elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

missing shadowtools backup files is ok (#132)

Browse Source 
* missing shadowtools backup files is ok

* update corresponding test cases
This commit is contained in:
Jan Schmidle 2022-03-02 18:05:37 +01:00 committed by GitHub
parent b962155a3c
commit a6a22084e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 152 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bin/hardening/6.1.3_etc_gshadow-_permissions.sh
View File

@ -25,6 +25,10 @@ GROUPSOK='root shadow'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist"
else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -37,10 +41,15 @@ audit() {
else else
crit "$FILE ownership was not set to $USER:$GROUPSOK" crit "$FILE ownership was not set to $USER:$GROUPSOK"
fi fi
fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist"
else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -55,6 +64,7 @@ apply() {
info "fixing $FILE ownership to $USER:$GROUP" info "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE" chown "$USER":"$GROUP" "$FILE"
fi fi
fi
} }
# This function will check config parameters required # This function will check config parameters required

10
bin/hardening/6.1.6_etc_passwd-_permissions.sh
View File

@ -24,6 +24,10 @@ GROUP='root'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist"
else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -36,10 +40,15 @@ audit() {
else else
crit "$FILE ownership was not set to $USER:$GROUP" crit "$FILE ownership was not set to $USER:$GROUP"
fi fi
fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist"
else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -54,6 +63,7 @@ apply() {
info "fixing $FILE ownership to $USER:$GROUP" info "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE" chown "$USER":"$GROUP" "$FILE"
fi fi
fi
} }
# This function will check config parameters required # This function will check config parameters required

10
bin/hardening/6.1.7_etc_shadow-_permissions.sh
View File

@ -24,6 +24,10 @@ GROUP='shadow'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist"
else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -36,10 +40,15 @@ audit() {
else else
crit "$FILE ownership was not set to $USER:$GROUP" crit "$FILE ownership was not set to $USER:$GROUP"
fi fi
fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist"
else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -54,6 +63,7 @@ apply() {
info "fixing $FILE ownership to $USER:$GROUP" info "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE" chown "$USER":"$GROUP" "$FILE"
fi fi
fi
} }
# This function will check config parameters required # This function will check config parameters required

10
bin/hardening/6.1.8_etc_group-_permissions.sh
View File

@ -24,6 +24,10 @@ GROUP='root'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist"
else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -36,10 +40,15 @@ audit() {
else else
crit "$FILE ownership was not set to $USER:$GROUP" crit "$FILE ownership was not set to $USER:$GROUP"
fi fi
fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
does_file_exist "$FILE"
if [ "$FNRET" != 0 ]; then
ok "$FILE does not exist"
else
has_file_correct_permissions "$FILE" "$PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" = 0 ]; then
ok "$FILE has correct permissions" ok "$FILE has correct permissions"
@ -54,6 +63,7 @@ apply() {
info "fixing $FILE ownership to $USER:$GROUP" info "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE" chown "$USER":"$GROUP" "$FILE"
fi fi
fi
} }
# This function will check config parameters required # This function will check config parameters required

6
tests/hardening/6.1.3_etc_gshadow-_permissions.sh
View File

@ -37,6 +37,12 @@ test_audit() {
register_test contain "has correct ownership" register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Missing File should be OK as well
rm "$test_file"
register_test retvalshouldbe 0
register_test contain "does not exist"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup
userdel "$test_user" userdel "$test_user"
} }

6
tests/hardening/6.1.6_etc_passwd-_permissions.sh
View File

@ -37,6 +37,12 @@ test_audit() {
register_test contain "has correct ownership" register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Missing File should be OK as well
rm "$test_file"
register_test retvalshouldbe 0
register_test contain "does not exist"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup
userdel "$test_user" userdel "$test_user"
} }

6
tests/hardening/6.1.7_etc_shadow-_permissions.sh
View File

@ -37,6 +37,12 @@ test_audit() {
register_test contain "has correct ownership" register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Missing File should be OK as well
rm "$test_file"
register_test retvalshouldbe 0
register_test contain "does not exist"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup
userdel "$test_user" userdel "$test_user"
} }

6
tests/hardening/6.1.8_etc_group-_permissions.sh
View File

@ -37,6 +37,12 @@ test_audit() {
register_test contain "has correct ownership" register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Missing File should be OK as well
rm "$test_file"
register_test retvalshouldbe 0
register_test contain "does not exist"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup
userdel "$test_user" userdel "$test_user"
} }