elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2025-06-24 03:24:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Renum 6.x files to comply with debian10 CIS

Browse Source 
renamed:    bin/hardening/6.2.7_users_valid_homedir.sh -> bin/hardening/6.2.3_users_valid_homedir.sh
	renamed:    bin/hardening/6.2.3_remove_legacy_shadow_entries.sh -> bin/hardening/6.2.4_remove_legacy_shadow_entries.sh
	renamed:    bin/hardening/6.2.4_remove_legacy_group_entries.sh -> bin/hardening/6.2.5_remove_legacy_group_entries.sh
	renamed:    bin/hardening/6.2.5_find_0_uid_non_root_account.sh -> bin/hardening/6.2.6_find_0_uid_non_root_account.sh
	renamed:    bin/hardening/6.2.6_sanitize_root_path.sh -> bin/hardening/6.2.7_sanitize_root_path.sh
	renamed:    tests/hardening/6.2.7_users_valid_homedir.sh -> tests/hardening/6.2.3_users_valid_homedir.sh
	renamed:    tests/hardening/6.2.3_remove_legacy_shadow_entries.sh -> tests/hardening/6.2.4_remove_legacy_shadow_entries.sh
	renamed:    tests/hardening/6.2.4_remove_legacy_group_entries.sh -> tests/hardening/6.2.5_remove_legacy_group_entries.sh
	renamed:    tests/hardening/6.2.5_find_0_uid_non_root_account.sh -> tests/hardening/6.2.6_find_0_uid_non_root_account.sh
	renamed:    tests/hardening/6.2.6_sanitize_root_path.sh -> tests/hardening/6.2.7_sanitize_root_path.sh
This commit is contained in:
Thibault Ayanides
2020-12-22 11:43:53 +01:00
parent c9e19b51e6
commit 7d87619744
10 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
tests/hardening/6.2.4_remove_legacy_shadow_entries.sh Normal file
View File

@ -0,0 +1,31 @@
# shellcheck shell=bash
# run-shellcheck
test_audit() {
describe Running on blank host
register_test retvalshouldbe 0
dismiss_count_for_test
# shellcheck disable=2154
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
local test_user="testetcshadowusr"
describe Tests purposely failing
useradd "$test_user"
sed -i "s/$test_user:/+:$test_user:/" /etc/shadow
register_test retvalshouldbe 1
register_test contain "Some accounts have a legacy password entry"
run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe correcting situation
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
/opt/debian-cis/bin/hardening/"${script}".sh --apply || true
describe Checking resolved state
register_test retvalshouldbe 0
register_test contain "All accounts have a valid password entry format"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# cleanup
userdel "$test_user"
}