From 7e8c9767222108b1c9acfb85452e1932c20ab286 Mon Sep 17 00:00:00 2001 From: Thibault Ayanides Date: Fri, 6 Nov 2020 16:20:10 +0100 Subject: [PATCH] Add disclaimer when checks don't require comprehensive checks modified: tests/hardening/1.1.1.1_disable_freevxfs.sh modified: tests/hardening/1.1.1.2_disable_jffs2.sh modified: tests/hardening/1.1.1.3_disable_hfs.sh modified: tests/hardening/1.1.1.4_disable_hfsplus.sh modified: tests/hardening/1.1.1.5_disable_udf.sh modified: tests/hardening/1.1.1.6_disable_cramfs.sh modified: tests/hardening/1.1.1.7_disable_squashfs.sh modified: tests/hardening/1.1.10_var_tmp_noexec.sh modified: tests/hardening/1.1.11_var_log_partition.sh modified: tests/hardening/1.1.12_var_log_audit_partition.sh modified: tests/hardening/1.1.13_home_partition.sh modified: tests/hardening/1.1.14_home_nodev.sh modified: tests/hardening/1.1.18_removable_device_nodev.sh modified: tests/hardening/1.1.19_removable_device_nosuid.sh modified: tests/hardening/1.1.20_removable_device_noexec.sh modified: tests/hardening/1.1.2_tmp_partition.sh modified: tests/hardening/1.1.3_tmp_nodev.sh modified: tests/hardening/1.1.4_tmp_nosuid.sh modified: tests/hardening/1.1.5_tmp_noexec.sh modified: tests/hardening/1.1.6_var_partition.sh modified: tests/hardening/1.1.7_var_tmp_partition.sh modified: tests/hardening/1.1.8_var_tmp_nodev.sh modified: tests/hardening/1.1.9_var_tmp_nosuid.sh modified: tests/hardening/1.8_install_updates.sh modified: tests/hardening/2.2.10_disable_http_server.sh modified: tests/hardening/2.2.11_disable_imap_pop.sh modified: tests/hardening/2.2.12_disable_samba.sh modified: tests/hardening/2.2.13_disable_http_proxy.sh modified: tests/hardening/2.2.14_disable_snmp_server.sh modified: tests/hardening/2.2.2_disable_xwindow_system.sh modified: tests/hardening/2.2.3_disable_avahi_server.sh modified: tests/hardening/2.2.4_disable_print_server.sh modified: tests/hardening/2.2.5_disable_dhcp.sh modified: tests/hardening/2.2.6_disable_ldap.sh modified: tests/hardening/2.2.7_disable_nfs_rpc.sh modified: tests/hardening/2.2.8_disable_dns_server.sh modified: tests/hardening/2.2.9_disable_ftp.sh modified: tests/hardening/2.3.1_disable_nis.sh modified: tests/hardening/2.3.2_disable_rsh_client.sh modified: tests/hardening/2.3.3_disable_talk_client.sh modified: tests/hardening/2.3.4_telnet_client_not_installed.sh modified: tests/hardening/2.3.5_ldap_client_not_installed.sh --- tests/hardening/1.1.1.1_disable_freevxfs.sh | 9 +++++++-- tests/hardening/1.1.1.2_disable_jffs2.sh | 9 +++++++-- tests/hardening/1.1.1.3_disable_hfs.sh | 9 +++++++-- tests/hardening/1.1.1.4_disable_hfsplus.sh | 9 +++++++-- tests/hardening/1.1.1.5_disable_udf.sh | 10 ++++++++-- tests/hardening/1.1.1.6_disable_cramfs.sh | 9 +++++++-- tests/hardening/1.1.1.7_disable_squashfs.sh | 10 ++++++++-- tests/hardening/1.1.10_var_tmp_noexec.sh | 7 ++++++- tests/hardening/1.1.11_var_log_partition.sh | 7 ++++++- tests/hardening/1.1.12_var_log_audit_partition.sh | 7 ++++++- tests/hardening/1.1.13_home_partition.sh | 7 ++++++- tests/hardening/1.1.14_home_nodev.sh | 7 ++++++- tests/hardening/1.1.18_removable_device_nodev.sh | 7 ++++++- tests/hardening/1.1.19_removable_device_nosuid.sh | 7 ++++++- tests/hardening/1.1.20_removable_device_noexec.sh | 7 ++++++- tests/hardening/1.1.22_disable_automounting.sh | 7 ++++++- tests/hardening/1.1.2_tmp_partition.sh | 7 ++++++- tests/hardening/1.1.3_tmp_nodev.sh | 7 ++++++- tests/hardening/1.1.4_tmp_nosuid.sh | 7 ++++++- tests/hardening/1.1.5_tmp_noexec.sh | 7 ++++++- tests/hardening/1.1.6_var_partition.sh | 7 ++++++- tests/hardening/1.1.7_var_tmp_partition.sh | 7 ++++++- tests/hardening/1.1.8_var_tmp_nodev.sh | 7 ++++++- tests/hardening/1.1.9_var_tmp_nosuid.sh | 7 ++++++- .../hardening/1.5.3_enable_randomized_vm_placement.sh | 7 ++++++- tests/hardening/1.8_install_updates.sh | 7 ++++++- tests/hardening/2.2.10_disable_http_server.sh | 7 ++++++- tests/hardening/2.2.11_disable_imap_pop.sh | 7 ++++++- tests/hardening/2.2.12_disable_samba.sh | 7 ++++++- tests/hardening/2.2.13_disable_http_proxy.sh | 7 ++++++- tests/hardening/2.2.14_disable_snmp_server.sh | 7 ++++++- tests/hardening/2.2.2_disable_xwindow_system.sh | 7 ++++++- tests/hardening/2.2.3_disable_avahi_server.sh | 7 ++++++- tests/hardening/2.2.4_disable_print_server.sh | 7 ++++++- tests/hardening/2.2.5_disable_dhcp.sh | 7 ++++++- tests/hardening/2.2.6_disable_ldap.sh | 7 ++++++- tests/hardening/2.2.7_disable_nfs_rpc.sh | 7 ++++++- tests/hardening/2.2.8_disable_dns_server.sh | 7 ++++++- tests/hardening/2.2.9_disable_ftp.sh | 7 ++++++- tests/hardening/2.3.1_disable_nis.sh | 7 ++++++- tests/hardening/2.3.2_disable_rsh_client.sh | 7 ++++++- tests/hardening/2.3.3_disable_talk_client.sh | 7 ++++++- 42 files changed, 261 insertions(+), 49 deletions(-) diff --git a/tests/hardening/1.1.1.1_disable_freevxfs.sh b/tests/hardening/1.1.1.1_disable_freevxfs.sh index 180f73f..f0715cd 100644 --- a/tests/hardening/1.1.1.1_disable_freevxfs.sh +++ b/tests/hardening/1.1.1.1_disable_freevxfs.sh @@ -8,7 +8,12 @@ test_audit() { dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - - # TODO fill comprehensive tests fi + + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.1.2_disable_jffs2.sh b/tests/hardening/1.1.1.2_disable_jffs2.sh index 180f73f..71e89fd 100644 --- a/tests/hardening/1.1.1.2_disable_jffs2.sh +++ b/tests/hardening/1.1.1.2_disable_jffs2.sh @@ -8,7 +8,12 @@ test_audit() { dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - - # TODO fill comprehensive tests fi + + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.1.3_disable_hfs.sh b/tests/hardening/1.1.1.3_disable_hfs.sh index 180f73f..71e89fd 100644 --- a/tests/hardening/1.1.1.3_disable_hfs.sh +++ b/tests/hardening/1.1.1.3_disable_hfs.sh @@ -8,7 +8,12 @@ test_audit() { dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - - # TODO fill comprehensive tests fi + + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.1.4_disable_hfsplus.sh b/tests/hardening/1.1.1.4_disable_hfsplus.sh index 180f73f..71e89fd 100644 --- a/tests/hardening/1.1.1.4_disable_hfsplus.sh +++ b/tests/hardening/1.1.1.4_disable_hfsplus.sh @@ -8,7 +8,12 @@ test_audit() { dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - - # TODO fill comprehensive tests fi + + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.1.5_disable_udf.sh b/tests/hardening/1.1.1.5_disable_udf.sh index 180f73f..97bd0e8 100644 --- a/tests/hardening/1.1.1.5_disable_udf.sh +++ b/tests/hardening/1.1.1.5_disable_udf.sh @@ -8,7 +8,13 @@ test_audit() { dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - - # TODO fill comprehensive tests fi + + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } + diff --git a/tests/hardening/1.1.1.6_disable_cramfs.sh b/tests/hardening/1.1.1.6_disable_cramfs.sh index 180f73f..71e89fd 100644 --- a/tests/hardening/1.1.1.6_disable_cramfs.sh +++ b/tests/hardening/1.1.1.6_disable_cramfs.sh @@ -8,7 +8,12 @@ test_audit() { dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - - # TODO fill comprehensive tests fi + + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.1.7_disable_squashfs.sh b/tests/hardening/1.1.1.7_disable_squashfs.sh index 180f73f..97bd0e8 100644 --- a/tests/hardening/1.1.1.7_disable_squashfs.sh +++ b/tests/hardening/1.1.1.7_disable_squashfs.sh @@ -8,7 +8,13 @@ test_audit() { dismiss_count_for_test # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - - # TODO fill comprehensive tests fi + + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } + diff --git a/tests/hardening/1.1.10_var_tmp_noexec.sh b/tests/hardening/1.1.10_var_tmp_noexec.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.10_var_tmp_noexec.sh +++ b/tests/hardening/1.1.10_var_tmp_noexec.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.11_var_log_partition.sh b/tests/hardening/1.1.11_var_log_partition.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.11_var_log_partition.sh +++ b/tests/hardening/1.1.11_var_log_partition.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.12_var_log_audit_partition.sh b/tests/hardening/1.1.12_var_log_audit_partition.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.12_var_log_audit_partition.sh +++ b/tests/hardening/1.1.12_var_log_audit_partition.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.13_home_partition.sh b/tests/hardening/1.1.13_home_partition.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.13_home_partition.sh +++ b/tests/hardening/1.1.13_home_partition.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.14_home_nodev.sh b/tests/hardening/1.1.14_home_nodev.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.14_home_nodev.sh +++ b/tests/hardening/1.1.14_home_nodev.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.18_removable_device_nodev.sh b/tests/hardening/1.1.18_removable_device_nodev.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.18_removable_device_nodev.sh +++ b/tests/hardening/1.1.18_removable_device_nodev.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.19_removable_device_nosuid.sh b/tests/hardening/1.1.19_removable_device_nosuid.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.19_removable_device_nosuid.sh +++ b/tests/hardening/1.1.19_removable_device_nosuid.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.20_removable_device_noexec.sh b/tests/hardening/1.1.20_removable_device_noexec.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.20_removable_device_noexec.sh +++ b/tests/hardening/1.1.20_removable_device_noexec.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.22_disable_automounting.sh b/tests/hardening/1.1.22_disable_automounting.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.22_disable_automounting.sh +++ b/tests/hardening/1.1.22_disable_automounting.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.2_tmp_partition.sh b/tests/hardening/1.1.2_tmp_partition.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.2_tmp_partition.sh +++ b/tests/hardening/1.1.2_tmp_partition.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.3_tmp_nodev.sh b/tests/hardening/1.1.3_tmp_nodev.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.3_tmp_nodev.sh +++ b/tests/hardening/1.1.3_tmp_nodev.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.4_tmp_nosuid.sh b/tests/hardening/1.1.4_tmp_nosuid.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.4_tmp_nosuid.sh +++ b/tests/hardening/1.1.4_tmp_nosuid.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.5_tmp_noexec.sh b/tests/hardening/1.1.5_tmp_noexec.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.5_tmp_noexec.sh +++ b/tests/hardening/1.1.5_tmp_noexec.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.6_var_partition.sh b/tests/hardening/1.1.6_var_partition.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.6_var_partition.sh +++ b/tests/hardening/1.1.6_var_partition.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.7_var_tmp_partition.sh b/tests/hardening/1.1.7_var_tmp_partition.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.7_var_tmp_partition.sh +++ b/tests/hardening/1.1.7_var_tmp_partition.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.8_var_tmp_nodev.sh b/tests/hardening/1.1.8_var_tmp_nodev.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.8_var_tmp_nodev.sh +++ b/tests/hardening/1.1.8_var_tmp_nodev.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.1.9_var_tmp_nosuid.sh b/tests/hardening/1.1.9_var_tmp_nosuid.sh index b333419..973bddc 100644 --- a/tests/hardening/1.1.9_var_tmp_nosuid.sh +++ b/tests/hardening/1.1.9_var_tmp_nosuid.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.5.3_enable_randomized_vm_placement.sh b/tests/hardening/1.5.3_enable_randomized_vm_placement.sh index b333419..973bddc 100644 --- a/tests/hardening/1.5.3_enable_randomized_vm_placement.sh +++ b/tests/hardening/1.5.3_enable_randomized_vm_placement.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/1.8_install_updates.sh b/tests/hardening/1.8_install_updates.sh index b333419..973bddc 100644 --- a/tests/hardening/1.8_install_updates.sh +++ b/tests/hardening/1.8_install_updates.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.10_disable_http_server.sh b/tests/hardening/2.2.10_disable_http_server.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.10_disable_http_server.sh +++ b/tests/hardening/2.2.10_disable_http_server.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.11_disable_imap_pop.sh b/tests/hardening/2.2.11_disable_imap_pop.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.11_disable_imap_pop.sh +++ b/tests/hardening/2.2.11_disable_imap_pop.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.12_disable_samba.sh b/tests/hardening/2.2.12_disable_samba.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.12_disable_samba.sh +++ b/tests/hardening/2.2.12_disable_samba.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.13_disable_http_proxy.sh b/tests/hardening/2.2.13_disable_http_proxy.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.13_disable_http_proxy.sh +++ b/tests/hardening/2.2.13_disable_http_proxy.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.14_disable_snmp_server.sh b/tests/hardening/2.2.14_disable_snmp_server.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.14_disable_snmp_server.sh +++ b/tests/hardening/2.2.14_disable_snmp_server.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.2_disable_xwindow_system.sh b/tests/hardening/2.2.2_disable_xwindow_system.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.2_disable_xwindow_system.sh +++ b/tests/hardening/2.2.2_disable_xwindow_system.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.3_disable_avahi_server.sh b/tests/hardening/2.2.3_disable_avahi_server.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.3_disable_avahi_server.sh +++ b/tests/hardening/2.2.3_disable_avahi_server.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.4_disable_print_server.sh b/tests/hardening/2.2.4_disable_print_server.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.4_disable_print_server.sh +++ b/tests/hardening/2.2.4_disable_print_server.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.5_disable_dhcp.sh b/tests/hardening/2.2.5_disable_dhcp.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.5_disable_dhcp.sh +++ b/tests/hardening/2.2.5_disable_dhcp.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.6_disable_ldap.sh b/tests/hardening/2.2.6_disable_ldap.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.6_disable_ldap.sh +++ b/tests/hardening/2.2.6_disable_ldap.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.7_disable_nfs_rpc.sh b/tests/hardening/2.2.7_disable_nfs_rpc.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.7_disable_nfs_rpc.sh +++ b/tests/hardening/2.2.7_disable_nfs_rpc.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.8_disable_dns_server.sh b/tests/hardening/2.2.8_disable_dns_server.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.8_disable_dns_server.sh +++ b/tests/hardening/2.2.8_disable_dns_server.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.2.9_disable_ftp.sh b/tests/hardening/2.2.9_disable_ftp.sh index b333419..973bddc 100644 --- a/tests/hardening/2.2.9_disable_ftp.sh +++ b/tests/hardening/2.2.9_disable_ftp.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.3.1_disable_nis.sh b/tests/hardening/2.3.1_disable_nis.sh index b333419..973bddc 100644 --- a/tests/hardening/2.3.1_disable_nis.sh +++ b/tests/hardening/2.3.1_disable_nis.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.3.2_disable_rsh_client.sh b/tests/hardening/2.3.2_disable_rsh_client.sh index b333419..973bddc 100644 --- a/tests/hardening/2.3.2_disable_rsh_client.sh +++ b/tests/hardening/2.3.2_disable_rsh_client.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## } diff --git a/tests/hardening/2.3.3_disable_talk_client.sh b/tests/hardening/2.3.3_disable_talk_client.sh index b333419..973bddc 100644 --- a/tests/hardening/2.3.3_disable_talk_client.sh +++ b/tests/hardening/2.3.3_disable_talk_client.sh @@ -6,5 +6,10 @@ test_audit() { # shellcheck disable=2154 run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all - # TODO fill comprehensive tests + ################################################################## + # For this test, we only check that it runs properly on a blank # + # host, and we check root/sudo consistency. But, we don't test # + # the apply function because it can't be automated or it is very # + # long to test and not very useful. # + ################################################################## }