mirror of
https://github.com/ovh/debian-cis.git
synced 2024-11-25 23:11:24 +01:00
missing shadowtools backup files is ok (#132)
* missing shadowtools backup files is ok * update corresponding test cases
This commit is contained in:
parent
b962155a3c
commit
a6a22084e1
@ -25,6 +25,10 @@ GROUPSOK='root shadow'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
|
does_file_exist "$FILE"
|
||||||
|
if [ "$FNRET" != 0 ]; then
|
||||||
|
ok "$FILE does not exist"
|
||||||
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
@ -37,10 +41,15 @@ audit() {
|
|||||||
else
|
else
|
||||||
crit "$FILE ownership was not set to $USER:$GROUPSOK"
|
crit "$FILE ownership was not set to $USER:$GROUPSOK"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
|
does_file_exist "$FILE"
|
||||||
|
if [ "$FNRET" != 0 ]; then
|
||||||
|
ok "$FILE does not exist"
|
||||||
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
@ -55,6 +64,7 @@ apply() {
|
|||||||
info "fixing $FILE ownership to $USER:$GROUP"
|
info "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown "$USER":"$GROUP" "$FILE"
|
chown "$USER":"$GROUP" "$FILE"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
|
@ -24,6 +24,10 @@ GROUP='root'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
|
does_file_exist "$FILE"
|
||||||
|
if [ "$FNRET" != 0 ]; then
|
||||||
|
ok "$FILE does not exist"
|
||||||
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
@ -36,10 +40,15 @@ audit() {
|
|||||||
else
|
else
|
||||||
crit "$FILE ownership was not set to $USER:$GROUP"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
|
does_file_exist "$FILE"
|
||||||
|
if [ "$FNRET" != 0 ]; then
|
||||||
|
ok "$FILE does not exist"
|
||||||
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
@ -54,6 +63,7 @@ apply() {
|
|||||||
info "fixing $FILE ownership to $USER:$GROUP"
|
info "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown "$USER":"$GROUP" "$FILE"
|
chown "$USER":"$GROUP" "$FILE"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
|
@ -24,6 +24,10 @@ GROUP='shadow'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
|
does_file_exist "$FILE"
|
||||||
|
if [ "$FNRET" != 0 ]; then
|
||||||
|
ok "$FILE does not exist"
|
||||||
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
@ -36,10 +40,15 @@ audit() {
|
|||||||
else
|
else
|
||||||
crit "$FILE ownership was not set to $USER:$GROUP"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
|
does_file_exist "$FILE"
|
||||||
|
if [ "$FNRET" != 0 ]; then
|
||||||
|
ok "$FILE does not exist"
|
||||||
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
@ -54,6 +63,7 @@ apply() {
|
|||||||
info "fixing $FILE ownership to $USER:$GROUP"
|
info "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown "$USER":"$GROUP" "$FILE"
|
chown "$USER":"$GROUP" "$FILE"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
|
@ -24,6 +24,10 @@ GROUP='root'
|
|||||||
|
|
||||||
# This function will be called if the script status is on enabled / audit mode
|
# This function will be called if the script status is on enabled / audit mode
|
||||||
audit() {
|
audit() {
|
||||||
|
does_file_exist "$FILE"
|
||||||
|
if [ "$FNRET" != 0 ]; then
|
||||||
|
ok "$FILE does not exist"
|
||||||
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
@ -36,10 +40,15 @@ audit() {
|
|||||||
else
|
else
|
||||||
crit "$FILE ownership was not set to $USER:$GROUP"
|
crit "$FILE ownership was not set to $USER:$GROUP"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will be called if the script status is on enabled mode
|
# This function will be called if the script status is on enabled mode
|
||||||
apply() {
|
apply() {
|
||||||
|
does_file_exist "$FILE"
|
||||||
|
if [ "$FNRET" != 0 ]; then
|
||||||
|
ok "$FILE does not exist"
|
||||||
|
else
|
||||||
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
has_file_correct_permissions "$FILE" "$PERMISSIONS"
|
||||||
if [ "$FNRET" = 0 ]; then
|
if [ "$FNRET" = 0 ]; then
|
||||||
ok "$FILE has correct permissions"
|
ok "$FILE has correct permissions"
|
||||||
@ -54,6 +63,7 @@ apply() {
|
|||||||
info "fixing $FILE ownership to $USER:$GROUP"
|
info "fixing $FILE ownership to $USER:$GROUP"
|
||||||
chown "$USER":"$GROUP" "$FILE"
|
chown "$USER":"$GROUP" "$FILE"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# This function will check config parameters required
|
# This function will check config parameters required
|
||||||
|
@ -37,6 +37,12 @@ test_audit() {
|
|||||||
register_test contain "has correct ownership"
|
register_test contain "has correct ownership"
|
||||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
describe Missing File should be OK as well
|
||||||
|
rm "$test_file"
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "does not exist"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
# Cleanup
|
# Cleanup
|
||||||
userdel "$test_user"
|
userdel "$test_user"
|
||||||
}
|
}
|
||||||
|
@ -37,6 +37,12 @@ test_audit() {
|
|||||||
register_test contain "has correct ownership"
|
register_test contain "has correct ownership"
|
||||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
describe Missing File should be OK as well
|
||||||
|
rm "$test_file"
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "does not exist"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
# Cleanup
|
# Cleanup
|
||||||
userdel "$test_user"
|
userdel "$test_user"
|
||||||
}
|
}
|
||||||
|
@ -37,6 +37,12 @@ test_audit() {
|
|||||||
register_test contain "has correct ownership"
|
register_test contain "has correct ownership"
|
||||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
describe Missing File should be OK as well
|
||||||
|
rm "$test_file"
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "does not exist"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
# Cleanup
|
# Cleanup
|
||||||
userdel "$test_user"
|
userdel "$test_user"
|
||||||
}
|
}
|
||||||
|
@ -37,6 +37,12 @@ test_audit() {
|
|||||||
register_test contain "has correct ownership"
|
register_test contain "has correct ownership"
|
||||||
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
|
describe Missing File should be OK as well
|
||||||
|
rm "$test_file"
|
||||||
|
register_test retvalshouldbe 0
|
||||||
|
register_test contain "does not exist"
|
||||||
|
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
|
||||||
|
|
||||||
# Cleanup
|
# Cleanup
|
||||||
userdel "$test_user"
|
userdel "$test_user"
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user