From 7a09e0fb9af6dd98f2f52f01e740bdb7cfa8c487 Mon Sep 17 00:00:00 2001 From: Thibault Ayanides Date: Tue, 27 Oct 2020 16:00:02 +0100 Subject: [PATCH] IMP(99.2): skip on docker --- tests/hardening/99.2_disable_usb_devices.sh | 33 +++++++++++---------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/tests/hardening/99.2_disable_usb_devices.sh b/tests/hardening/99.2_disable_usb_devices.sh index 9dcf3ce..050ddb0 100644 --- a/tests/hardening/99.2_disable_usb_devices.sh +++ b/tests/hardening/99.2_disable_usb_devices.sh @@ -1,23 +1,26 @@ # run-shellcheck test_audit() { + if [ -f "/.dockerenv" ]; then + skip "SKIPPED on docker" + else + mkdir /etc/udev/rules.d || true + chmod -R 700 /etc/udev - mkdir /etc/udev/rules.d || true - chmod -R 700 /etc/udev + describe Running on blank host + register_test retvalshouldbe 0 + dismiss_count_for_test + # shellcheck disable=2154 + run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - describe Running on blank host - register_test retvalshouldbe 0 - dismiss_count_for_test - # shellcheck disable=2154 - run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + echo 'ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"' > /etc/udev/rules.d/10-CIS_99.2_usb_devices.sh - echo 'ACTION=="add", SUBSYSTEMS=="usb", TEST=="authorized_default", ATTR{authorized_default}="0"' > /etc/udev/rules.d/10-CIS_99.2_usb_devices.sh + describe compliant + register_test retvalshouldbe 0 + run compliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - describe compliant - register_test retvalshouldbe 0 - run compliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all + # TODO fill comprehensive tests - # TODO fill comprehensive tests - - # Cleanup - rm /etc/udev/rules.d/10-CIS_99.2_usb_devices.sh + # Cleanup + rm /etc/udev/rules.d/10-CIS_99.2_usb_devices.sh + fi }