IMP(test): Add feature to run functional tests in docker instance

Add usecase in basename
Add test files for checks with find command
Always show logs
FIX: run void script to generate config and avoid sed failure
Update README with functional test description
Add skeleton for functional test
Add argument to launch only specific test suite
Add support for debian8 and compulsory mention of debian version at
launch
Improve README
Simplify test file syntax to avoid copy/paste mistake
Add script that runs tests on all debian targets
Improve run_all_target script with nowait and nodel options
Add dockerfile for Buster pre-version
Chore: Use getopt for options and reviewed code by shellcheck
Add trap to ensure cleanup on exit/interrupt
Remove quotes that lead to `less` misinterpretation of the filenames
Set `local` for variables inside `test_audit` func
Move functional assertion functions to dedicated file
Add cleanup for logs and containers
Improve cleanup, and now exits
Apply shellcheck recommendations
FIX: allow script to be run from anywhere (dirname $0)

 Changes to be committed:
	modified:   README.md
	new file:   src/skel.test
	new file:   tests/docker/Dockerfile.debian10_20181226
	new file:   tests/docker/Dockerfile.debian8
	new file:   tests/docker/Dockerfile.debian9
	new file:   tests/docker_build_and_run_tests.sh
	new file:   tests/hardening/12.10_find_suid_files.sh
	new file:   tests/hardening/12.11_find_sgid_files.sh
	new file:   tests/hardening/12.7_find_world_writable_file.sh
	new file:   tests/hardening/12.8_find_unowned_files.sh
	new file:   tests/hardening/12.9_find_ungrouped_files.sh
	new file:   tests/hardening/2.17_sticky_bit_world_writable_folder.sh
	new file:   tests/launch_tests.sh
	new file:   tests/lib.sh
	new file:   tests/run_all_targets.sh

tests/hardening/12.10_find_suid_files.sh

@@ -0,0 +1,29 @@
+test_audit() {
+    describe Running void to generate the conf file that will later be edited
+    # shellcheck disable=2154
+    /opt/debian-cis/bin/hardening/"${script}".sh || true
+    echo 'EXCEPTIONS="$EXCEPTIONS /usr/lib/dbus-1.0/dbus-daemon-launch-helper"' >> /opt/debian-cis/etc/conf.d/"${script}".cfg
+
+    describe Running on blank host
+    register_test retvalshouldbe 0
+    register_test contain "No unknown suid files found"
+    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe Tests purposely failing
+    local targetfile="/home/secaudit/suid_file"
+    touch $targetfile
+    chmod 4700 $targetfile
+    register_test retvalshouldbe 1
+    register_test contain "Some suid files are present"
+    register_test contain "$targetfile"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe correcting situation
+    chmod 700 $targetfile
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    register_test contain "No unknown suid files found"
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+}
+

tests/hardening/12.11_find_sgid_files.sh

@@ -0,0 +1,25 @@
+test_audit() {
+    describe Running on blank host
+    register_test retvalshouldbe 0
+    register_test contain "No unknown sgid files found"
+    # shellcheck disable=2154
+    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe Tests purposely failing
+    local targetfile="/home/secaudit/sgid_file"
+    touch $targetfile
+    chmod 2700 $targetfile
+    register_test retvalshouldbe 1
+    register_test contain "Some sgid files are present"
+    register_test contain "$targetfile"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe correcting situation
+    chmod 700 $targetfile
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    register_test contain "No unknown sgid files found"
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+}
+

tests/hardening/12.7_find_world_writable_file.sh

@@ -0,0 +1,25 @@
+test_audit() {
+    describe Running on blank host
+    register_test retvalshouldbe 0
+    register_test contain "No world writable files found"
+    # shellcheck disable=2154
+    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe Tests purposely failing
+    local targetfile="/home/secaudit/worldwritable"
+    touch $targetfile
+    chmod 777 $targetfile
+    register_test retvalshouldbe 1
+    register_test contain "Some world writable files are present"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe correcting situation
+    sed  -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    register_test contain "No world writable files found"
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+}
+

tests/hardening/12.8_find_unowned_files.sh

@@ -0,0 +1,25 @@
+test_audit() {
+    describe Running on blank host
+    register_test retvalshouldbe 0
+    register_test contain "No unowned files found"
+    # shellcheck disable=2154
+    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe Tests purposely failing
+    local targetfile="/home/secaudit/unowned"
+    touch $targetfile
+    chown 1200 $targetfile
+    register_test retvalshouldbe 1
+    register_test contain "Some unowned files are present"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe correcting situation
+    sed -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    /opt/debian-cis/bin/hardening/"${script}".sh || true
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    register_test contain "No unowned files found"
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+}
+

tests/hardening/12.9_find_ungrouped_files.sh

@@ -0,0 +1,25 @@
+test_audit() {
+    describe Running on blank host
+    register_test retvalshouldbe 0
+    register_test contain "No ungrouped files found"
+    # shellcheck disable=2154
+    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe Tests purposely failing
+    local targetfile="/home/secaudit/ungrouped"
+    touch $targetfile
+    chown 1200:1200 $targetfile
+    register_test retvalshouldbe 1
+    register_test contain "Some ungrouped files are present"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe correcting situation
+    sed  -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    register_test contain "No ungrouped files found"
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+}
+

tests/hardening/2.17_sticky_bit_world_writable_folder.sh

@@ -0,0 +1,24 @@
+test_audit() {
+    describe Running on blank host
+    register_test retvalshouldbe 0
+    register_test contain "All world writable directories have a sticky bit"
+    # shellcheck disable=2154
+    run blank /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe Tests purposely failing
+    local targetdir="/home/secaudit/world_writable_folder"
+    mkdir $targetdir || true
+    chmod 777 $targetdir
+    register_test retvalshouldbe 1
+    register_test contain "Some world writable directories are not on sticky bit mode"
+    run noncompliant /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+
+    describe correcting situation
+    sed  -i 's/disabled/enabled/' /opt/debian-cis/etc/conf.d/"${script}".cfg
+    /opt/debian-cis/bin/hardening/"${script}".sh --apply || true
+
+    describe Checking resolved state
+    register_test retvalshouldbe 0
+    register_test contain "All world writable directories have a sticky bit"
+    run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
+}