fix(6.2.9): Start from UID 1000 for home ownership check (#164)

Rename 6.2.3 and 6.2.9 checks to be more accurate Remove home existence check from 6.2.9 as it's handled by 6.2.3 Update tests accordingly Fixes #163 Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com> Signed-off-by: Tarik Megzari <tarik.megzari@corp.ovh.com>
2025-06-24 19:44:35 +02:00 · 2022-09-30 10:28:48 +02:00
parent e478a89bad
commit 82a217032d
4 changed files with 2 additions and 26 deletions
--- a/tests/hardening/6.2.9_users_homedir_ownership.sh
+++ b/tests/hardening/6.2.9_users_homedir_ownership.sh
@ -0,0 +1,28 @@
+# shellcheck shell=bash
+# run-shellcheck
+test_audit() {
+    describe Running on blank host
+    register_test retvalshouldbe 0
+    # shellcheck disable=2154
+    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    local test_user="testhomeuser"
+
+    describe Test purposely failing
+    useradd -m "$test_user"
+    chown root:root /home/"$test_user"
+    register_test retvalshouldbe 1
+    register_test contain "[ KO ] The home directory (/home/$test_user) of user testhomeuser is owned by root"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe correcting situation
+    echo "EXCEPTIONS=\"/home/$test_user:$test_user:root\"" >/opt/debian-cis/etc/conf.d/"${script}".cfg
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    # Cleanup
+    rm -rf "/home/${test_user:?}"
+    userdel -r "$test_user"
+}