1.4_record_date_time_edit.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.4_record_date_time_edit.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.5_record_user_group_edit.sh b/tests/hardening/8.1.5_record_user_group_edit.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.5_record_user_group_edit.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.6_record_network_edit.sh b/tests/hardening/8.1.6_record_network_edit.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.6_record_network_edit.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.7_record_mac_edit.sh b/tests/hardening/8.1.7_record_mac_edit.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.7_record_mac_edit.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.8_record_login_logout.sh b/tests/hardening/8.1.8_record_login_logout.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.8_record_login_logout.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.1.9_record_session_init.sh b/tests/hardening/8.1.9_record_session_init.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.1.9_record_session_init.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.2.1_install_syslog-ng.sh b/tests/hardening/8.2.1_install_syslog-ng.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.2.1_install_syslog-ng.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.2.2_enable_syslog-ng.sh b/tests/hardening/8.2.2_enable_syslog-ng.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.2.2_enable_syslog-ng.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.2.3_configure_syslog-ng.sh b/tests/hardening/8.2.3_configure_syslog-ng.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.2.3_configure_syslog-ng.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.2.4_set_logfile_perm.sh b/tests/hardening/8.2.4_set_logfile_perm.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.2.4_set_logfile_perm.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.2.5_syslog-ng_remote_host.sh b/tests/hardening/8.2.5_syslog-ng_remote_host.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.2.5_syslog-ng_remote_host.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.2.6_remote_syslog-ng_acl.sh b/tests/hardening/8.2.6_remote_syslog-ng_acl.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.2.6_remote_syslog-ng_acl.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.3.1_install_tripwire.sh b/tests/hardening/8.3.1_install_tripwire.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.3.1_install_tripwire.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.3.2_tripwire_cron.sh b/tests/hardening/8.3.2_tripwire_cron.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.3.2_tripwire_cron.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/8.4_configure_logrotate.sh b/tests/hardening/8.4_configure_logrotate.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/8.4_configure_logrotate.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.1.1_enable_cron.sh b/tests/hardening/9.1.1_enable_cron.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.1.1_enable_cron.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.1.2_crontab_perm_ownership.sh b/tests/hardening/9.1.2_crontab_perm_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.1.2_crontab_perm_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.1.3_cron_hourly_perm_ownership.sh b/tests/hardening/9.1.3_cron_hourly_perm_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.1.3_cron_hourly_perm_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.1.4_cron_daily_perm_ownership.sh b/tests/hardening/9.1.4_cron_daily_perm_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.1.4_cron_daily_perm_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.1.5_cron_weekly_perm_ownership.sh b/tests/hardening/9.1.5_cron_weekly_perm_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.1.5_cron_weekly_perm_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.1.6_cron_monthly_perm_ownership.sh b/tests/hardening/9.1.6_cron_monthly_perm_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.1.6_cron_monthly_perm_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.1.7_cron_d_perm_ownership.sh b/tests/hardening/9.1.7_cron_d_perm_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.1.7_cron_d_perm_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.1.8_cron_users.sh b/tests/hardening/9.1.8_cron_users.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.1.8_cron_users.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.2.1_enable_cracklib.sh b/tests/hardening/9.2.1_enable_cracklib.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.2.1_enable_cracklib.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.2.2_enable_lockout_failed_password.sh b/tests/hardening/9.2.2_enable_lockout_failed_password.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.2.2_enable_lockout_failed_password.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.2.3_limit_password_reuse.sh b/tests/hardening/9.2.3_limit_password_reuse.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.2.3_limit_password_reuse.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.10_disable_sshd_setenv.sh b/tests/hardening/9.3.10_disable_sshd_setenv.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.10_disable_sshd_setenv.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.11_sshd_ciphers.sh b/tests/hardening/9.3.11_sshd_ciphers.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.11_sshd_ciphers.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.12_sshd_idle_timeout.sh b/tests/hardening/9.3.12_sshd_idle_timeout.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.12_sshd_idle_timeout.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.13_sshd_limit_access.sh b/tests/hardening/9.3.13_sshd_limit_access.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.13_sshd_limit_access.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.14_ssh_banner.sh b/tests/hardening/9.3.14_ssh_banner.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.14_ssh_banner.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.1_sshd_protocol.sh b/tests/hardening/9.3.1_sshd_protocol.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.1_sshd_protocol.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.2_sshd_loglevel.sh b/tests/hardening/9.3.2_sshd_loglevel.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.2_sshd_loglevel.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.3_sshd_conf_perm_ownership.sh b/tests/hardening/9.3.3_sshd_conf_perm_ownership.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.3_sshd_conf_perm_ownership.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.4_disable_x11_forwarding.sh b/tests/hardening/9.3.4_disable_x11_forwarding.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.4_disable_x11_forwarding.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.5_sshd_maxauthtries.sh b/tests/hardening/9.3.5_sshd_maxauthtries.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.5_sshd_maxauthtries.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh b/tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.6_enable_sshd_ignorerhosts.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh b/tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.7_disable_sshd_hostbasedauthentication.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.8_disable_root_login.sh b/tests/hardening/9.3.8_disable_root_login.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.8_disable_root_login.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh b/tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.3.9_disable_sshd_permitemptypasswords.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.4_secure_tty.sh b/tests/hardening/9.4_secure_tty.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.4_secure_tty.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/9.5_restrict_su.sh b/tests/hardening/9.5_restrict_su.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/9.5_restrict_su.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/99.1_timeout_tty.sh b/tests/hardening/99.1_timeout_tty.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/99.1_timeout_tty.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +} diff --git a/tests/hardening/99.4_net_fw_default_policy_drop.sh b/tests/hardening/99.4_net_fw_default_policy_drop.sh new file mode 100644 index 0000000..b333419 --- /dev/null +++ b/tests/hardening/99.4_net_fw_default_policy_drop.sh @@ -0,0 +1,10 @@ +# run-shellcheck +test_audit() { + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + + # TODO fill comprehensive tests +}