mirror of
https://github.com/ovh/debian-cis.git
synced 2025-06-22 02:33:42 +02:00
IMP(8.2.5): find multiline pattern in files (syslog)
Add func to find pattern in file that spreads over multiple lines
The func will remove commented lines (that begin with '#')
and consider the file as one long line.
Thus, this is not possible to look for pattern at beginning of line
with this func ('^' and '$')
Improved pattern in 8.2.5
Add syslog-ng to installed dependencies in Dockerfiles
Fixed multifile arguments when looking for pattern that got broken
in d2bbf754
due to "nocase" and _does_pattern_exist_in_file wrapper
Please note that you can only look for pattern in ONE FILE at once
Fixed 8.2.5 and 8.3.2 with for loop on files and 'FOUND' flag
You now need to specify each and every file to look for or embed a
'find' command as follow :
`FILES="$SYSLOG_BASEDIR/syslog-ng.conf $(find $SYSLOG_BASEDIR/conf.d/)"`
Improved test files
Applied shellcheck recommendations
This commit is contained in:
@ -2,7 +2,7 @@ FROM debian:buster-20181226
|
||||
|
||||
RUN groupadd -g 500 secaudit && useradd -u 500 -g 500 -s /bin/bash secaudit && mkdir -m 700 /home/secaudit && chown secaudit:secaudit /home/secaudit
|
||||
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y bc openssh-server sudo
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y bc openssh-server sudo syslog-ng
|
||||
|
||||
COPY --chown=500:500 . /opt/debian-cis/
|
||||
|
||||
|
@ -2,7 +2,7 @@ FROM debian:jessie
|
||||
|
||||
RUN groupadd -g 500 secaudit && useradd -u 500 -g 500 -s /bin/bash secaudit && mkdir -m 700 /home/secaudit && chown secaudit:secaudit /home/secaudit
|
||||
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y bc openssh-server sudo
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y bc openssh-server sudo syslog-ng
|
||||
|
||||
COPY --chown=500:500 . /opt/debian-cis/
|
||||
|
||||
|
@ -2,7 +2,7 @@ FROM debian:stretch
|
||||
|
||||
RUN groupadd -g 500 secaudit && useradd -u 500 -g 500 -s /bin/bash secaudit && mkdir -m 700 /home/secaudit && chown secaudit:secaudit /home/secaudit
|
||||
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y bc openssh-server sudo
|
||||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y bc openssh-server sudo syslog-ng
|
||||
|
||||
COPY --chown=500:500 . /opt/debian-cis/
|
||||
|
||||
|
@ -1,10 +1,49 @@
|
||||
# run-shellcheck
|
||||
test_audit() {
|
||||
#set -x
|
||||
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
register_test retvalshouldbe 1
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
cp -a /etc/syslog-ng/syslog-ng.conf /tmp/syslog-ng.conf.bak
|
||||
|
||||
echo "destination mySyslog tcp (\"syslog.example.tld\")" >> /etc/syslog-ng/syslog-ng.conf
|
||||
grep syslog.example.tld /etc/syslog-ng/syslog-ng.conf
|
||||
|
||||
describe Checking one line conf
|
||||
register_test retvalshouldbe 0
|
||||
run oneline /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
|
||||
cp -a /tmp/syslog-ng.conf.bak /etc/syslog-ng/syslog-ng.conf
|
||||
cat >> /etc/syslog-ng/syslog-ng.conf <<EOF
|
||||
destination mySyslog {
|
||||
tcp ("syslog.example.tld"),
|
||||
port(1234),
|
||||
EOF
|
||||
|
||||
describe Checking mutliline conf
|
||||
register_test retvalshouldbe 0
|
||||
run multiline /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
mv /tmp/syslog-ng.conf.bak /etc/syslog-ng/syslog-ng.conf
|
||||
|
||||
#echo "#Sample conf" >/etc/syslog-ng/conf.d/1_tcp_destination
|
||||
echo "destination mySyslog tcp (\"syslog.example.tld\")" >> /etc/syslog-ng/conf.d/1_tcp_destination
|
||||
cat /etc/syslog-ng/conf.d/1_tcp_destination
|
||||
|
||||
|
||||
describe Checking file in subdirectory
|
||||
register_test retvalshouldbe 0
|
||||
run subfile /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
|
||||
|
||||
# Cleanup
|
||||
#mv /tmp/syslog-ng.conf.bak /etc/syslog-ng/syslog-ng.conf
|
||||
|
||||
rm /etc/syslog-ng/conf.d/1_tcp_destination
|
||||
|
||||
}
|
||||
|
@ -1,10 +1,14 @@
|
||||
# run-shellcheck
|
||||
test_audit() {
|
||||
describe Running on blank host
|
||||
register_test retvalshouldbe 0
|
||||
dismiss_count_for_test
|
||||
register_test retvalshouldbe 1
|
||||
# shellcheck disable=2154
|
||||
run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
|
||||
# TODO fill comprehensive tests
|
||||
sed -i 's/audit/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
|
||||
/opt/debian-cis/bin/hardening/"${script}".sh || true
|
||||
|
||||
describe Checking auto resolved state
|
||||
register_test retvalshouldbe 0
|
||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||
}
|
||||
|
Reference in New Issue
Block a user