feat: add debian12 scripts

- aide_daliy_check -> 6.1.2 - journald_is_enabled.sh -> 6.2.1.1.1 - systemd_journald_remote_is_installed.sh -> 6.2.1.2.1 - systemd_journal_upload_is_enabled.sh - -> 6.2.1.2.3 - systemd_journal_remote_is_disabled.sh -> 6.2.1.2.4
2025-08-04 22:31:16 +02:00 · 2025-07-31 12:16:03 +02:00
parent 383a0a2ca6
commit 6c93b453bc
14 changed files with 590 additions and 1 deletions
--- a/tests/hardening/aide_daily_check.sh
+++ b/tests/hardening/aide_daily_check.sh
@@ -0,0 +1,10 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+    # running on a container, not much to test here
+    describe Running on blank host
+    register_test retvalshouldbe 1
+    # shellcheck disable=2154
+    run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+}
--- a/tests/hardening/journald_is_enabled.sh
+++ b/tests/hardening/journald_is_enabled.sh
@@ -0,0 +1,11 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+
+    # not much to test here, we are running in a container, we wont check service state
+    describe Checking blank host
+    register_test retvalshouldbe 1
+    # shellcheck disable=2154
+    run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+}
--- a/tests/hardening/systemd_journal_remote_is_disabled.sh
+++ b/tests/hardening/systemd_journal_remote_is_disabled.sh
@@ -0,0 +1,11 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+
+    # not much to test here, we are running in a container, we wont check service state
+    describe Checking blank host
+    register_test retvalshouldbe 0
+    # shellcheck disable=2154
+    run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+}
--- a/tests/hardening/systemd_journal_remote_is_installed.sh
+++ b/tests/hardening/systemd_journal_remote_is_installed.sh
@@ -0,0 +1,23 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+    describe set up failed check
+    apt remove -y systemd-journal-remote
+
+    describe Running failed test
+    register_test retvalshouldbe 1
+    # shellcheck disable=2154
+    run failure "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+    describe Fix situation
+    sed -i 's/audit/enabled/' "${CIS_CONF_DIR}/conf.d/${script}.cfg"
+    "${CIS_CHECKS_DIR}/${script}.sh" --apply || true
+
+    describe running successfull audit
+    register_test retvalshouldbe 0
+    # shellcheck disable=2154
+    run success "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+    apt remove -y systemd-journal-remote
+    apt autoremove -y
+}
--- a/tests/hardening/systemd_journal_upload_is_enabled.sh
+++ b/tests/hardening/systemd_journal_upload_is_enabled.sh
@@ -0,0 +1,11 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+
+    # not much to test here, we are running in a container, we wont check service state
+    describe Checking blank host
+    register_test retvalshouldbe 1
+    # shellcheck disable=2154
+    run blank "${CIS_CHECKS_DIR}/${script}.sh" --audit-all
+
+}