elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-22 13:37:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

missing shadowtools backup files is ok (#132)

Browse Source 
* missing shadowtools backup files is ok

* update corresponding test cases
This commit is contained in:
Jan Schmidle 2022-03-02 18:05:37 +01:00 committed by GitHub
parent b962155a3c
commit a6a22084e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 152 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
bin/hardening/6.1.3_etc_gshadow-_permissions.sh
View File

@ -25,35 +25,45 @@ GROUPSOK='root shadow'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
has_file_correct_permissions "$FILE" "$PERMISSIONS" does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE has correct permissions" ok "$FILE does not exist"
else else
crit "$FILE permissions were not set to $PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
fi if [ "$FNRET" = 0 ]; then
has_file_one_of_ownership "$FILE" "$USER" "$GROUPSOK" ok "$FILE has correct permissions"
if [ "$FNRET" = 0 ]; then else
ok "$FILE has correct ownership" crit "$FILE permissions were not set to $PERMISSIONS"
else fi
crit "$FILE ownership was not set to $USER:$GROUPSOK" has_file_one_of_ownership "$FILE" "$USER" "$GROUPSOK"
if [ "$FNRET" = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUPSOK"
fi
fi fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
has_file_correct_permissions "$FILE" "$PERMISSIONS" does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE has correct permissions" ok "$FILE does not exist"
else else
info "fixing $FILE permissions to $PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
chmod 0"$PERMISSIONS" "$FILE" if [ "$FNRET" = 0 ]; then
fi ok "$FILE has correct permissions"
has_file_one_of_ownership "$FILE" "$USER" "$GROUPSOK" else
if [ "$FNRET" = 0 ]; then info "fixing $FILE permissions to $PERMISSIONS"
ok "$FILE has correct ownership" chmod 0"$PERMISSIONS" "$FILE"
else fi
info "fixing $FILE ownership to $USER:$GROUP" has_file_one_of_ownership "$FILE" "$USER" "$GROUPSOK"
chown "$USER":"$GROUP" "$FILE" if [ "$FNRET" = 0 ]; then
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE"
fi
fi fi
} }

54
bin/hardening/6.1.6_etc_passwd-_permissions.sh
View File

@ -24,35 +24,45 @@ GROUP='root'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
has_file_correct_permissions "$FILE" "$PERMISSIONS" does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE has correct permissions" ok "$FILE does not exist"
else else
crit "$FILE permissions were not set to $PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
fi if [ "$FNRET" = 0 ]; then
has_file_correct_ownership "$FILE" "$USER" "$GROUP" ok "$FILE has correct permissions"
if [ "$FNRET" = 0 ]; then else
ok "$FILE has correct ownership" crit "$FILE permissions were not set to $PERMISSIONS"
else fi
crit "$FILE ownership was not set to $USER:$GROUP" has_file_correct_ownership "$FILE" "$USER" "$GROUP"
if [ "$FNRET" = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
fi fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
has_file_correct_permissions "$FILE" "$PERMISSIONS" does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE has correct permissions" ok "$FILE does not exist"
else else
info "fixing $FILE permissions to $PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
chmod 0"$PERMISSIONS" "$FILE" if [ "$FNRET" = 0 ]; then
fi ok "$FILE has correct permissions"
has_file_correct_ownership "$FILE" "$USER" "$GROUP" else
if [ "$FNRET" = 0 ]; then info "fixing $FILE permissions to $PERMISSIONS"
ok "$FILE has correct ownership" chmod 0"$PERMISSIONS" "$FILE"
else fi
info "fixing $FILE ownership to $USER:$GROUP" has_file_correct_ownership "$FILE" "$USER" "$GROUP"
chown "$USER":"$GROUP" "$FILE" if [ "$FNRET" = 0 ]; then
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE"
fi
fi fi
} }

54
bin/hardening/6.1.7_etc_shadow-_permissions.sh
View File

@ -24,35 +24,45 @@ GROUP='shadow'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
has_file_correct_permissions "$FILE" "$PERMISSIONS" does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE has correct permissions" ok "$FILE does not exist"
else else
crit "$FILE permissions were not set to $PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
fi if [ "$FNRET" = 0 ]; then
has_file_correct_ownership "$FILE" "$USER" "$GROUP" ok "$FILE has correct permissions"
if [ "$FNRET" = 0 ]; then else
ok "$FILE has correct ownership" crit "$FILE permissions were not set to $PERMISSIONS"
else fi
crit "$FILE ownership was not set to $USER:$GROUP" has_file_correct_ownership "$FILE" "$USER" "$GROUP"
if [ "$FNRET" = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
fi fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
has_file_correct_permissions "$FILE" "$PERMISSIONS" does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE has correct permissions" ok "$FILE does not exist"
else else
info "fixing $FILE permissions to $PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
chmod 0"$PERMISSIONS" "$FILE" if [ "$FNRET" = 0 ]; then
fi ok "$FILE has correct permissions"
has_file_correct_ownership "$FILE" "$USER" "$GROUP" else
if [ "$FNRET" = 0 ]; then info "fixing $FILE permissions to $PERMISSIONS"
ok "$FILE has correct ownership" chmod 0"$PERMISSIONS" "$FILE"
else fi
info "fixing $FILE ownership to $USER:$GROUP" has_file_correct_ownership "$FILE" "$USER" "$GROUP"
chown "$USER":"$GROUP" "$FILE" if [ "$FNRET" = 0 ]; then
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE"
fi
fi fi
} }

54
bin/hardening/6.1.8_etc_group-_permissions.sh
View File

@ -24,35 +24,45 @@ GROUP='root'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
has_file_correct_permissions "$FILE" "$PERMISSIONS" does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE has correct permissions" ok "$FILE does not exist"
else else
crit "$FILE permissions were not set to $PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
fi if [ "$FNRET" = 0 ]; then
has_file_correct_ownership "$FILE" "$USER" "$GROUP" ok "$FILE has correct permissions"
if [ "$FNRET" = 0 ]; then else
ok "$FILE has correct ownership" crit "$FILE permissions were not set to $PERMISSIONS"
else fi
crit "$FILE ownership was not set to $USER:$GROUP" has_file_correct_ownership "$FILE" "$USER" "$GROUP"
if [ "$FNRET" = 0 ]; then
ok "$FILE has correct ownership"
else
crit "$FILE ownership was not set to $USER:$GROUP"
fi
fi fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply() { apply() {
has_file_correct_permissions "$FILE" "$PERMISSIONS" does_file_exist "$FILE"
if [ "$FNRET" = 0 ]; then if [ "$FNRET" != 0 ]; then
ok "$FILE has correct permissions" ok "$FILE does not exist"
else else
info "fixing $FILE permissions to $PERMISSIONS" has_file_correct_permissions "$FILE" "$PERMISSIONS"
chmod 0"$PERMISSIONS" "$FILE" if [ "$FNRET" = 0 ]; then
fi ok "$FILE has correct permissions"
has_file_correct_ownership "$FILE" "$USER" "$GROUP" else
if [ "$FNRET" = 0 ]; then info "fixing $FILE permissions to $PERMISSIONS"
ok "$FILE has correct ownership" chmod 0"$PERMISSIONS" "$FILE"
else fi
info "fixing $FILE ownership to $USER:$GROUP" has_file_correct_ownership "$FILE" "$USER" "$GROUP"
chown "$USER":"$GROUP" "$FILE" if [ "$FNRET" = 0 ]; then
ok "$FILE has correct ownership"
else
info "fixing $FILE ownership to $USER:$GROUP"
chown "$USER":"$GROUP" "$FILE"
fi
fi fi
} }

6
tests/hardening/6.1.3_etc_gshadow-_permissions.sh
View File

@ -37,6 +37,12 @@ test_audit() {
register_test contain "has correct ownership" register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Missing File should be OK as well
rm "$test_file"
register_test retvalshouldbe 0
register_test contain "does not exist"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup
userdel "$test_user" userdel "$test_user"
} }

6
tests/hardening/6.1.6_etc_passwd-_permissions.sh
View File

@ -37,6 +37,12 @@ test_audit() {
register_test contain "has correct ownership" register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Missing File should be OK as well
rm "$test_file"
register_test retvalshouldbe 0
register_test contain "does not exist"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup
userdel "$test_user" userdel "$test_user"
} }

6
tests/hardening/6.1.7_etc_shadow-_permissions.sh
View File

@ -37,6 +37,12 @@ test_audit() {
register_test contain "has correct ownership" register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Missing File should be OK as well
rm "$test_file"
register_test retvalshouldbe 0
register_test contain "does not exist"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup
userdel "$test_user" userdel "$test_user"
} }

6
tests/hardening/6.1.8_etc_group-_permissions.sh
View File

@ -37,6 +37,12 @@ test_audit() {
register_test contain "has correct ownership" register_test contain "has correct ownership"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
describe Missing File should be OK as well
rm "$test_file"
register_test retvalshouldbe 0
register_test contain "does not exist"
run resolved /opt/debian-cis/bin/hardening/"${script}".sh --audit-all
# Cleanup # Cleanup
userdel "$test_user" userdel "$test_user"
} }